Hi, I have a couple trojans and can't get rid of them

Solved
By CyberNerd
Dec 12, 2012
Topic Status:
Not open for further replies.
  1. Hey guys, I've had some problems for a few days now, rarely ever had any viruses before and was always able to dig them out with AVG and MBAM but this time, no dice.. After a few google searches I've realised it's one of these ones with no generic cure-all solution and was wondering if any of you could help me please?

    The suspected source: I think it probably came from an odd codec pack I had to download to watch a movie which never even worked anyway.

    Signs: Nothings hugely bad that I know of has happened to me yet in terms of card details, but I keep on getting tabs open automatically on Chrome and going to various adware websites. And of course constant popups from AVG telling me I have a problem, but that it cannot fix it.

    What I've tried: Ran AVG quick and full scans, it always finds a virus but isn't able to remove it because it's connected to essential system files. It often wants to restart after attempting to remove any viruses, trojans or rootkits it finds, but to no avail.
    I have also tried running AVG in safe mode, it didn't do anything.
    Also used MBAM repeatedly on quick or short scans, it's been fully updated.and each time finds 3 infections and asks to restart the computer which I allow but when I scan again afterwards the infections remain untouched.

    The most common AVG popup names the virus as "Win64/Patched.A" but and I can't remember which of the two programs it was that informed me of the other infections, but they are at "C:\Windows\assembly\GAC_32 [also another with GAC_64] \Desktop.ini"

    I had a look instructions to other people and saw that each time the solution was unique to their computer, but I've followed all the preliminary steps found at http://www.techspot.com/vb/topic58138.html and will post my logs below.

    Thank you so very much to anyone who can help me
    - Brendan
  2. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.12.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Brendan :: STEAMSERVER-X [administrator]

    12/12/2012 08:13:43
    mbam-log-2012-12-12 (08-21-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207475
    Time elapsed: 5 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000032.@ (Rootkit.0Access) -> No action taken.

