Inactive [A] "Windows has encountered a critical problem and will restart automatically in one mi

GAFFiO · Aug 3, 2012

Hello

I have recently just had a problem with my laptop and after a bit of google searching I found these forums to be pretty helpful for others in similar situations.

I have an Asus Zenbook with Windows 7 home installed.
Recently I have found "Live Secuirty Platinum" which I understand is some bad malware. I have MSE installed but It has not picked it up, I have also tried a few other malware scanners like Malwarebyes. The problem I have none of the scans can complete as I get a window popup "Windows has encountered a critical problem and will restart automatically in one minute." and I Cant complete the scans.

I have also tried F8 on boot up to select "Disable automatic restart" and also start in safe mode but the problem still occurs.

I have noticed in other posts you have first asked for Farbar Recovery Scan Tool 64-Bit to be downloaded and the two scans run. Below are my results.

Any help would be fantastic!

- FRST.txt
Scan result of Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 04-08-2012 11:57:21
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-11-03] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-11-03] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-11-03] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [48128 2011-12-11] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2012-03-12] (ASUS)
HKU\G\...\Run: [InternodeUsage] C:\PROGRA~2\INTERN~2\mum.exe [1361408 2011-02-18] (Angus Johnson)
HKU\G\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\G\...\Run: [Wabiofebni] C:\Users\G\AppData\Roaming\Ozeny\tuwai.exe [180224 2012-06-12] ()
HKU\GAFFiO\...\Run: [InternodeUsage] C:\PROGRA~2\INTERN~2\mum.exe [1361408 2011-02-18] (Angus Johnson)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit [1805912 2012-05-24] (Soluto)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\GAFFiO\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [92800 2011-11-30] (ASUS)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-08-02] (Atheros)
2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [103584 2011-08-02] (Atheros Commnucations)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)
2 syshost32; "C:\Windows\Installer\{AFB2BB7F-872C-7FEC-63E4-602843CAE818}\syshost.exe" /service [x]