    (end)
  3. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by Brendan at 8:29:34 on 2012-12-12
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4094.1435 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Windows\Explorer.EXE
    C:\Windows\vsnpstd3.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Games\Steam\Steam.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Brendan\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brendan\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    uRun: [Google Update] "C:\Users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Facebook Update] "C:\Users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [tsnpstd3] C:\Windows\tsnpstd3.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    StartupFolder: C:\Users\Brendan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Brendan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Brendan\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{C7D145B4-9CC4-4157-88EB-FA808DE6BE17} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{CC3ADE3A-3396-4628-BFBC-95FC5155CD3F} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\3497265627E4562746F513333373 : DHCPNameServer = 192.168.33.1
    TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\3497265627E4562746F593838353 : DHCPNameServer = 192.168.33.1
    TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\6796277696E6D65646961673535323831373 : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{CE0766CF-E08B-4B02-BDD1-814310B9DD39}\6796277696E6D65646961683731353237313 : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe
    x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    x64-Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-9-16 26624]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-11-15 7329648]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-11-15 719216]
    R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-9-16 167936]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-7-9 44624]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-7-10 180224]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-9-16 1924096]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-9-16 954368]
    S3 SaiK0CEA;SaiK0CEA;C:\Windows\System32\drivers\SaiK0CEA.sys [2008-4-4 129024]
    S3 SaiU0CEA;SaiU0CEA;C:\Windows\System32\drivers\SaiU0CEA.sys [2008-4-4 34432]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-14 59392]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-11-15 18288]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-19 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-12-09 16:03:30--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-12-09 16:00:26--------d-----w-C:\Program Files (x86)\Combined Community Codec Pack
    2012-12-09 15:58:44--------d-----w-C:\Program Files\MPC-HC
    2012-12-09 15:57:25220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-09 15:57:11--------d-----w-C:\Program Files (x86)\Mega Codec Pack
    2012-11-23 01:23:14--------d-----w-C:\Users\Brendan\AppData\Local\BeamDog
    2012-11-21 22:53:40--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
    2012-11-19 18:39:58--------d-----w-C:\Users\Brendan\AppData\Roaming\e-academy Inc
    2012-11-19 18:39:58--------d-----w-C:\Users\Brendan\AppData\Local\e-academy Inc
    2012-11-16 15:45:47--------d-----w-C:\Users\Brendan\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
    2012-11-16 15:30:59--------d-----w-C:\Users\Brendan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-11-16 15:30:51--------d-----w-C:\Users\Brendan\AppData\Roaming\Wacom
    2012-11-16 15:30:42--------d-----w-C:\ProgramData\Wacom
    2012-11-15 12:48:46--------d-----w-C:\Program Files (x86)\Bamboo Dock
    2012-11-15 12:46:52--------d-----w-C:\Users\Brendan\AppData\Roaming\WTablet
    2012-11-15 12:46:51648560------w-C:\Windows\SysWow64\Pen_Touch_Tablet.dll
    2012-11-15 12:46:50755568------w-C:\Windows\System32\Pen_Touch_Tablet.dll
    2012-11-15 12:46:38--------d-----w-C:\Program Files (x86)\TabletPlugins
    2012-11-15 12:45:5912848----a-w-C:\Windows\System32\drivers\wacommousefilter.sys
    2012-11-15 12:45:5016168----a-w-C:\Windows\System32\drivers\wacomvhid.sys
    2012-11-15 12:45:4818288----a-w-C:\Windows\System32\drivers\wacmoumonitor.sys
    2012-11-15 12:45:44495616------w-C:\Windows\SysWow64\Wintab32.dll
    2012-11-15 12:45:43588800------w-C:\Windows\System32\Wintab32.dll
    2012-11-15 12:45:42656240------w-C:\Windows\SysWow64\Pen_Tablet.dll
    2012-11-15 12:45:41762224------w-C:\Windows\System32\Pen_Tablet.dll
    2012-11-15 12:45:25--------d-----w-C:\Program Files\Tablet
    2012-11-14 20:38:519728----a-w-C:\Windows\System32\Wdfres.dll
    2012-11-14 20:38:51785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-14 20:38:5154376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-14 20:38:512560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 20:32:4287040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-14 20:32:4284992----a-w-C:\Windows\System32\WUDFSvc.dll
    2012-11-14 20:32:42198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-14 20:32:42194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2012-11-14 20:32:41744448----a-w-C:\Windows\System32\WUDFx.dll
    2012-11-14 20:32:4145056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 20:32:41229888----a-w-C:\Windows\System32\WUDFHost.exe
    2012-11-13 09:25:07--------d-----w-C:\Users\Brendan\AppData\Local\{028DC8E2-CD18-47E0-BDF5-65486B833E21}
    2012-11-12 21:24:27--------d-----w-C:\Users\Brendan\AppData\Local\{142AB9C3-AC76-4323-ACBB-BDDAF033CD34}
    .
    ==================== Find3M ====================
    .
    2012-11-23 01:23:09466456----a-w-C:\Windows\System32\wrap_oal.dll
    2012-11-23 01:23:09444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2012-11-23 01:23:09122904----a-w-C:\Windows\System32\OpenAL32.dll
    2012-11-23 01:23:08109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2012-11-09 11:27:1873656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-09 11:27:18697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
    2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-29 19:54:2625928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-28 15:37:02221696----a-w-C:\Windows\System32\clinfo.exe
    2012-09-28 15:36:4475776----a-w-C:\Windows\System32\OpenVideo64.dll
    2012-09-28 15:36:4065536----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2012-09-28 15:36:3663488----a-w-C:\Windows\System32\OVDecode64.dll
    2012-09-28 15:36:3456320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2012-09-28 15:36:2432635904----a-w-C:\Windows\System32\amdocl64.dll
    2012-09-28 15:32:1627341824----a-w-C:\Windows\SysWow64\amdocl.dll
    2012-09-28 02:23:005557928----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-09-28 02:21:2010697216----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-09-28 02:05:3870144----a-w-C:\Windows\System32\coinst_9.002.dll
    2012-09-28 02:03:52163840----a-w-C:\Windows\System32\atiapfxx.exe
    2012-09-28 02:02:3051200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-09-28 02:02:2846080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-09-28 02:02:2244544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-09-28 02:02:2044032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-09-28 02:02:0816082432----a-w-C:\Windows\System32\aticaldd64.dll
    2012-09-28 01:59:5623825920----a-w-C:\Windows\System32\atio6axx.dll
    2012-09-28 01:57:2013703168----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-09-28 01:43:28935424----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-09-28 01:41:401120768----a-w-C:\Windows\System32\aticfx64.dll
    2012-09-28 01:41:1419624960----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-09-28 01:39:366536192----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-09-28 01:39:14442368----a-w-C:\Windows\System32\atidemgy.dll
    2012-09-28 01:39:08538112----a-w-C:\Windows\System32\atieclxx.exe
    2012-09-28 01:38:16239616----a-w-C:\Windows\System32\atiesrxx.exe
    2012-09-28 01:36:50120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-09-28 01:36:3621504----a-w-C:\Windows\System32\atimuixx.dll
    2012-09-28 01:36:3059392----a-w-C:\Windows\System32\atiedu64.dll
    2012-09-28 01:36:2643520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-09-28 01:31:263127296----a-w-C:\Windows\System32\atiumd6a.dll
    2012-09-28 01:25:246704640----a-w-C:\Windows\System32\atiumd64.dll
    2012-09-28 01:22:427167488----a-w-C:\Windows\System32\atidxx64.dll
    2012-09-28 01:22:302691584----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-09-28 01:13:40595456----a-w-C:\Windows\System32\atiadlxx.dll
    2012-09-28 01:13:30405504----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-09-28 01:13:1617920----a-w-C:\Windows\System32\atig6pxx.dll
    2012-09-28 01:13:1214848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-09-28 01:13:1214848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-09-28 01:13:0841984----a-w-C:\Windows\System32\atig6txx.dll
    2012-09-28 01:13:0033280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-09-28 01:12:5856320----a-w-C:\Windows\System32\atimpc64.dll
    2012-09-28 01:12:5856320----a-w-C:\Windows\System32\amdpcom64.dll
    2012-09-28 01:12:52460288----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-09-28 01:12:4856832----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-09-28 01:12:4856832----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-09-28 01:11:22129536----a-w-C:\Windows\System32\atiuxp64.dll
    2012-09-28 01:11:16109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-09-28 01:11:08103424----a-w-C:\Windows\System32\atiu9p64.dll
    2012-09-28 01:10:5882944----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-09-28 01:09:4853248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-09-25 22:47:4378336----a-w-C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:1795744----a-w-C:\Windows\System32\synceng.dll
    2012-09-24 14:32:24477168----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-24 14:32:20473072----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 8:31:01.81 ===============
  4. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 13/02/2012 15:08:29
    System Uptime: 12/12/2012 08:24:09 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P7P55D-E
    Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz | LGA1156 | 2660/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 266.54 GiB free.
    D: is CDROM (UDF)
    K: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Age of Empires Online
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Media Foundation Decoders
    Amnesia: The Dark Descent
    Assassin's Creed II
    µTorrent
    AVG 2012
    Babel Rising
    Baldur's Gate Enhanced Edition
    Bamboo
    Bamboo Dock
    Bastion
    Beat Hazard
    BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
    BIT.TRIP BEAT
    BIT.TRIP RUNNER
    Blocks That Matter
    Boggle
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Chantelise
    Chime
    Combined Community Codec Pack 2011-11-11
    Costume Quest
    Cubemen
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Deus Ex: Human Revolution
    Diskeeper
    Diskeeper 2011
    DivX Setup
    Dreamkiller
    Dropbox
    Dungeon Defenders
    E.Y.E: Divine Cybermancy
    Elven Legacy
    Facebook Messenger 2.1.4651.0
    Facebook Video Calling 1.2.0.287
    FINAL FANTASY VII
    GIMP 2.6.11
    Google Chrome
    Guardians of Graxia
    Heroes of Might and Magic 3 Complete
    HOARD
    Java Auto Updater
    Java(TM) 6 Update 37
    Java(TM) 7 Update 5 (64-bit)
    Legend of Grimrock
    Livebrush Mini
    Lumines Demo
    Magic: The Gathering - Duels of the Planeswalkers 2013
    Magic: The Gathering — Duels of the Planeswalkers 2012
    MagicDisc 2.7.106
    Magicka
    Majesty Gold HD
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Might and Magic: Clash of Heroes
    MPC-HC 1.6.4.6052 (64-bit)
    MSVCRT
    NEC Electronics USB 3.0 Host Controller Driver
    NETGEAR WNDA3200 wireless adapter Setup
    Neverwinter Nights
    Neverwinter Nights 2: Platinum
    Nexus Mod Manager
    Notepad++
    Nuclear Dawn
    NVIDIA PhysX
    Of Orcs And Men
    OnLive
    OpenAL
    Orcs Must Die!
    Patrician IV: Steam Special Edition
    Pharaoh
    Portal
    Portal 2
    Portal 2 - The Final Hours
    Project64 1.6
    RCRN 3.0.1 - Steam Workshop Optimized
    Recettear: An Item Shop's Tale
    Sacred Gold
    Scrolls
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Smart Technology Programming Software 7.0.2.7
    Solar 2
    Stacking
    Steam
    Super Hexagon
    Supreme Commander 2
    Terraria
    The Binding of Isaac
    The Elder Scrolls V: Skyrim
    Torchlight
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    USB PC Camera Plus
    uTorrentControl2 Toolbar
    VC80CRTRedist - 8.0.50727.6195
    Visual Studio 2008 x64 Redistributables
    Warhammer 40,000 Space Marine
    Warhammer 40,000: Dawn of War Gold Edition
    Warhammer® 40,000™: Dawn of War® II – Retribution™
    Waves
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile Device Updater Component
    WinRAR 4.10 (64-bit)
    Zeno Clash
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/12/2012 08:25:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    12/12/2012 08:25:28, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/12/2012 08:25:09, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    12/12/2012 08:25:09, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    12/12/2012 08:24:31, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/12/2012 08:24:31, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/12/2012 08:24:31, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    11/12/2012 22:13:29, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    10/12/2012 14:15:51, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 14:15:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/12/2012 14:15:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/12/2012 14:15:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/12/2012 14:15:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/12/2012 14:15:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/12/2012 14:15:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/12/2012 14:15:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache JSWPSLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 14:15:24, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 12:05:27, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/12/2012 11:50:56, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    09/12/2012 15:44:16, Error: bowser [8003] - The master browser has received a server announcement from the computer ALI-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC3ADE3A-3396-4628-BFBC-95FC5155CD3F}. The master browser is stopping or an election is being forced.
    09/12/2012 14:11:37, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    07/12/2012 16:30:08, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    07/12/2012 08:22:00, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    .
    ==== End Of File ===========================
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  6. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Hi, thank you so much for responding and helping me, I'm sorry I took a couple days to reply, suddenly had a coursework deadline to meet >_<
    I've borrowed a flashdrive from my girlfriend seeing as mine's missing after recently moving, and have put the frst program on there but I can't seem to get to the advanced boot options when I restart my computer. When I press F8 it just gives me a list of sources to boot from.. Trying other options on there but it's hard to see them in time to know which one to do before it keeps loading lol, pretty much fell asleep last night repeatedly restarting the computer trying to catch it.

    I'm searching for my Windows disk but as with my flashdrives, it has pulled a magical disappearing act on me. Will try to be more sensible now and keep regularly updating on progress.

    Again, thank you so much for helping me man :)
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's see if this will function...

    OTLPE + Farbar Recovery Scan Tool

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    [​IMG]
    • When the tool opens click Yes to disclaimer.
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  8. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    After a thorough inspection of my wardrobe and stack of "random stuff" boxes I managed to finally find the windows disk which was for some reason sitting in a slip with a DS9 DVD O_o

    I've done all the instructions now and shall paste the results below, should I still try to get a CD and do this other one with the OTLPen program?

    Again, thank you so much for all the help you are giving me :)

    ~~FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 6 days old)
    Ran by SYSTEM at 17-12-2012 13:16:41
    Running from E:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [snpstd3] C:\Windows\vsnpstd3.exe [843776 2006-09-18] ()
    HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
    HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2010-01-22] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
    HKU\Brendan\...\Run: [Google Update] "C:\Users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-13] (Google Inc.)
    HKU\Brendan\...\Run: [Steam] "C:\Games\Steam\steam.exe" -silent [1354736 2012-12-03] (Valve Corporation)
    HKU\Brendan\...\Run: [Facebook Update] "C:\Users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-23] (Facebook Inc.)
    HKU\Brendan\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk
    ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
    Startup: C:\Users\Brendan\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Brendan\Start Menu\Programs\Startup\Facebook Messenger.lnk
    ShortcutTarget: Facebook Messenger.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
    2 Diskeeper; "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" [2645840 2011-09-12] (Diskeeper Corporation)
    3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
    2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] ()