========================== Drivers (Whitelisted) =============

0 944a435ceeab1a2d; C:\Windows\System32\Drivers\944a435ceeab1a2d.sys [84408 2012-08-02] () ATTENTION =====> Rootkit?
3 AiCharger; C:\Windows\System32\Drivers\AiCharger.sys [17152 2011-12-05] (ASUSTek Computer Inc.)
3 AiCharger; C:\Windows\SysWow64\Drivers\AiCharger.sys [17152 2011-12-05] (ASUSTek Computer Inc.)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 AsusVBus; C:\Windows\System32\Drivers\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
3 AsusVTouch; C:\Windows\System32\Drivers\AsusVTouch.sys [16512 2011-11-07] (Windows (R) Win 7 DDK provider)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-08-02] (Atheros)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [330912 2011-08-02] (Atheros)
3 btath_avdt; C:\Windows\System32\Drivers\btath_avdt.sys [110240 2011-08-02] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [30368 2011-08-02] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [167584 2011-08-02] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [68256 2011-08-02] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [280992 2011-08-02] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [511136 2011-08-02] (Atheros)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-07-31] (DT Soft Ltd)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [71424 2011-12-12] (Fresco Logic)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] ()
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-03 17:48 - 2012-08-03 17:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89C13600320A37EF
2012-08-03 17:42 - 2012-08-03 17:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.333D1E267EEAEDB7
2012-08-03 17:38 - 2012-08-03 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8A3F188537EC031
2012-08-03 17:35 - 2012-08-03 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.042F52C167619136
2012-08-03 17:34 - 2012-08-03 17:34 - 00001272 ____A C:\Users\G\Desktop\noshut.lnk
2012-08-03 17:32 - 2012-08-03 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C39511281065875
2012-08-03 17:29 - 2012-08-03 17:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E2C6C5410D36A9C
2012-08-03 17:24 - 2012-08-03 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC2A24B813FA4B31
2012-08-03 17:21 - 2012-08-03 17:22 - 00000203 ____A C:\spyhunter.fix
2012-08-03 17:21 - 2012-08-03 17:21 - 00002252 ____A C:\Users\G\Desktop\SpyHunter.lnk
2012-08-03 17:21 - 2010-08-05 00:31 - 00014680 ____A C:\Windows\System32\sh4native.exe
2012-08-03 17:20 - 2012-08-03 17:22 - 00000000 ____D C:\sh4ldr
2012-08-03 17:20 - 2012-08-03 17:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D95945C6F7DC6DF
2012-08-03 17:20 - 2012-08-03 17:20 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-03 17:17 - 2012-08-03 17:21 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-03 17:16 - 2012-08-03 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0776D71E4197441D
2012-08-03 17:15 - 2012-08-03 17:15 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\G\Desktop\explorer.exe
2012-08-03 17:13 - 2012-08-03 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F691F0F718AD008
2012-08-03 17:09 - 2012-08-03 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71140A2BED1FEF9A
2012-08-03 17:05 - 2012-08-03 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29E47E623DFEA71C
2012-08-03 17:01 - 2012-08-03 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.852342F5DB97EA81
2012-08-03 17:01 - 2012-08-03 17:01 - 00000000 ____D C:\Users\G\AppData\Roaming\Malwarebytes
2012-08-03 17:00 - 2012-08-03 17:00 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-03 17:00 - 2012-08-03 17:00 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-03 17:00 - 2012-08-03 17:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-03 17:00 - 2012-07-02 20:16 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-03 16:59 - 2012-08-03 16:56 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\G\Desktop\mal.exe
2012-08-03 16:56 - 2012-08-03 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E5048CDED746C2C
2012-08-03 16:53 - 2012-08-03 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9AC4BF904EE4933
2012-08-03 16:49 - 2012-08-03 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BF7F1AC2EF60358B
2012-08-03 04:51 - 2012-08-03 04:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C0643A7F98FA1EE3
2012-08-03 04:44 - 2012-08-03 04:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B81CB41BF025CA49
2012-08-03 04:34 - 2012-08-03 04:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ECF49F969043124C
2012-08-03 04:28 - 2012-08-03 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C480ECBA59153BD
2012-08-03 04:22 - 2012-08-03 04:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-03 04:22 - 2012-08-03 04:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-03 04:20 - 2012-08-03 04:20 - 12621696 ____A (Microsoft Corporation) C:\Users\G\Downloads\mseinstall.exe
2012-08-03 04:03 - 2012-08-03 04:03 - 00002018 ____A C:\Users\G\Desktop\Live Security Platinum.lnk
2012-08-03 04:00 - 2012-08-03 04:31 - 00062464 ____A C:\Windows\System32\Comptend64.dll
2012-08-03 04:00 - 2012-08-03 04:00 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\Comptend.dll
2012-08-03 04:00 - 2012-08-03 03:59 - 00152064 ____A C:\Users\G\AppData\Roaming\csrec.dll
2012-08-02 23:23 - 2012-08-02 23:23 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-02 05:46 - 2012-08-02 05:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-02 05:36 - 2012-08-02 05:36 - 00084408 ____A C:\Windows\System32\Drivers\944a435ceeab1a2d.sys
2012-08-02 05:35 - 2012-08-02 23:19 - 00000000 ____D C:\Users\G\AppData\Roaming\Yfvix
2012-08-02 05:35 - 2012-08-02 23:19 - 00000000 ____D C:\Users\G\AppData\Roaming\Opry
2012-08-02 05:31 - 2012-08-02 05:31 - 00016286 ____A C:\Users\G\Desktop\hs_err_pid16784.log
2012-08-02 05:02 - 2012-08-03 02:04 - 00000000 ____D C:\Users\G\AppData\Roaming\Xoel
2012-08-02 05:02 - 2012-08-02 05:02 - 00000000 ____D C:\Users\G\AppData\Roaming\Ozeny
2012-08-02 05:02 - 2012-08-02 05:02 - 00000000 ____D C:\Users\G\AppData\Roaming\Isnys
2012-08-01 15:31 - 2012-08-01 15:32 - 16814136 ____A (Mozilla) C:\Users\G\Downloads\Firefox Setup 14.0.1.exe
2012-08-01 15:27 - 2012-08-01 15:27 - 13713850 ____A C:\Users\G\Downloads\Intel_RAIDAHCI_V11001032_XPWin7.zip
2012-08-01 15:26 - 2012-08-01 15:27 - 19414180 ____A C:\Users\G\Downloads\Realtek_LAN_V5790_V749_XPWin7.zip
2012-08-01 15:26 - 2012-08-01 15:26 - 05932880 ____A C:\Users\G\Downloads\Intel_USB3_V101209_Win7.zip
2012-08-01 15:25 - 2012-08-01 15:37 - 285344242 ____A C:\Users\G\Downloads\Intel_Graphics_V815102618_WinVista7.zip
2012-08-01 15:25 - 2012-08-01 15:36 - 251841943 ____A C:\Users\G\Downloads\Intel_Chipset_V9301019_P8H77-V_XPWin7.zip
2012-08-01 15:25 - 2012-08-01 15:33 - 141944149 ____A C:\Users\G\Downloads\Realtek_Audio_V51006526_V6016526_XPWin7.zip
2012-08-01 15:22 - 2012-08-01 15:25 - 158124424 ____A (Advanced Micro Devices, Inc.) C:\Users\G\Downloads\12-6_vista_win7_64_dd_ccc.exe
2012-08-01 15:17 - 2012-08-01 15:18 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-01 15:17 - 2012-08-01 15:18 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-01 05:53 - 2012-08-01 05:53 - 00262144 ____A C:\Windows\Minidump\080112-20077-01.dmp
2012-08-01 05:53 - 2012-08-01 05:53 - 00000000 ____D C:\Windows\Minidump
2012-07-31 05:27 - 2012-07-31 05:27 - 00000000 ____D C:\Users\G\Downloads\Windows 7 Anytime Upgrade CD-Key Generator Final Activated
2012-07-31 05:26 - 2012-07-31 05:27 - 00000000 ____D C:\Users\G\Downloads\Windows 7 Home Premium (64 Bit) by (oldBen)