    ==================== Drivers (Whitelisted) =====================

    3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-22] (Ideazon Corporation)
    3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-19] (Ideazon Corporation)
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    3 DKRtWrt; C:\Windows\System32\Drivers\DKRtWrt.sys [44624 2011-02-13] (Diskeeper Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    3 SaiK0CEA; C:\Windows\System32\Drivers\SaiK0CEA.sys [129024 2008-04-04] (Saitek)
    3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [22792 2010-08-09] (Saitek)
    3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-09] (Saitek)
    3 SaiU0CEA; C:\Windows\System32\Drivers\SaiU0CEA.sys [34432 2008-04-04] (Saitek)
    3 SNPSTD3; C:\Windows\System32\Drivers\SNPSTD3.sys [10535424 2007-05-17] (Sonix Co. Ltd.)
    3 SNPSTD3; C:\Windows\SysWow64\Drivers\SNPSTD3.sys [10246400 2007-05-17] (Sonix Co. Ltd.)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-12-17 13:16 - 2012-12-17 13:16 - 00000000 ____D C:\FRST
    2012-12-17 04:31 - 2012-12-17 04:31 - 00002948 ____A C:\Windows\diagwrn.xml
    2012-12-17 04:31 - 2012-12-17 04:31 - 00001908 ____A C:\Windows\diagerr.xml
    2012-12-17 01:37 - 2012-12-17 01:37 - 00068977 ____A C:\Users\Brendan\Documents\My Timetable.htm
    2012-12-14 11:24 - 2012-12-14 11:24 - 01461033 ____A (Farbar) C:\Users\Brendan\Desktop\FRST64.exe
    2012-12-12 15:14 - 2012-12-12 16:01 - 00000000 ____D C:\Users\Brendan\Desktop\dfgdfg
    2012-12-12 14:44 - 2012-12-12 14:44 - 00000754 ____A C:\Users\Brendan\Desktop\notes.txt
    2012-12-12 11:10 - 2012-12-12 11:10 - 16363960 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-12-12 00:31 - 2012-12-12 00:31 - 00026254 ____A C:\Users\Brendan\Desktop\dds.txt
    2012-12-12 00:31 - 2012-12-12 00:31 - 00015486 ____A C:\Users\Brendan\Desktop\attach.txt
    2012-12-10 08:31 - 2012-12-10 08:31 - 00003399 ____A C:\Users\Brendan\.recently-used.xbel
    2012-12-10 04:55 - 2012-12-11 02:36 - 00011201 ____A C:\Users\Brendan\Desktop\gameplan.xlsx
    2012-12-10 02:59 - 2012-12-12 12:09 - 00001736 ____A C:\Windows\PFRO.log
    2012-12-09 15:24 - 2012-12-09 15:24 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brendan\Downloads\mbam-setup-1.65.1.1000.exe
    2012-12-09 08:03 - 2012-12-09 08:03 - 00014431 ____A C:\Users\Brendan\Downloads\[isoHunt] download.torrent
    2012-12-09 08:03 - 2012-12-09 08:03 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-12-09 08:00 - 2012-12-09 08:00 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
    2012-12-09 07:59 - 2012-12-09 07:59 - 09889896 ____A (CCCP Project ) C:\Users\Brendan\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe
    2012-12-09 07:58 - 2012-12-09 07:58 - 00001712 ____A C:\Users\Brendan\Desktop\MPC-HC x64.lnk
    2012-12-09 07:58 - 2012-12-09 07:58 - 00000000 ____D C:\Program Files\MPC-HC
    2012-12-09 07:57 - 2012-12-09 07:57 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-09 07:35 - 2012-12-09 07:35 - 00030884 ____A C:\Users\Brendan\Downloads\[isoHunt] 5035527.torrent
    2012-12-09 06:17 - 2012-12-09 06:17 - 00042137 ____A C:\Users\Brendan\Downloads\[isoHunt] Toy Story 3 720p TC XviD AC3-KiNGDOM (Kingdom-Release).torrent
    2012-12-05 11:30 - 2012-12-05 11:30 - 01524811 ____A C:\Users\Brendan\Desktop\THOUGHT YOU COULD GET RID OF ME!.zip
    2012-12-04 08:22 - 2012-12-04 08:22 - 00001843 ____A C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
    2012-12-01 15:26 - 2012-12-01 15:26 - 00000000 ____D C:\Users\Brendan\Documents\Square Enix
    2012-12-01 08:21 - 2012-12-01 08:21 - 00126160 ____A (RealNetworks, Inc.) C:\Users\Brendan\Desktop\FINALFANTASYVII-dm.exe
    2012-11-30 07:56 - 2012-11-30 13:25 - 00000000 ____D C:\Users\Brendan\Documents\Baldur's Gate - Enhanced Edition
    2012-11-29 14:10 - 2012-11-29 14:10 - 00118583 ____A C:\Users\Brendan\Downloads\[isoHunt] South_Park_Seasons_1_-_14_Complete___Movie_(MKV)_-_YIFY.5655413.TPB.torrent
    2012-11-23 18:21 - 2012-11-23 18:36 - 00000614 ____A C:\Users\Brendan\Desktop\mtgcosts.txt
    2012-11-22 17:23 - 2012-11-22 17:23 - 00000842 ____A C:\Users\Brendan\Desktop\Baldur's Gate Enhanced Edition.lnk
    2012-11-22 17:23 - 2012-11-22 17:23 - 00000000 ____D C:\Users\Brendan\AppData\Local\BeamDog
    2012-11-22 17:22 - 2012-11-22 17:22 - 02464480 ____A (Overhaul Games™) C:\Users\Brendan\Desktop\BGEEInstaller.exe
    2012-11-21 14:53 - 2012-11-21 14:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-11-19 16:56 - 2012-11-19 16:56 - 00581489 ____A C:\Users\Brendan\Downloads\#gamemp3s Archive 2011.torrent
    2012-11-19 16:54 - 2012-11-19 16:54 - 00066449 ____A C:\Users\Brendan\Downloads\2011-10-28.torrent
    2012-11-19 16:54 - 2012-11-19 16:54 - 00039706 ____A C:\Users\Brendan\Downloads\2011-11-06.torrent
    2012-11-19 16:53 - 2012-11-19 16:53 - 00067808 ____A C:\Users\Brendan\Downloads\2011-12-10.torrent
    2012-11-19 16:48 - 2012-11-19 16:48 - 00083633 ____A C:\Users\Brendan\Downloads\2012-02-09.torrent
    2012-11-19 16:47 - 2012-11-19 16:47 - 00085525 ____A C:\Users\Brendan\Downloads\2012-02-28.torrent
    2012-11-19 16:47 - 2012-11-19 16:47 - 00051137 ____A C:\Users\Brendan\Downloads\2012-03-10.torrent
    2012-11-19 16:46 - 2012-11-19 16:46 - 00088162 ____A C:\Users\Brendan\Downloads\2012-04-15.torrent
    2012-11-19 16:45 - 2012-11-19 16:45 - 00068834 ____A C:\Users\Brendan\Downloads\2012-06-13.torrent
    2012-11-19 16:40 - 2012-11-19 16:40 - 00041789 ____A C:\Users\Brendan\Downloads\2012-09-02.torrent
    2012-11-19 16:34 - 2012-11-19 16:34 - 00052174 ____A C:\Users\Brendan\Downloads\2012-09-09.torrent
    2012-11-19 16:28 - 2012-11-19 16:28 - 00043889 ____A C:\Users\Brendan\Downloads\2012-09-29.torrent
    2012-11-19 16:23 - 2012-11-19 16:23 - 00062286 ____A C:\Users\Brendan\Downloads\2012-11-11.torrent
    2012-11-19 10:51 - 2012-11-19 10:51 - 00000183 ____A C:\Users\Brendan\Downloads\100137352182.sdx
    2012-11-19 10:39 - 2012-11-19 10:39 - 00772608 ____A C:\Users\Brendan\Downloads\SDM_EN.msi
    2012-11-19 10:39 - 2012-11-19 10:39 - 00003153 ____A C:\Users\Brendan\Desktop\Shortcut to SecureDownloadManager.exe.lnk
    2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\e-academy Inc
    2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Local\e-academy Inc
    2012-11-17 05:18 - 2012-11-18 15:24 - 00014911 ____A C:\Users\Brendan\Desktop\BudgetAccounting.xlsx

    ==================== One Month Modified Files and Folders =======

    2012-12-17 05:10 - 2012-05-14 22:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-12-17 05:02 - 2009-07-13 20:45 - 00014448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-17 05:02 - 2009-07-13 20:45 - 00014448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-17 04:59 - 2012-05-13 12:49 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Dropbox
    2012-12-17 04:58 - 2012-05-13 12:53 - 00000000 ___RD C:\Users\Brendan\Dropbox
    2012-12-17 04:55 - 2012-10-16 06:32 - 00001027 ____A C:\Windows\setupact.log
    2012-12-17 04:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-17 04:31 - 2012-12-17 04:31 - 00002948 ____A C:\Windows\diagwrn.xml
    2012-12-17 04:31 - 2012-12-17 04:31 - 00001908 ____A C:\Windows\diagerr.xml
    2012-12-17 04:31 - 2012-10-16 06:32 - 00000000 ____A C:\Windows\setuperr.log
    2012-12-17 04:30 - 2012-06-16 12:14 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
    2012-12-17 03:53 - 2012-02-13 11:22 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
    2012-12-17 01:37 - 2012-12-17 01:37 - 00068977 ____A C:\Users\Brendan\Documents\My Timetable.htm
    2012-12-17 01:37 - 2012-10-16 01:02 - 00000000 ____D C:\Users\Brendan\Documents\My Timetable_files
    2012-12-17 01:30 - 2012-03-08 02:48 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-12-17 01:30 - 2012-03-07 23:38 - 00000000 ____D C:\Users\All Users\MFAData
    2012-12-16 16:30 - 2012-06-16 12:14 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
    2012-12-15 06:49 - 2012-02-14 03:36 - 00000027 ____A C:\Users\Brendan\Desktop\TouhouRatings.txt
    2012-12-14 11:27 - 2009-07-13 21:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-14 11:24 - 2012-12-14 11:24 - 01461033 ____A (Farbar) C:\Users\Brendan\Desktop\FRST64.exe
    2012-12-14 05:53 - 2012-02-13 11:22 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
    2012-12-12 16:01 - 2012-12-12 15:14 - 00000000 ____D C:\Users\Brendan\Desktop\dfgdfg
    2012-12-12 14:44 - 2012-12-12 14:44 - 00000754 ____A C:\Users\Brendan\Desktop\notes.txt
    2012-12-12 12:09 - 2012-12-10 02:59 - 00001736 ____A C:\Windows\PFRO.log
    2012-12-12 11:10 - 2012-12-12 11:10 - 16363960 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-12-12 11:10 - 2012-05-14 22:24 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-12-12 11:10 - 2012-02-15 04:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-12-12 00:31 - 2012-12-12 00:31 - 00026254 ____A C:\Users\Brendan\Desktop\dds.txt
    2012-12-12 00:31 - 2012-12-12 00:31 - 00015486 ____A C:\Users\Brendan\Desktop\attach.txt
    2012-12-11 06:43 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-12-11 02:36 - 2012-12-10 04:55 - 00011201 ____A C:\Users\Brendan\Desktop\gameplan.xlsx
    2012-12-10 08:42 - 2012-02-26 05:58 - 00000000 ____D C:\Users\Brendan\.gimp-2.6
    2012-12-10 08:31 - 2012-12-10 08:31 - 00003399 ____A C:\Users\Brendan\.recently-used.xbel
    2012-12-10 08:31 - 2012-02-26 06:16 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\gtk-2.0
    2012-12-10 08:31 - 2012-02-13 07:08 - 00000000 ____D C:\users\Brendan
    2012-12-10 07:58 - 2012-03-08 02:48 - 00000000 ____D C:\Users\All Users\AVG2012
    2012-12-10 04:51 - 2012-03-09 01:43 - 00000000 ____D C:\Users\Brendan\AppData\Local\Microsoft Help
    2012-12-10 01:18 - 2012-02-13 07:08 - 01133061 ____A C:\Windows\WindowsUpdate.log
    2012-12-09 15:27 - 2012-08-20 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-09 15:24 - 2012-12-09 15:24 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brendan\Downloads\mbam-setup-1.65.1.1000.exe
    2012-12-09 09:55 - 2012-02-14 04:51 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\uTorrent
    2012-12-09 08:03 - 2012-12-09 08:03 - 00014431 ____A C:\Users\Brendan\Downloads\[isoHunt] download.torrent
    2012-12-09 08:03 - 2012-12-09 08:03 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-12-09 08:00 - 2012-12-09 08:00 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
    2012-12-09 08:00 - 2012-02-14 01:45 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\Media Player Classic
    2012-12-09 07:59 - 2012-12-09 07:59 - 09889896 ____A (CCCP Project ) C:\Users\Brendan\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe
    2012-12-09 07:58 - 2012-12-09 07:58 - 00001712 ____A C:\Users\Brendan\Desktop\MPC-HC x64.lnk
    2012-12-09 07:58 - 2012-12-09 07:58 - 00000000 ____D C:\Program Files\MPC-HC
    2012-12-09 07:57 - 2012-12-09 07:57 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-12-09 07:35 - 2012-12-09 07:35 - 00030884 ____A C:\Users\Brendan\Downloads\[isoHunt] 5035527.torrent
    2012-12-09 06:17 - 2012-12-09 06:17 - 00042137 ____A C:\Users\Brendan\Downloads\[isoHunt] Toy Story 3 720p TC XviD AC3-KiNGDOM (Kingdom-Release).torrent
    2012-12-05 11:30 - 2012-12-05 11:30 - 01524811 ____A C:\Users\Brendan\Desktop\THOUGHT YOU COULD GET RID OF ME!.zip
    2012-12-04 23:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-12-04 08:22 - 2012-12-04 08:22 - 00001843 ____A C:\Users\Public\Desktop\Heroes of Might and Magic 3 Complete.lnk
    2012-12-04 08:22 - 2012-02-13 11:45 - 00000000 ____D C:\Games
    2012-12-01 15:26 - 2012-12-01 15:26 - 00000000 ____D C:\Users\Brendan\Documents\Square Enix
    2012-12-01 08:49 - 2012-03-10 09:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-12-01 08:47 - 2012-10-21 10:45 - 00071106 ____A C:\Windows\DirectX.log
    2012-12-01 08:21 - 2012-12-01 08:21 - 00126160 ____A (RealNetworks, Inc.) C:\Users\Brendan\Desktop\FINALFANTASYVII-dm.exe
    2012-11-30 13:25 - 2012-11-30 07:56 - 00000000 ____D C:\Users\Brendan\Documents\Baldur's Gate - Enhanced Edition
    2012-11-30 08:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-11-29 14:10 - 2012-11-29 14:10 - 00118583 ____A C:\Users\Brendan\Downloads\[isoHunt] South_Park_Seasons_1_-_14_Complete___Movie_(MKV)_-_YIFY.5655413.TPB.torrent
    2012-11-23 18:36 - 2012-11-23 18:21 - 00000614 ____A C:\Users\Brendan\Desktop\mtgcosts.txt
    2012-11-22 17:23 - 2012-11-22 17:23 - 00000842 ____A C:\Users\Brendan\Desktop\Baldur's Gate Enhanced Edition.lnk
    2012-11-22 17:23 - 2012-11-22 17:23 - 00000000 ____D C:\Users\Brendan\AppData\Local\BeamDog
    2012-11-22 17:23 - 2012-06-19 17:42 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-11-22 17:23 - 2012-06-19 17:42 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-11-22 17:23 - 2012-06-19 17:42 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-11-22 17:23 - 2012-06-19 17:42 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-11-22 17:22 - 2012-11-22 17:22 - 02464480 ____A (Overhaul Games™) C:\Users\Brendan\Desktop\BGEEInstaller.exe
    2012-11-21 14:53 - 2012-11-21 14:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-11-20 00:35 - 2012-02-14 04:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-11-19 16:56 - 2012-11-19 16:56 - 00581489 ____A C:\Users\Brendan\Downloads\#gamemp3s Archive 2011.torrent
    2012-11-19 16:54 - 2012-11-19 16:54 - 00066449 ____A C:\Users\Brendan\Downloads\2011-10-28.torrent
    2012-11-19 16:54 - 2012-11-19 16:54 - 00039706 ____A C:\Users\Brendan\Downloads\2011-11-06.torrent
    2012-11-19 16:53 - 2012-11-19 16:53 - 00067808 ____A C:\Users\Brendan\Downloads\2011-12-10.torrent
    2012-11-19 16:48 - 2012-11-19 16:48 - 00083633 ____A C:\Users\Brendan\Downloads\2012-02-09.torrent
    2012-11-19 16:47 - 2012-11-19 16:47 - 00085525 ____A C:\Users\Brendan\Downloads\2012-02-28.torrent
    2012-11-19 16:47 - 2012-11-19 16:47 - 00051137 ____A C:\Users\Brendan\Downloads\2012-03-10.torrent
    2012-11-19 16:46 - 2012-11-19 16:46 - 00088162 ____A C:\Users\Brendan\Downloads\2012-04-15.torrent
    2012-11-19 16:45 - 2012-11-19 16:45 - 00068834 ____A C:\Users\Brendan\Downloads\2012-06-13.torrent
    2012-11-19 16:40 - 2012-11-19 16:40 - 00041789 ____A C:\Users\Brendan\Downloads\2012-09-02.torrent
    2012-11-19 16:34 - 2012-11-19 16:34 - 00052174 ____A C:\Users\Brendan\Downloads\2012-09-09.torrent
    2012-11-19 16:28 - 2012-11-19 16:28 - 00043889 ____A C:\Users\Brendan\Downloads\2012-09-29.torrent
    2012-11-19 16:23 - 2012-11-19 16:23 - 00062286 ____A C:\Users\Brendan\Downloads\2012-11-11.torrent
    2012-11-19 10:51 - 2012-11-19 10:51 - 00000183 ____A C:\Users\Brendan\Downloads\100137352182.sdx
    2012-11-19 10:39 - 2012-11-19 10:39 - 00772608 ____A C:\Users\Brendan\Downloads\SDM_EN.msi
    2012-11-19 10:39 - 2012-11-19 10:39 - 00003153 ____A C:\Users\Brendan\Desktop\Shortcut to SecureDownloadManager.exe.lnk
    2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Roaming\e-academy Inc
    2012-11-19 10:39 - 2012-11-19 10:39 - 00000000 ____D C:\Users\Brendan\AppData\Local\e-academy Inc
    2012-11-18 15:24 - 2012-11-17 05:18 - 00014911 ____A C:\Users\Brendan\Desktop\BudgetAccounting.xlsx