2012-07-31 03:54 - 2012-07-31 03:54 - 00001956 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-07-31 03:53 - 2012-07-31 03:53 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-07-31 03:52 - 2012-07-31 03:54 - 00000000 ____D C:\Users\G\AppData\Roaming\DAEMON Tools Lite
2012-07-31 03:51 - 2012-07-31 03:53 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-07-31 03:50 - 2012-07-31 03:54 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-07-31 03:50 - 2012-07-31 03:50 - 14230160 ____A (DT Soft Ltd) C:\Users\G\Downloads\DTLite4454-0315.exe
2012-07-31 03:48 - 2012-07-31 03:49 - 00463080 ____A (CNET Download.com) C:\Users\G\Downloads\cnet2_DTLite4454-0315_exe.exe
2012-07-25 03:44 - 2012-07-29 13:39 - 00000000 ____D C:\Users\G\Downloads\Breaking Bad Season 1-3
2012-07-22 14:12 - 2012-07-22 14:13 - 00000000 ____D C:\Users\G\Desktop\rave
2012-07-22 13:56 - 2012-07-31 04:05 - 00000642 ___AH C:\os802099.bin
2012-07-22 13:41 - 2012-07-22 13:41 - 00000000 ____D C:\Windows\PreviewSoft
2012-07-22 13:40 - 2012-07-22 13:40 - 00001477 ____A C:\Users\G\Desktop\Resume ACDSee_Classic Download2.LNK
2012-07-22 13:40 - 2012-07-22 13:40 - 00001340 ____A C:\Users\G\Desktop\Launch ACDSee_Classic 2.44.LNK
2012-07-22 13:37 - 2012-07-24 04:46 - 00000000 ____D C:\Users\G\Desktop\KEEP
2012-07-22 03:53 - 2012-07-22 03:53 - 00000000 ____D C:\Users\G\AppData\Local\Adobe
2012-07-19 18:03 - 2012-07-19 18:03 - 00002015 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2012-07-19 18:03 - 2012-07-19 18:03 - 00000000 ____D C:\Windows\System32\STRING
2012-07-19 18:03 - 2012-07-19 18:03 - 00000000 ____D C:\Users\All Users\Canon IJ Network Tool
2012-07-19 18:03 - 2012-07-19 18:03 - 00000000 ____D C:\Program Files (x86)\Canon
2012-07-19 18:03 - 2010-03-18 01:55 - 00307200 ____A (CANON INC.) C:\Windows\SysWOW64\CNC495L.dll
2012-07-19 18:03 - 2010-03-17 23:41 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNC495U.dll
2012-07-19 18:03 - 2010-02-04 17:07 - 00340992 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2012-07-19 18:03 - 2010-02-04 17:07 - 00327680 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2012-07-19 18:03 - 2010-02-04 17:07 - 00037376 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2012-07-19 18:03 - 2009-11-12 21:05 - 00012800 ____A C:\Windows\SysWOW64\CNC1747D.TBL
2012-07-19 18:03 - 2008-08-25 00:32 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2012-07-19 18:02 - 2012-07-19 18:02 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-07-19 18:02 - 2012-07-19 18:02 - 00000000 ___HD C:\Users\All Users\CanonBJ
2012-07-19 18:01 - 2012-07-19 18:01 - 00000000 ___HD C:\Program Files\CanonBJ
2012-07-19 18:01 - 2010-08-24 11:30 - 00361472 ____A (CANON INC.) C:\Windows\System32\CNMLMA9.DLL
2012-07-19 18:01 - 2010-03-10 15:27 - 00248320 ____A (CANON INC.) C:\Windows\System32\CNMIUA9.DLL
2012-07-19 17:47 - 2012-07-19 17:47 - 00043894 ____A C:\Users\G\Downloads\SimpleCoords-1.94.zip
2012-07-19 17:44 - 2012-07-19 17:44 - 00509464 ____A C:\Users\G\Downloads\MageNuggets-2.34.zip
2012-07-19 03:20 - 2012-07-19 03:20 - 00000163 ____A C:\Users\G\Desktop\Mysterious Fortune Card.url
2012-07-18 04:36 - 2012-08-03 17:06 - 00000000 ____D C:\Users\G\AppData\Local\Gabest
2012-07-18 04:36 - 2012-07-18 04:36 - 00000000 ____D C:\Windows\Sun
2012-07-18 04:31 - 2012-07-18 04:31 - 00001898 ____A C:\Users\G\Desktop\PS3 Media Server.lnk
2012-07-18 04:27 - 2012-07-18 04:27 - 00000000 ____D C:\Windows\pss
2012-07-11 23:30 - 2012-07-11 23:30 - 00000000 ____D C:\Program Files (x86)\Belkin
2012-07-11 18:51 - 2012-07-11 18:51 - 00001118 ____A C:\Users\G\Desktop\Launcher.exe - Shortcut.lnk
2012-07-11 15:43 - 2012-07-11 15:43 - 00665466 ____A C:\Users\G\Desktop\scan.rrs
2012-07-11 09:35 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 09:31 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 09:31 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 09:31 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 09:31 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 09:30 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 09:30 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 09:30 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 09:30 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 09:30 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 09:30 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 09:30 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 09:30 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 09:30 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 09:30 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 09:30 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 09:30 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 09:30 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 09:30 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 09:30 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 09:30 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 09:30 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 09:30 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 09:30 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 09:30 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 09:30 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 09:30 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 09:30 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 09:30 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 02:53 - 2012-07-11 15:42 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2012-07-11 02:53 - 2012-07-11 02:53 - 00001039 ____A C:\Users\Public\Desktop\Power Data Recovery.lnk
2012-07-11 02:52 - 2012-07-11 02:52 - 00000000 ____D C:\Users\G\Documents\Power Data Recovery Pro v4.1.1
2012-07-11 02:50 - 2012-07-11 02:51 - 15861760 ____A C:\Users\G\Documents\Stellar.Phoenix.Windows.Data.Recovery.v3.0.0.With Crack By Faraz 101% Clean From VIRUS.zip
2012-07-10 23:02 - 2012-07-10 23:02 - 00000000 ____D C:\Users\G\Desktop\New folder
2012-07-10 22:18 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 22:18 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 22:18 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 22:18 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 22:18 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 22:18 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 22:17 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:17 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 22:17 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 22:17 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 22:17 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 22:17 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 22:17 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 22:17 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 22:17 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 22:17 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 22:17 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 22:17 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 22:17 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-05 05:52 - 2012-07-05 05:54 - 109168195 ____A (Igor Pavlov) C:\Users\G\Documents\mb_driver_audio_realtek_azalia.exe
2012-07-05 05:52 - 2012-07-05 05:52 - 03364486 ____A C:\Users\G\Documents\motherboard_driver_lan_realtek_8111.exe
2012-07-05 05:52 - 2012-07-05 05:52 - 01246890 ____A (Igor Pavlov) C:\Users\G\Documents\mb_driver_chipset_intel.exe
2012-07-05 04:11 - 2012-07-22 14:50 - 00000000 ____D C:\Users\G\AppData\Roaming\vlc

============ 3 Months Modified Files ========================

2012-08-04 11:28 - 2011-10-17 19:58 - 00008446 ____A C:\Windows\AsRecoveryHD.log
2012-08-04 11:27 - 2011-10-17 19:57 - 00039853 ____A C:\Windows\AsFac.log
2012-08-03 18:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 18:20 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 18:02 - 2009-07-13 21:13 - 00797650 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 17:59 - 2012-06-11 04:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-03 17:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 17:58 - 2009-07-13 20:51 - 00002068 ____A C:\Windows\setupact.log
2012-08-03 17:48 - 2012-08-03 17:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89C13600320A37EF
2012-08-03 17:42 - 2012-08-03 17:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.333D1E267EEAEDB7
2012-08-03 17:38 - 2012-08-03 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8A3F188537EC031
2012-08-03 17:35 - 2012-08-03 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.042F52C167619136
2012-08-03 17:34 - 2012-08-03 17:34 - 00001272 ____A C:\Users\G\Desktop\noshut.lnk
2012-08-03 17:32 - 2012-08-03 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C39511281065875
2012-08-03 17:29 - 2012-08-03 17:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E2C6C5410D36A9C
2012-08-03 17:24 - 2012-08-03 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC2A24B813FA4B31
2012-08-03 17:22 - 2012-08-03 17:21 - 00000203 ____A C:\spyhunter.fix
2012-08-03 17:21 - 2012-08-03 17:21 - 00002252 ____A C:\Users\G\Desktop\SpyHunter.lnk
2012-08-03 17:20 - 2012-08-03 17:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D95945C6F7DC6DF
2012-08-03 17:16 - 2012-08-03 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0776D71E4197441D
2012-08-03 17:15 - 2012-08-03 17:15 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\G\Desktop\explorer.exe
2012-08-03 17:13 - 2012-08-03 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F691F0F718AD008
2012-08-03 17:09 - 2012-08-03 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71140A2BED1FEF9A
2012-08-03 17:06 - 2011-10-17 19:58 - 00327852 ____A C:\Windows\PFRO.log
2012-08-03 17:05 - 2012-08-03 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29E47E623DFEA71C
2012-08-03 17:01 - 2012-08-03 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.852342F5DB97EA81
2012-08-03 17:00 - 2012-08-03 17:00 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-03 16:56 - 2012-08-03 16:59 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\G\Desktop\mal.exe
2012-08-03 16:56 - 2012-08-03 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E5048CDED746C2C
2012-08-03 16:53 - 2012-08-03 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9AC4BF904EE4933
2012-08-03 16:49 - 2012-08-03 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BF7F1AC2EF60358B
2012-08-03 04:51 - 2012-08-03 04:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C0643A7F98FA1EE3
2012-08-03 04:44 - 2012-08-03 04:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B81CB41BF025CA49
2012-08-03 04:36 - 2012-03-12 18:08 - 01169433 ____A C:\Windows\WindowsUpdate.log
2012-08-03 04:34 - 2012-08-03 04:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ECF49F969043124C
2012-08-03 04:31 - 2012-08-03 04:00 - 00062464 ____A C:\Windows\System32\Comptend64.dll
2012-08-03 04:28 - 2012-08-03 04:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4C480ECBA59153BD
2012-08-03 04:22 - 2012-06-11 04:16 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-03 04:22 - 2011-10-17 20:17 - 00803496 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-03 04:20 - 2012-08-03 04:20 - 12621696 ____A (Microsoft Corporation) C:\Users\G\Downloads\mseinstall.exe
2012-08-03 04:03 - 2012-08-03 04:03 - 00002018 ____A C:\Users\G\Desktop\Live Security Platinum.lnk
2012-08-03 04:00 - 2012-08-03 04:00 - 00056320 ___AH (FRISK Software International) C:\Windows\SysWOW64\Comptend.dll
2012-08-03 03:59 - 2012-08-03 04:00 - 00152064 ____A C:\Users\G\AppData\Roaming\csrec.dll
2012-08-02 23:23 - 2012-08-02 23:23 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-02 05:36 - 2012-08-02 05:36 - 00084408 ____A C:\Windows\System32\Drivers\944a435ceeab1a2d.sys
2012-08-02 05:31 - 2012-08-02 05:31 - 00016286 ____A C:\Users\G\Desktop\hs_err_pid16784.log
2012-08-01 15:37 - 2012-08-01 15:25 - 285344242 ____A C:\Users\G\Downloads\Intel_Graphics_V815102618_WinVista7.zip
2012-08-01 15:36 - 2012-08-01 15:25 - 251841943 ____A C:\Users\G\Downloads\Intel_Chipset_V9301019_P8H77-V_XPWin7.zip
2012-08-01 15:33 - 2012-08-01 15:25 - 141944149 ____A C:\Users\G\Downloads\Realtek_Audio_V51006526_V6016526_XPWin7.zip
2012-08-01 15:32 - 2012-08-01 15:31 - 16814136 ____A (Mozilla) C:\Users\G\Downloads\Firefox Setup 14.0.1.exe
2012-08-01 15:27 - 2012-08-01 15:27 - 13713850 ____A C:\Users\G\Downloads\Intel_RAIDAHCI_V11001032_XPWin7.zip
2012-08-01 15:27 - 2012-08-01 15:26 - 19414180 ____A C:\Users\G\Downloads\Realtek_LAN_V5790_V749_XPWin7.zip
2012-08-01 15:26 - 2012-08-01 15:26 - 05932880 ____A C:\Users\G\Downloads\Intel_USB3_V101209_Win7.zip
2012-08-01 15:25 - 2012-08-01 15:22 - 158124424 ____A (Advanced Micro Devices, Inc.) C:\Users\G\Downloads\12-6_vista_win7_64_dd_ccc.exe
2012-08-01 15:18 - 2012-08-01 15:17 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-01 15:18 - 2012-08-01 15:17 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-01 15:17 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log
2012-08-01 05:53 - 2012-08-01 05:53 - 00262144 ____A C:\Windows\Minidump\080112-20077-01.dmp
2012-07-31 04:05 - 2012-07-22 13:56 - 00000642 ___AH C:\os802099.bin