    ZeroAccess:
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\@
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\L
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\L\00000004.@
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\L\201d3dde
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\00000004.@
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\00000008.@
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\000000cb.@
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000000.@
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000032.@
    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4094.05 MB
    Available physical RAM: 3463.76 MB
    Total Pagefile: 4092.2 MB
    Available Pagefile: 3454.62 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:931.5 GB) (Free:264.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    3 Drive e: () (Removable) (Total:7.4 GB) (Free:7.4 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 8 MB
    Disk 1 Online 7596 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7595 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E FAT32 Removable 7595 MB Healthy

    =========================================================

    Last Boot: 2012-12-07 00:55

    ==================== End Of Log =============================

    ~~Search.txt
    Farbar Recovery Scan Tool (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-17 13:17:54
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  9. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    If it helps save any time in finding what may be wrong, I'm suspecting the codec pack I got with a Toy Story 3 download is probably the most likely culprit..
    First trying it at line: 2012-12-09 07:57 - 2012-12-09 07:57 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack

    And then stupidly trying again slightly further up this list before I realised it was probably not safe.

    Also everything in the Zero Access section are what have been showing up in the MBAM and AVG searches respectively, which I was unable to remove..

    I had popups in the past week from AVG informing me I should upgrade to the 2013 version now (but havent yet as I remember you said not to modify anything on my pc until this is resolved)
    But I also remember seeing I think elsewhere on this forum that you recommended to someone if they didn't have an AV program they should install one at least for temporary use, and AVG wasn't on the list of suggested programs. Just wondering, would you recommend any specific AV program as one which you think is best or most effective and might be a better choice over AVG?
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hang on for recommendations. FRST looks good, no need to do OTLPE version...

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  11. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Looks like it did as was meant to, my browser certainly seems to have loaded up faster this time too.

    ~Fixlog.txt
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-17 15:18:52 Run:1
    Running from E:\

    ==============================================

    C:\Windows\Installer\{ed5903c0-6962-e5f9-1d94-edd253c97839} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    c:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to c:\Windows\System32\services.exe

    ==== End of Fixlog ====


    ~~Edit:
    Ran a quick scan with MBAM too, and it found no malware or infections.
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good! Next step:

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  13. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    I temporarily disabled AVG and then ran the program but it still complained about AVG but I double checked and it was definitely disabled so I kept running ComboFix any way, I hope this was right.
    Here is the report-