2012-07-31 03:54 - 2012-07-31 03:54 - 00001956 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-07-31 03:53 - 2012-07-31 03:53 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-07-31 03:50 - 2012-07-31 03:50 - 14230160 ____A (DT Soft Ltd) C:\Users\G\Downloads\DTLite4454-0315.exe
2012-07-31 03:49 - 2012-07-31 03:48 - 00463080 ____A (CNET Download.com) C:\Users\G\Downloads\cnet2_DTLite4454-0315_exe.exe
2012-07-22 13:40 - 2012-07-22 13:40 - 00001477 ____A C:\Users\G\Desktop\Resume ACDSee_Classic Download2.LNK
2012-07-22 13:40 - 2012-07-22 13:40 - 00001340 ____A C:\Users\G\Desktop\Launch ACDSee_Classic 2.44.LNK
2012-07-19 18:03 - 2012-07-19 18:03 - 00002015 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2012-07-19 17:47 - 2012-07-19 17:47 - 00043894 ____A C:\Users\G\Downloads\SimpleCoords-1.94.zip
2012-07-19 17:44 - 2012-07-19 17:44 - 00509464 ____A C:\Users\G\Downloads\MageNuggets-2.34.zip
2012-07-19 03:20 - 2012-07-19 03:20 - 00000163 ____A C:\Users\G\Desktop\Mysterious Fortune Card.url
2012-07-18 04:31 - 2012-07-18 04:31 - 00001898 ____A C:\Users\G\Desktop\PS3 Media Server.lnk
2012-07-11 18:51 - 2012-07-11 18:51 - 00001118 ____A C:\Users\G\Desktop\Launcher.exe - Shortcut.lnk
2012-07-11 15:43 - 2012-07-11 15:43 - 00665466 ____A C:\Users\G\Desktop\scan.rrs
2012-07-11 09:53 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 09:32 - 2012-06-04 03:27 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 02:53 - 2012-07-11 02:53 - 00001039 ____A C:\Users\Public\Desktop\Power Data Recovery.lnk
2012-07-11 02:51 - 2012-07-11 02:50 - 15861760 ____A C:\Users\G\Documents\Stellar.Phoenix.Windows.Data.Recovery.v3.0.0.With Crack By Faraz 101% Clean From VIRUS.zip
2012-07-05 05:54 - 2012-07-05 05:52 - 109168195 ____A (Igor Pavlov) C:\Users\G\Documents\mb_driver_audio_realtek_azalia.exe
2012-07-05 05:52 - 2012-07-05 05:52 - 03364486 ____A C:\Users\G\Documents\motherboard_driver_lan_realtek_8111.exe
2012-07-05 05:52 - 2012-07-05 05:52 - 01246890 ____A (Igor Pavlov) C:\Users\G\Documents\mb_driver_chipset_intel.exe
2012-07-03 02:29 - 2012-07-03 02:29 - 00067371 ____A C:\Users\G\Downloads\SwindlerPreventer_4-3-3.zip
2012-07-03 02:27 - 2012-07-03 02:27 - 00378804 ____A C:\Users\G\Downloads\Recount-v4.3.0d_release.zip
2012-07-03 02:24 - 2012-07-03 02:24 - 00397722 ____A C:\Users\G\Downloads\Quartz-3.0.8.zip
2012-07-03 02:21 - 2012-07-03 02:20 - 00797377 ____A C:\Users\G\Downloads\Overachiever-v0.65.zip
2012-07-03 02:17 - 2012-07-03 02:17 - 00270569 ____A C:\Users\G\Downloads\GatherMate2_Data-v10.5.zip
2012-07-03 02:16 - 2012-07-03 02:16 - 00846388 ____A C:\Users\G\Downloads\GatherMate2-1.16.2.zip
2012-07-03 02:15 - 2012-07-03 02:14 - 00465193 ____A C:\Users\G\Downloads\Decursive-2.7.0.5.zip
2012-07-03 02:10 - 2012-07-03 02:10 - 01124103 ____A C:\Users\G\Downloads\DBM-4.10.12-r7536-Core-and-Cataclysm-Mods.zip
2012-07-03 02:07 - 2012-07-03 02:07 - 00333196 ____A C:\Users\G\Downloads\Chatter-v.1.3.3.zip
2012-07-03 02:02 - 2012-07-03 02:02 - 00279513 ____A C:\Users\G\Downloads\Bartender4-4.4.20.1.zip
2012-07-02 20:16 - 2012-08-03 17:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 01:06 - 2012-06-30 01:06 - 26576272 ____A C:\Users\G\Documents\mp495swin102ea24.exe
2012-06-19 04:16 - 2012-03-12 18:10 - 00015470 ____A C:\Windows\DPINST.LOG
2012-06-19 04:11 - 2012-06-19 03:50 - 150138003 ____A C:\Users\G\Documents\Touchpad_Elantech_Win7_64_Z10590.zip
2012-06-19 03:54 - 2012-06-19 03:51 - 16576878 ____A C:\Users\G\Documents\WLAN_Atheros_Win7_64_Z921470.zip
2012-06-17 02:58 - 2012-06-17 02:58 - 00057560 ____A C:\Users\natlie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-12 04:54 - 2012-06-03 18:08 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2012-06-12 04:39 - 2012-06-11 04:06 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-12 04:36 - 2012-06-12 04:36 - 00002585 ____A C:\Users\GAFFiO\Desktop\Power4Gear Hybrid.lnk
2012-06-12 02:31 - 2012-06-12 02:31 - 00290334 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-06-12 02:31 - 2012-06-12 02:31 - 00286962 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-06-11 19:08 - 2012-07-11 09:35 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 06:49 - 2012-06-11 06:49 - 00057560 ____A C:\Users\GAFFiO\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-11 06:47 - 2012-06-11 06:47 - 00000020 ___SH C:\Users\GAFFiO\ntuser.ini
2012-06-11 04:40 - 2012-06-11 04:40 - 00001038 ____A C:\Users\G\Desktop\Dropbox.lnk
2012-06-11 04:37 - 2012-06-06 15:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-11 04:37 - 2012-06-06 15:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-11 04:31 - 2012-06-11 04:31 - 00001899 ____A C:\Users\GAFFiO\Desktop\Soluto.lnk
2012-06-11 04:31 - 2012-06-11 04:31 - 00000098 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.64.bc
2012-06-11 04:27 - 2012-06-11 04:27 - 00001694 ____A C:\Users\G\Desktop\Ultimate Windows Tweaker.exe - Shortcut.lnk
2012-06-11 04:20 - 2012-06-11 04:19 - 02079657 ____A C:\Users\G\Documents\mplayerc_20100214.zip
2012-06-11 04:19 - 2012-06-11 04:19 - 01580080 ____A (Soluto Inc) C:\Users\G\Documents\solutoinstaller-Hq8k5BSo1a.exe
2012-06-11 04:16 - 2012-06-11 04:16 - 00001917 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2012-06-11 04:15 - 2012-06-11 04:15 - 00002214 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-06-11 04:07 - 2012-06-11 04:07 - 00001085 ____A C:\Users\Public\Desktop\Trillian.lnk
2012-06-11 04:06 - 2012-06-11 04:06 - 00142646 ____A C:\Users\G\Documents\UWT2.1.zip
2012-06-11 03:58 - 2012-06-11 03:58 - 00254152 ____A (Secure By Design Inc.) C:\Users\G\Documents\Ninite AdAware Dropbox Essentials Firefox Flash Installer.exe