    ~~ ComboFix.txt
    ComboFix 12-12-17.02 - Brendan 17/12/2012 15:56:14.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4094.2524 [GMT 0:00]
    Running from: c:\users\Brendan\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\windows\SysWow64\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-17 21:16 . 2012-12-17 21:16--------d-----w-C:\FRST
    2012-12-17 16:01 . 2012-12-17 16:01--------d-----w-c:\users\Default\AppData\Local\temp
    2012-12-12 19:10 . 2012-12-12 19:1016363960----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-12-09 16:03 . 2012-12-09 16:03--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-12-09 16:00 . 2012-12-09 16:00--------d-----w-c:\program files (x86)\Combined Community Codec Pack
    2012-12-09 15:58 . 2012-12-09 15:58--------d-----w-c:\program files\MPC-HC
    2012-12-09 15:57 . 2012-12-09 15:57220160----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-09 15:57 . 2012-12-09 15:57--------d-----w-c:\program files (x86)\Mega Codec Pack
    2012-11-23 01:23 . 2012-11-23 01:23--------d-----w-c:\users\Brendan\AppData\Local\BeamDog
    2012-11-21 22:53 . 2012-11-21 22:53--------d-----w-c:\program files (x86)\NVIDIA Corporation
    2012-11-19 18:39 . 2012-11-19 18:39--------d-----w-c:\users\Brendan\AppData\Roaming\e-academy Inc
    2012-11-19 18:39 . 2012-11-19 18:39--------d-----w-c:\users\Brendan\AppData\Local\e-academy Inc
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 19:10 . 2012-05-15 06:24697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-12 19:10 . 2012-02-15 12:0473656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-23 01:23 . 2012-06-20 01:42466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-11-23 01:23 . 2012-06-20 01:42444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-11-23 01:23 . 2012-06-20 01:42122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-11-23 01:23 . 2012-06-20 01:42109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-11-14 20:33 . 2012-02-17 20:5166395536----a-w-c:\windows\system32\MRT.exe
    2012-10-18 18:25 . 2012-11-14 10:153149824----a-w-c:\windows\system32\win32k.sys
    2012-10-16 08:38 . 2012-11-28 11:15135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 11:15350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 11:15561664----a-w-c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17 . 2012-11-14 10:1555296----a-w-c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-14 10:15226816----a-w-c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-14 10:1544032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-14 10:15193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
    2012-10-08 12:19 . 2012-11-14 20:3417811968----a-w-c:\windows\system32\mshtml.dll
    2012-10-08 11:42 . 2012-11-14 20:3410925568----a-w-c:\windows\system32\ieframe.dll
    2012-10-08 11:31 . 2012-11-14 20:342312704----a-w-c:\windows\system32\jscript9.dll
    2012-10-08 11:24 . 2012-11-14 20:341346048----a-w-c:\windows\system32\urlmon.dll
    2012-10-08 11:23 . 2012-11-14 20:341392128----a-w-c:\windows\system32\wininet.dll
    2012-10-08 11:22 . 2012-11-14 20:341494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-10-08 11:22 . 2012-11-14 20:34237056----a-w-c:\windows\system32\url.dll
    2012-10-08 11:20 . 2012-11-14 20:3485504----a-w-c:\windows\system32\jsproxy.dll
    2012-10-08 11:18 . 2012-11-14 20:34173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-10-08 11:17 . 2012-11-14 20:34599040----a-w-c:\windows\system32\vbscript.dll
    2012-10-08 11:17 . 2012-11-14 20:34816640----a-w-c:\windows\system32\jscript.dll
    2012-10-08 11:15 . 2012-11-14 20:34729088----a-w-c:\windows\system32\msfeeds.dll
    2012-10-08 11:15 . 2012-11-14 20:342144768----a-w-c:\windows\system32\iertutil.dll
    2012-10-08 11:13 . 2012-11-14 20:3496768----a-w-c:\windows\system32\mshtmled.dll
    2012-10-08 11:13 . 2012-11-14 20:342382848----a-w-c:\windows\system32\mshtml.tlb
    2012-10-08 11:09 . 2012-11-14 20:34248320----a-w-c:\windows\system32\ieui.dll
    2012-10-08 07:56 . 2012-11-14 20:341800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-10-08 07:48 . 2012-11-14 20:341129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-10-08 07:47 . 2012-11-14 20:341427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44 . 2012-11-14 20:34142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43 . 2012-11-14 20:34420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-10-08 07:40 . 2012-11-14 20:342382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-10-03 17:56 . 2012-11-14 10:151914248----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-14 10:1570656----a-w-c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-14 10:15303104----a-w-c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-14 10:15246272----a-w-c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-14 10:1518944----a-w-c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-14 10:15216576----a-w-c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-14 10:15569344----a-w-c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-14 10:1518944----a-w-c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-14 10:15175104----a-w-c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-14 10:15156672----a-w-c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-14 10:1545568----a-w-c:\windows\system32\drivers\tcpipreg.sys
    2012-09-29 19:54 . 2012-08-21 06:2225928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-28 15:37 . 2012-09-28 15:37221696----a-w-c:\windows\system32\clinfo.exe
    2012-09-28 15:36 . 2012-09-28 15:3675776----a-w-c:\windows\system32\OpenVideo64.dll
    2012-09-28 15:36 . 2012-09-28 15:3665536----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-09-28 15:36 . 2012-09-28 15:3663488----a-w-c:\windows\system32\OVDecode64.dll
    2012-09-28 15:36 . 2012-09-28 15:3656320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-09-28 15:36 . 2012-09-28 15:3632635904----a-w-c:\windows\system32\amdocl64.dll
    2012-09-28 15:32 . 2012-09-28 15:3227341824----a-w-c:\windows\SysWow64\amdocl.dll
    2012-09-28 02:23 . 2011-12-06 02:335557928----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-09-28 02:21 . 2012-09-28 02:2110697216----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-09-28 02:05 . 2012-09-28 02:0570144----a-w-c:\windows\system32\coinst_9.002.dll
    2012-09-28 02:03 . 2012-09-28 02:03163840----a-w-c:\windows\system32\atiapfxx.exe
    2012-09-28 02:02 . 2012-09-28 02:0251200----a-w-c:\windows\system32\aticalrt64.dll
    2012-09-28 02:02 . 2012-09-28 02:0246080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-09-28 02:02 . 2012-09-28 02:0244544----a-w-c:\windows\system32\aticalcl64.dll
    2012-09-28 02:02 . 2012-09-28 02:0244032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-09-28 02:02 . 2012-09-28 02:0216082432----a-w-c:\windows\system32\aticaldd64.dll
    2012-09-28 01:59 . 2012-09-28 01:5923825920----a-w-c:\windows\system32\atio6axx.dll
    2012-09-28 01:57 . 2012-09-28 01:5713703168----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-09-28 01:43 . 2011-04-20 02:09935424----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-09-28 01:41 . 2011-12-06 03:161120768----a-w-c:\windows\system32\aticfx64.dll
    2012-09-28 01:41 . 2012-09-28 01:4119624960----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-09-28 01:39 . 2011-04-20 01:596536192----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-09-28 01:39 . 2012-09-28 01:39442368----a-w-c:\windows\system32\atidemgy.dll
    2012-09-28 01:39 . 2012-09-28 01:39538112----a-w-c:\windows\system32\atieclxx.exe
    2012-09-28 01:38 . 2012-09-28 01:38239616----a-w-c:\windows\system32\atiesrxx.exe
    2012-09-28 01:36 . 2012-09-28 01:36120320----a-w-c:\windows\system32\atitmm64.dll
    2012-09-28 01:36 . 2012-09-28 01:3621504----a-w-c:\windows\system32\atimuixx.dll
    2012-09-28 01:36 . 2012-09-28 01:3659392----a-w-c:\windows\system32\atiedu64.dll
    2012-09-28 01:36 . 2012-09-28 01:3643520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-09-28 01:31 . 2012-09-28 01:313127296----a-w-c:\windows\system32\atiumd6a.dll
    2012-09-28 01:25 . 2012-09-28 01:256704640----a-w-c:\windows\system32\atiumd64.dll
    2012-09-28 01:22 . 2011-12-06 02:517167488----a-w-c:\windows\system32\atidxx64.dll
    2012-09-28 01:22 . 2011-12-06 02:282691584----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-09-28 01:13 . 2012-09-28 01:13595456----a-w-c:\windows\system32\atiadlxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13405504----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-09-28 01:13 . 2012-09-28 01:1317920----a-w-c:\windows\system32\atig6pxx.dll
    2012-09-28 01:13 . 2012-09-28 01:1314848----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-09-28 01:13 . 2012-09-28 01:1314848----a-w-c:\windows\system32\atiglpxx.dll
    2012-09-28 01:13 . 2012-09-28 01:1341984----a-w-c:\windows\system32\atig6txx.dll
    2012-09-28 01:13 . 2012-09-28 01:1333280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-09-28 01:12 . 2012-09-28 01:1256320----a-w-c:\windows\system32\atimpc64.dll
    2012-09-28 01:12 . 2012-09-28 01:1256320----a-w-c:\windows\system32\amdpcom64.dll
    2012-09-28 01:12 . 2012-09-28 01:12460288----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-09-28 01:12 . 2012-09-28 01:1256832----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-09-28 01:12 . 2012-09-28 01:1256832----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-09-28 01:11 . 2011-12-06 02:11129536----a-w-c:\windows\system32\atiuxp64.dll
    2012-09-28 01:11 . 2011-04-20 01:21109568----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-09-28 01:11 . 2012-09-28 01:11103424----a-w-c:\windows\system32\atiu9p64.dll
    2012-09-28 01:10 . 2011-04-20 01:2182944----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-09-28 01:09 . 2012-09-28 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-09-25 22:47 . 2012-11-14 10:1578336----a-w-c:\windows\SysWow64\synceng.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49176936----a-w-c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
    @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
    [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
    2012-11-06 15:07220160----a-w-c:\program files (x86)\Mega Codec Pack\Filters\Haali\mmdinfo.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\games\Steam\steam.exe" [2012-12-03 1354736]
    "Facebook Update"="c:\users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-23 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
    "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
    .
    c:\users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Facebook Messenger.lnk - c:\users\Brendan\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-9-16 565248]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux6"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0autocheck c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2009-11-05 954368]
    R3 SaiK0CEA;SaiK0CEA;c:\windows\system32\DRIVERS\SaiK0CEA.sys [2008-04-04 129024]
    R3 SaiU0CEA;SaiU0CEA;c:\windows\system32\DRIVERS\SaiU0CEA.sys [2008-04-04 34432]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 18288]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 7329648]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 719216]
    S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2010-06-23 167936]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:10]
    .
    2012-12-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
    - c:\users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 23:25]
    .
    2012-12-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
    - c:\users\Brendan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 23:25]
    .
    2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000Core.job
    - c:\users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 19:22]
    .
    2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103919597-2999294590-3050275627-1000UA.job
    - c:\users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 19:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Brendan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    AddRemove-Diskeeper2011 - c:\program files (x86)\Diskeeper\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4103919597-2999294590-3050275627-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-17 16:08:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-17 16:08
    .
    Pre-Run: 286,466,301,952 bytes free
    Post-Run: 287,530,364,928 bytes free
    .
    - - End Of File - - 3289E7E70E350632C8C88176D6F9F6FD
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job! Should be fine.

    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  15. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Sorry for the delayed reply, I did the first one and then had to go out.

    Question, I try to remember to use things like CCleaner fairly often, would these two programs also be good things to run through my computer on a monthly basis too, or are they more just useful for specific cases?

    ~ JRT.txt
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.1.7 (12.16.2012:1)
    OS: Windows 7 Professional x64
    Ran by Brendan on 17/12/2012 at 17:18:08.68
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{687578b9-7132-4a7a-80e4-30ee31099e03}

    ~~~ Files

    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll

    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Brendan\AppData\Roaming\iwin"
    Successfully deleted: [Folder] "C:\Users\Brendan\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\Brendan\appdata\locallow\boost_interprocess"
    Successfully deleted: [Folder] "C:\Users\Brendan\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 17/12/2012 at 17:26:14.63
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~AdwCleaner[S1].txt
    # AdwCleaner v2.101 - Logfile created 12/17/2012 at 22:55:31
    # Updated 16/12/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Brendan - STEAMSERVER-X
    # Boot Mode : Normal
    # Running from : C:\Users\Brendan\Desktop\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Folder Deleted : C:\Program Files (x86)\uTorrentControl2
    Folder Deleted : C:\Users\Brendan\AppData\LocalLow\uTorrentControl2
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\Software\uTorrentControl2
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0368E392-9BB4-4BBA-9C78-FAE2DD566DA6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CEE9119-F2B5-4B65-B1D9-BC8F2AABAA7E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v23.0.1271.97
    File : C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.31] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3687B7F6-5256-46F7-92F0-8CA7B[...]
    Deleted [l.3805] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3687B7F6-5256-46F7-92F0-8CA7B006[...]
    *************************
    AdwCleaner[S1].txt - [2245 octets] - [17/12/2012 22:55:31]
    ########## EOF - C:\AdwCleaner[S1].txt - [2305 octets] ##########
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    If you'd like. But, as long as you don't download any toolbars or other adware programs, it should be good.

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  17. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    What is the likelihood of the scan taking more than two hours?
    I'm going to be going back to my parent's house soon and can't bring my pc with me, time isn't too much of a concern as long as I leave in the next few hours I just want to make sure this scan wouldn't take an excessively long time or that I can stop it part way through if I must?
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Actually, it usually takes quite a while sadly. It's really good to use to check for remnants.
  19. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Ah darn. I just checked and I think I could manage sticking around as long as 3-4 hours before I'd really have to leave.

    How complex are the rest of the stages? My girlfriend is pretty computer savvy and will probably come round here and want to use my computer for gaming while I'm away so I could instruct her over facebook what to do?
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It's not complex. Go ahead. :)
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How did it work out, for you or your girlfriend on the scan?
  22. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Hey, sorry for taking ages to reply, I ended up not having a functional computer at my parent's house to use, and my girlfriend ended up coming with me there instead of to my house.
    I will run the scan now and see what the end result is. I've noticed though when I turn on the computer every time there's some program called regcleanpro that comes on and does a scan of my pc. is this a legit program or something else dodgy?
  23. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Alrighty, Well I ran the thing once and as I last saw it 7 threats were found, but then I had to go out. When I got back my friend stepped on the plug and turned off ym computer before I could save a report or anything so I have now ran the scanner again and this time it only found and removed one threat.

    This is the file it exported:

    C:\$RECYCLE.BIN\S-1-5-21-4103919597-2999294590-3050275627-1000\$RR2EJC0.exea variant of Win32/Adware.Trymedia.A applicationcleaned by deleting - quarantined
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's do the following please...since it's been so long:

    Hitman Pro

    Please download Hitman Pro

    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please
  25. CyberNerd

    CyberNerd Newcomer, in training Topic Starter Posts: 16

    Downloaded and ran the program, I used the 30 day free licence for it.

    Here is the log:
    HitmanPro 3.7.0.185
    www.hitmanpro.com

    Computer name . . . . : STEAMSERVER-X
    Windows . . . . . . . : 6.1.1.7601.X64/4
    User name . . . . . . : SteamServer-X\Brendan
    UAC . . . . . . . . . : Enabled
    License . . . . . . . : Trial (30 days left)

    Scan date . . . . . . : 2012-12-31 15:47:53
    Scan mode . . . . . . : Normal
    Scan duration . . . . : 5m 2s
    Disk access mode . . : Direct disk access (SRB)
    Cloud . . . . . . . . : Internet
    Reboot . . . . . . . : No

    Threats . . . . . . . : 1
    Traces . . . . . . . : 104

    Objects scanned . . . : 1,713,256
    Files scanned . . . . : 57,651
    Remnants scanned . . : 575,552 files / 1,080,053 keys

    Malware _____________________________________________________________________

    C:\$RECYCLE.BIN\S-1-5-21-4103919597-2999294590-3050275627-1000\$RWOVIZ1\Setup_MagicISO.exe -> Quarantined
    Size . . . . . . . : 3,083,776 bytes
    Age . . . . . . . : 2.0 days (2012-12-29 15:04:09)
    Entropy . . . . . : 8.0
    SHA-256 . . . . . : 9447B7A609A420FCACAC265314284A26B3C1269ECAA7D0206CA2478800D6B697
    Description . . . :
    Version . . . . . : 0.0.0.0
    Copyright . . . . :
    > Ikarus . . . . . . : Trojan.Crypt!IK
    Fuzzy . . . . . . : 116.0


    Cookies _____________________________________________________________________

    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.directrev.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yabuka.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.audience2media.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lanistaads.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lzjl.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.videohub.tv
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bmuk.burstnet.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:checkngo.122.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:cms.ad.yieldmanager.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dg.specificclick.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eset.122.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipcmedia.122.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mswmwpapolloprod.122.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mtvn.112.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:muk.247realmedia.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eek:asn-en1.247realmedia.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.pgmediaserve.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ssp-csync.smartadserver.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:studiocom.122.2o7.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.smartadserver.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
    C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
    C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\3DBQK9L0.txt
    C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\50HV12LL.txt
    C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\LIQP7940.txt
    C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\R7ILYD7L.txt
    C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\VNHLD953.txt
    C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\WK9WWNKS.txt
    C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Cookies\YQASO8SO.txt
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.