2012-06-08 21:43 - 2012-07-10 22:17 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 22:17 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 04:19 - 2012-06-07 04:19 - 00034814 ____A C:\Users\natlie\AppData\Local\dt.dat
2012-06-07 03:33 - 2012-06-07 03:33 - 00107026 ____A C:\Users\G\Documents\Control_System.zip
2012-06-05 22:06 - 2012-07-10 22:18 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 22:18 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 22:17 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 22:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 22:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 22:17 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 05:08 - 2012-06-11 04:02 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-04 05:08 - 2012-06-11 04:02 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-04 05:06 - 2012-06-04 05:06 - 00892360 ____A (Oracle Corporation) C:\Users\G\Documents\jxpiinstall.exe
2012-06-04 03:54 - 2012-06-04 03:36 - 00004408 ____A C:\Windows\System32\TmInstall.log
2012-06-04 03:36 - 2012-06-04 03:36 - 00004280 ____A C:\Windows\SysWOW64\TmInstall.log
2012-06-04 03:28 - 2012-06-04 03:28 - 18002040 ____A (Dropbox, Inc.) C:\Users\G\Documents\Dropbox 1.4.7.exe
2012-06-04 03:28 - 2012-06-04 03:28 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-04 03:22 - 2012-06-04 03:22 - 16474544 ____A (Nullsoft, Inc.) C:\Users\G\Documents\winamp5623_full_emusic-7plus_all.exe
2012-06-04 03:21 - 2012-06-04 03:21 - 01639789 ____A C:\Users\G\Documents\winrar-x64-411.exe
2012-06-04 03:17 - 2012-06-04 03:17 - 02941072 ____A (Code Sector ) C:\Users\G\Documents\teracopy.exe
2012-06-04 02:51 - 2012-06-04 02:51 - 03879712 ____A (AVG Technologies) C:\Users\G\Documents\avg_free_stb_all_2012_2178_cnet.exe
2012-06-04 02:46 - 2012-06-04 02:46 - 04849631 ____A (Preview Systems) C:\Users\G\Documents\acdseeclassic.exe
2012-06-04 02:44 - 2012-06-04 02:44 - 00880528 ____A (BitTorrent, Inc.) C:\Users\G\Documents\uTorrent.exe
2012-06-04 02:43 - 2012-06-04 02:42 - 30791231 ____A C:\Users\G\Documents\pms-setup-windows-1.52.1.exe
2012-06-04 02:35 - 2012-06-04 02:35 - 01099435 ____A ( ) C:\Users\G\Documents\mum_setup_8.exe
2012-06-04 01:31 - 2012-06-04 01:31 - 00000020 ___SH C:\Users\natlie\ntuser.ini
2012-06-03 18:31 - 2012-06-03 18:27 - 2797840384 ____A C:\CD2.iso
2012-06-03 18:27 - 2012-06-03 18:21 - 4057518080 ____A C:\CD1.iso
2012-06-03 18:08 - 2012-06-03 18:08 - 00057560 ____A C:\Users\G\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-03 18:08 - 2012-06-03 18:08 - 00000192 ____A C:\Windows\FixPatch.log
2012-06-03 18:08 - 2012-06-03 18:08 - 00000020 ___SH C:\Users\G\ntuser.ini
2012-06-03 18:08 - 2011-10-17 20:18 - 02862550 ____A C:\Windows\AsDebug.log
2012-06-03 18:08 - 2011-10-17 20:10 - 00002483 ____A C:\Windows\PQArecord.log
2012-06-03 18:08 - 2011-02-18 12:12 - 00288010 ____A C:\Windows\AsCDProc.log
2012-06-02 14:19 - 2012-06-22 04:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 04:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 04:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 04:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 04:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 04:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 04:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 04:49 - 2012-07-11 09:30 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 09:30 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 09:30 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 09:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 09:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 09:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 09:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 09:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 09:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 09:30 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 09:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 09:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 09:31 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 09:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 09:30 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 09:30 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 09:30 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 09:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 09:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 09:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 09:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 09:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 09:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 09:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 09:30 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 09:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 09:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 09:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 22:17 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:49 - 2012-06-22 04:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:48 - 2012-07-10 22:17 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 22:17 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 22:17 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:45 - 2012-06-22 04:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:44 - 2012-07-10 22:17 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 22:17 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 22:17 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 22:17 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 22:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-23 23:57 - 2012-06-11 04:31 - 00054728 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys

ZeroAccess:
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\@
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\L
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\n
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\U
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\L\00000004.@
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\L\201d3dde
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\U\00000004.@
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\U\00000008.@
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\U\000000cb.@
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\U\80000000.@
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\U\80000032.@
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273}\U\80000064.@

ZeroAccess:
C:\Users\G\AppData\Local\{f54dba68-706f-6da4-e5da-66574788c273}
C:\Users\G\AppData\Local\{f54dba68-706f-6da4-e5da-66574788c273}\@
C:\Users\G\AppData\Local\{f54dba68-706f-6da4-e5da-66574788c273}\L
C:\Users\G\AppData\Local\{f54dba68-706f-6da4-e5da-66574788c273}\n
C:\Users\G\AppData\Local\{f54dba68-706f-6da4-e5da-66574788c273}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3998.64 MB
Available physical RAM: 3377.01 MB
Total Pagefile: 3996.79 MB
Available Pagefile: 3377.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:111.24 GB) (Free:0.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Removable) (Total:7.46 GB) (Free:3.01 GB) NTFS
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B
Disk 1 Online 7636 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 111 GB 1024 KB
Partition 2 Primary 8 GB 111 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C OS NTFS Partition 111 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7635 MB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Removable 7635 MB Healthy

==================================================================================

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==========================================================

Last Boot: 2012-07-27 07:23

======================= End Of Log ==========================

- Search.txt
Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 2012-08-04 11:58:32
Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Broni · Aug 3, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next.....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

GAFFiO · Aug 4, 2012

Thank you for your quick reply.

First of all I ran the FRST64 fix. which seems to have stopped the windows restarting. Awesome!

The two logs you have asked for:

Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012
Ran by SYSTEM at 2012-08-04 15:05:02 Run:1
Running from D:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\G\Software\Microsoft\Windows\CurrentVersion\Run\\Wabiofebni Value deleted successfully.
C:\Users\G\AppData\Roaming\Ozeny\tuwai.exe moved successfully.
944a435ceeab1a2d service deleted successfully.
C:\Windows\System32\Drivers\944a435ceeab1a2d.sys moved successfully.
C:\Windows\System32\services.exe.89C13600320A37EF moved successfully.
C:\Windows\System32\services.exe.333D1E267EEAEDB7 moved successfully.
C:\Windows\System32\services.exe.E8A3F188537EC031 moved successfully.
C:\Windows\System32\services.exe.042F52C167619136 moved successfully.
C:\Users\G\Desktop\noshut.lnk moved successfully.
C:\Windows\System32\services.exe.4C39511281065875 moved successfully.
C:\Windows\System32\services.exe.1E2C6C5410D36A9C moved successfully.
C:\Windows\System32\services.exe.BC2A24B813FA4B31 moved successfully.
C:\Windows\System32\services.exe.5D95945C6F7DC6DF moved successfully.
C:\Windows\System32\services.exe.0776D71E4197441D moved successfully.
C:\Windows\System32\services.exe.9F691F0F718AD008 moved successfully.
C:\Windows\System32\services.exe.71140A2BED1FEF9A moved successfully.
C:\Windows\System32\services.exe.29E47E623DFEA71C moved successfully.
C:\Windows\System32\services.exe.852342F5DB97EA81 moved successfully.
C:\Users\G\Desktop\explorer.exe moved successfully.
C:\Windows\System32\services.exe.1E5048CDED746C2C moved successfully.
C:\Windows\System32\services.exe.D9AC4BF904EE4933 moved successfully.
C:\Windows\System32\services.exe.BF7F1AC2EF60358B moved successfully.
C:\Windows\System32\services.exe.C0643A7F98FA1EE3 moved successfully.
C:\Windows\System32\services.exe.B81CB41BF025CA49 moved successfully.
C:\Windows\System32\services.exe.ECF49F969043124C moved successfully.
C:\Windows\System32\services.exe.4C480ECBA59153BD moved successfully.
C:\Users\G\AppData\Roaming\csrec.dll moved successfully.
C:\Users\G\AppData\Roaming\Yfvix moved successfully.
C:\Users\G\AppData\Roaming\Opry moved successfully.
C:\Users\G\AppData\Roaming\Xoel moved successfully.
C:\Users\G\AppData\Roaming\Ozeny moved successfully.
C:\Users\G\AppData\Roaming\Isnys moved successfully.
C:\Windows\Installer\{f54dba68-706f-6da4-e5da-66574788c273} moved successfully.
C:\Users\G\AppData\Local\{f54dba68-706f-6da4-e5da-66574788c273} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

The operation completed successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

ComboFix.txt
ComboFix 12-08-04.02 - G 04/08/2012 15:13:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3999.2424 [GMT 9.5:30]
Running from: c:\users\G\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 19:53 . 2012-08-04 19:53 -------- d-----w- C:\FRST
2012-08-04 05:50 . 2012-08-04 05:50 -------- d-----w- c:\users\natlie\AppData\Local\temp
2012-08-04 05:50 . 2012-08-04 05:50 -------- d-----w- c:\users\GAFFiO\AppData\Local\temp
2012-08-04 05:50 . 2012-08-04 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 01:21 . 2010-08-05 08:31 14680 ----a-w- c:\windows\system32\sh4native.exe
2012-08-04 01:21 . 2012-08-04 01:21 110080 ----a-r- c:\users\G\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-04 01:21 . 2012-08-04 01:21 110080 ----a-r- c:\users\G\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-04 01:21 . 2012-08-04 01:21 110080 ----a-r- c:\users\G\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-04 01:20 . 2012-08-04 01:22 -------- d-----w- C:\sh4ldr
2012-08-04 01:20 . 2012-08-04 01:20 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 01:17 . 2012-08-04 01:21 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-04 01:17 . 2012-08-04 01:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-04 01:01 . 2012-08-04 01:01 -------- d-----w- c:\users\G\AppData\Roaming\Malwarebytes
2012-08-04 01:00 . 2012-08-04 01:00 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 01:00 . 2012-08-04 01:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 01:00 . 2012-07-03 04:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 12:26 . 2012-02-09 04:47 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-03 12:26 . 2012-02-09 04:47 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{534C4FEC-E630-40E3-B597-47E68FD2FE54}\gapaengine.dll
2012-08-03 12:25 . 2012-07-15 17:10 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6595EA17-CAD7-4B8A-A905-7AA6DED444AE}\mpengine.dll
2012-08-03 12:22 . 2012-08-03 12:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-03 12:22 . 2012-08-03 12:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-03 12:00 . 2012-08-03 12:31 62464 ----a-w- c:\windows\system32\Comptend64.dll
2012-08-03 12:00 . 2012-08-03 12:00 56320 ---ha-w- c:\windows\SysWow64\Comptend.dll
2012-08-02 13:46 . 2012-08-02 13:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-31 11:53 . 2012-07-31 11:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-31 11:52 . 2012-07-31 11:54 -------- d-----w- c:\users\G\AppData\Roaming\DAEMON Tools Lite
2012-07-31 11:51 . 2012-07-31 11:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-07-31 11:50 . 2012-07-31 11:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-07-22 21:56 . 2012-07-31 12:05 642 ---ha-w- C:\os802099.bin
2012-07-22 21:41 . 2012-07-22 21:41 -------- d-----w- c:\windows\PreviewSoft
2012-07-22 11:53 . 2012-07-22 11:53 -------- d-----w- c:\users\G\AppData\Local\Adobe
2012-07-20 02:03 . 2012-07-20 02:03 -------- d-----w- c:\programdata\Canon IJ Network Tool
2012-07-20 02:03 . 2012-07-20 02:03 -------- d-----w- c:\program files (x86)\Canon
2012-07-20 02:03 . 2010-03-18 09:55 307200 ----a-w- c:\windows\SysWow64\CNC495L.dll
2012-07-20 02:03 . 2010-03-18 07:41 106496 ----a-w- c:\windows\SysWow64\CNC495U.dll
2012-07-20 02:03 . 2008-08-25 08:32 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-07-20 02:03 . 2012-07-20 02:03 -------- d-----w- c:\windows\system32\STRING
2012-07-20 02:03 . 2010-02-05 01:07 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
2012-07-20 02:03 . 2010-02-05 01:07 327680 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2012-07-20 02:03 . 2010-02-05 01:07 340992 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL
2012-07-20 02:02 . 2012-07-20 02:02 -------- d--h--w- c:\programdata\CanonBJ
2012-07-20 02:02 . 2010-08-24 19:30 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPA9.DLL
2012-07-20 02:02 . 2010-08-24 19:30 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDA9.DLL
2012-07-20 02:02 . 2012-07-20 02:02 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-07-20 02:01 . 2010-08-24 19:30 361472 ----a-w- c:\windows\system32\CNMLMA9.DLL
2012-07-20 02:01 . 2010-03-10 23:27 248320 ----a-w- c:\windows\system32\CNMIUA9.DLL
2012-07-20 02:01 . 2012-07-20 02:01 -------- d--h--w- c:\program files\CanonBJ
2012-07-18 12:36 . 2012-08-04 01:06 -------- d-----w- c:\users\G\AppData\Local\Gabest
2012-07-18 12:36 . 2012-07-18 12:36 -------- d-----w- c:\windows\Sun
2012-07-12 07:30 . 2012-07-12 07:30 -------- d-----w- c:\program files (x86)\Belkin
2012-07-11 17:35 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:31 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-11 17:31 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-11 17:31 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-11 10:53 . 2012-07-11 23:42 -------- d-----w- c:\program files (x86)\PowerDataRecovery
2012-07-11 06:18 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:18 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:18 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 06:18 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 06:18 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 06:18 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-05 12:11 . 2012-07-22 22:50 -------- d-----w- c:\users\G\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 17:32 . 2012-06-04 11:27 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 12:54 . 2012-06-04 02:08 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-06-11 12:37 . 2012-06-06 23:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-11 12:37 . 2012-06-06 23:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-04 02:08 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-22 12:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 12:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 12:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 12:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 12:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 12:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 12:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:49 . 2012-06-22 12:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:45 . 2012-06-22 12:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 07:57 . 2012-06-11 12:31 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-05-14 16:11 . 2012-06-04 11:52 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{027C5864-CF8F-452D-8BF2-7C3E653BFD57}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-12-12 48128]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-03-13 3058304]
.
c:\users\GAFFiO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-27 2380752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-05-24 54728]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-08-02 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-08-02 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-08-02 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-08-02 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-08-02 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-08-02 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-02 511136]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-04 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
R4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-05-24 586816]
R4 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 24168]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-31 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2011-12-01 92800]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-08-02 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 30568]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-12-05 17152]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-08 16512]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-08-02 30368]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-12-13 224512]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-12-13 71424]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{269043e1-d3fd-11e1-b50c-ca5d29a8f230}]
\shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 12:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\G\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF20901.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\G\AppData\Roaming\Mozilla\Firefox\Profiles\3m8lx18t.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\Internode\mum.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-04 15:29:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 05:59
.
Pre-Run: 845,914,112 bytes free
Post-Run: 1,315,389,440 bytes free
.
- - End Of File - - 269D0410DB69CD46FE97C959F65C4166

Broni · Aug 4, 2012

Looks good

Any current issues?

=====================================

I don't see any AV program running.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

==================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Broni · Aug 9, 2012

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

Inactive [A] "Windows has encountered a critical problem and will restart automatically in one mi

GAFFiO

Broni

Posts: 56,041 +516

Attachments

GAFFiO

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts