also @ TechSpot: Microsoft launches YouTube app, Google demands it taken down

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Hi - TrojanZeroAccessinf - please bail me out!

Discussion in 'Virus and Malware Removal' started by Tobydog, Sep 9, 2012.

Post New Reply

Page 2 of 4

Tobydog Newcomer, in training Posts: 44

Hi Broni

I have been booting to System Recovery Options after tapping F8 to get the Advanced Boot Options - I could see the FRST file on my flash in the 'OPEN' box but couldn't run it by typing F:\FRST. However, I was able to run FRST by right clicking on the file in the 'OPEN' box and then running it.

I do not have Vista DVD

Here are the two logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2012
Ran by SYSTEM at 15-09-2012 10:03:29
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1219316984\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1988608 2012-07-04] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-10-02] (Google)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-14] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Run: [Power2GoExpress] [x]
HKU\Mark\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-03-09] (TomTom)
HKU\Mark\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-11-19] (Google Inc.)
HKU\Mark\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
HKU\Mark\...\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.0; EasyBits GO v1.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; AskTbSPC2/5.9.1.14019)" -"http://www.gamepuma.com/shockwave-games/Driver-s-ED.html" [460216 2008-11-24] (Adobe Systems, Inc.)
HKU\Mark\...\Policies\system: [DisableLockWorkstation] 0
HKU\Mark\...\Policies\system: [DisableChangePassword] 0
HKU\Mark\...\Winlogon: [Shell] explorer.exe [x]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 208.67.220.220,208.67.222.222
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services ================================

2 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 ezntsvc; C:\Windows\system32\ezNTSvc.exe [33792 2008-08-21] (EasyBits Software Corp.)
2 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-22] (Lavasoft Limited)
2 NCO; "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe" /s "NCO" /m "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

==================== Drivers =================================

1 ccSet_NST; C:\Windows\system32\drivers\NST\7DC06030.002\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-11-03] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-11-03] (Lavasoft AB)
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-04-12] (VSO Software)
0 SMR310; C:\Windows\System32\drivers\SMR310.SYS [97440 2012-09-09] (Symantec Corporation)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2011-05-31] ()
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Windows\System32\Drivers\NST
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Program Files\Norton Identity Safe
2012-09-13 10:54 - 2012-09-13 10:55 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:51 - 2012-09-13 14:02 - 00000000 ____D C:\NBRT
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:16 - 2012-09-13 10:17 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:57 - 2012-09-13 07:58 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:23 - 2012-09-13 01:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:20 - 2012-09-13 00:21 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\Application Data\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\SMR310
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\Application Data\SMR310
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:52 - 2012-09-08 09:55 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 08:16 - 2012-09-08 08:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizard
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Program Files\Norton Bootable Recovery Tool Wizard
2012-09-08 06:29 - 2012-07-25 21:32 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:12 - 2012-09-09 00:11 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:52 - 2012-09-13 10:36 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-07 13:04 - 2012-09-07 13:04 - 00000000 ____D C:\Windows\System32\N360_BACKUP
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\AppData\Local\NPE
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Mozilla
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\My Documents\Symantec
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\Documents\Symantec
2012-09-07 10:09 - 2012-09-08 06:27 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-09-07 09:31 - 2012-09-07 10:47 - 00000000 ____D C:\Users\Mark\Sources
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\AppData\Local\NokiaAccount
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\My Documents\NPS
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\Documents\NPS
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaShow
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\AppData\Local\Power2Go8
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\PDVD
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Application Data\PDVD
2012-08-22 07:58 - 2012-08-22 07:58 - 00000000 ____D C:\Program Files\Common Files\CyberLink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\AppData\Local\Cyberlink
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\install_clap
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\Application Data\install_clap
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\CLSK
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\Application Data\CLSK
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps

============ 3 Months Modified Files ========================

2012-09-15 00:54 - 2006-11-02 05:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-15 00:54 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 00:54 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-15 00:54 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-15 00:44 - 2009-12-26 12:14 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-15 00:43 - 2012-07-25 01:00 - 00023867 ____A C:\aaw7boot.log
2012-09-15 00:35 - 2012-07-24 11:30 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
2012-09-15 00:25 - 2009-12-26 12:14 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-14 14:34 - 2012-03-30 23:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-14 11:36 - 2012-07-24 11:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 12:04 - 2008-08-20 02:58 - 01635992 ____A C:\Windows\PFRO.log
2012-09-13 10:55 - 2012-09-13 10:54 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:54 - 2008-09-17 10:15 - 271553641 ____A C:\Windows\MEMORY.DMP
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:36 - 2012-09-08 05:52 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:17 - 2012-09-13 10:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:50 - 2006-11-02 04:47 - 00070656 _____ C:\Windows\System32\umstartup.etl
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:58 - 2012-09-13 07:57 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:24 - 2012-09-13 01:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:21 - 2012-09-13 00:20 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-12 01:54 - 2011-11-26 04:25 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-09-12 01:54 - 2011-11-26 04:25 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\Application Data\wklnhst.dat
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\AppData\Roaming\wklnhst.dat
2012-09-12 01:14 - 2009-02-22 12:11 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-08 06:12 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 23:52 - 2011-10-21 04:58 - 00009024 ____A C:\Windows\IE9_main.log
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-08 23:28 - 2006-11-02 04:47 - 00285328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-08 12:58 - 2006-11-02 02:22 - 59506688 ____A C:\Windows\System32\config\software_previous
2012-09-08 12:58 - 2006-11-02 02:22 - 18874368 ____A C:\Windows\System32\config\system_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\components_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:55 - 2012-09-08 09:52 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 08:21 - 2009-09-24 08:59 - 00282624 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:51 - 2008-08-20 03:14 - 00095736 ____A C:\Windows\DPINST.LOG
2012-09-08 05:50 - 2006-11-02 02:23 - 00000324 ____A C:\Windows\win.ini
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-08 03:40 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2012-09-08 03:40 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-09-01 13:35 - 2009-04-10 07:49 - 00001057 ____A C:\Users\Mark\Application Data\vso_ts_preview.xml
2012-09-01 13:35 - 2009-04-10 07:49 - 00001057 ____A C:\Users\Mark\AppData\Roaming\vso_ts_preview.xml
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-27 03:10 - 2012-03-30 23:50 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-27 03:10 - 2011-06-17 23:55 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps
2012-07-31 08:07 - 2006-11-02 04:52 - 00069228 ____A C:\Windows\setupact.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\Application Data\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\All Users\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\Application Data\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\Application Data\Rim.DesktopHelper.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\My Documents\carpark cardiff.wps
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\Documents\carpark cardiff.wps
2012-07-30 09:57 - 2008-04-28 06:04 - 01215626 ____A C:\Windows\WindowsUpdate.log
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\My Documents\sara 429.xlr
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\Documents\sara 429.xlr
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\My Documents\Nirvana.p2g
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\Documents\Nirvana.p2g
2012-07-25 21:32 - 2012-09-08 06:29 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-07-25 21:32 - 2010-11-16 12:17 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-07-24 11:45 - 2012-07-24 11:22 - 00020969 ____A C:\INSTALLHELPER.LOG
2012-07-24 11:45 - 2012-07-24 11:22 - 00003982 ____A C:\alotserviceruntime.log
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\My Documents\Asda socket set.wps
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\Documents\Asda socket set.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\My Documents\Ryanair cancellation.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\Documents\Ryanair cancellation.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\My Documents\apodo flight.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\Documents\apodo flight.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\My Documents\Holiday Inn Kenilworth.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\Documents\Holiday Inn Kenilworth.wps
2012-06-18 08:56 - 2012-06-18 08:56 - 00018944 ____A C:\Users\Mark\My Documents\Sara letter homework.wps
2012-06-18 08:56 - 2012-06-18 08:56 - 00018944 ____A C:\Users\Mark\Documents\Sara letter homework.wps

ZeroAccess:
C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}
C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2}\U

ZeroAccess:
C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}
C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2}\U

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-03 05:44:39
Restore point made on: 2012-09-04 02:27:04
Restore point made on: 2012-09-05 03:23:05
Restore point made on: 2012-09-06 02:47:45
Restore point made on: 2012-09-07 00:00:45
Restore point made on: 2012-09-07 08:50:18
Restore point made on: 2012-09-07 08:51:24
Restore point made on: 2012-09-07 09:12:39
Restore point made on: 2012-09-07 09:49:41
Restore point made on: 2012-09-07 09:52:26
Restore point made on: 2012-09-07 09:55:16
Restore point made on: 2012-09-08 04:55:28
Restore point made on: 2012-09-08 05:31:03
Restore point made on: 2012-09-08 05:31:59
Restore point made on: 2012-09-08 05:32:57
Restore point made on: 2012-09-08 05:33:43
Restore point made on: 2012-09-08 05:35:25
Restore point made on: 2012-09-08 05:36:31
Restore point made on: 2012-09-08 05:37:37
Restore point made on: 2012-09-08 05:39:00
Restore point made on: 2012-09-08 05:39:59
Restore point made on: 2012-09-08 05:42:24
Restore point made on: 2012-09-08 05:43:53
Restore point made on: 2012-09-08 05:45:12
Restore point made on: 2012-09-08 05:46:13
Restore point made on: 2012-09-08 05:47:35
Restore point made on: 2012-09-08 05:48:31
Restore point made on: 2012-09-08 05:49:35
Restore point made on: 2012-09-08 13:57:43
Restore point made on: 2012-09-09 07:12:43
Restore point made on: 2012-09-09 07:16:55
Restore point made on: 2012-09-10 01:47:13
Restore point made on: 2012-09-11 23:50:00
Restore point made on: 2012-09-13 12:17:53
Restore point made on: 2012-09-14 09:16:37
Restore point made on: 2012-09-14 09:20:38

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.5 MB
Available physical RAM: 3492.7 MB
Total Pagefile: 3762.31 MB
Available Pagefile: 3565.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.14 MB

==================== Partitions ============================

1 Drive c: (HP) (Fixed) (Total:455.51 GB) (Free:182.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.25 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Cruzer) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 Online 1912 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 456 GB 32 KB
Partition 2 Primary 10 GB 456 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C HP NTFS Partition 456 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D FACTORY_IMA NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 65 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 F Cruzer FAT Removable 1908 MB Healthy

==================================================================================

Last Boot: 2012-09-15 00:51

==================== End Of Log =============================

Farbar Recovery Scan Tool (x86) Version: 12-09-2012
Ran by SYSTEM at 2012-09-15 10:18:12
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-24 08:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-08-29 04:32] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

=== End Of Search ===

Thanks Broni

Awaiting your instructions

Tobydog, Sep 15, 2012

#21
Broni Malware Annihilator Posts: 39,231 +175
Good job

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Attached Files:
- fixlist.txt
  
  File size:
  
  392 bytes
  
  Views:
  
  2
Broni, Sep 15, 2012

#22
Tobydog Newcomer, in training Posts: 44

Thanks Broni

Here's the Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2012
Ran by SYSTEM at 2012-09-15 18:52:44 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{4a3e861e-894a-adb2-035b-695524750cd2} moved successfully.
C:\Users\Mark\AppData\Local\{4a3e861e-894a-adb2-035b-695524750cd2} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Tobydog, Sep 15, 2012

#23
Broni Malware Annihilator Posts: 39,231 +175
Good

Create new restore point before proceeding with the following....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Sep 15, 2012

#24
Tobydog Newcomer, in training Posts: 44

Thanks Broni

Please tell me more about creating a new restore point

Tobydog, Sep 15, 2012

#25

Broni Malware Annihilator Posts: 39,231 +175

http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Broni, Sep 15, 2012

#26

Tobydog Newcomer, in training Posts: 44

Thanks Broni

I've followed the instructions on how to create a restore point but keep getting an error message to say the restore point cannot be created due to the writer experiencing a transient error - 0x800423F3
I can see in System Properties / System Protection that the last restore point was 1 hour 15 minutes ago - do I still need to create one before I run Combofix ?

Tobydog, Sep 15, 2012

#27
Broni Malware Annihilator Posts: 39,231 +175

That's fine. Go ahead with Combofix.

Broni, Sep 15, 2012

#28
Tobydog Newcomer, in training Posts: 44

Hi Broni

Have run Combofix - here's the log

I cannot reconnect to the Internet - have tried several restarts - will attempt a few more ?

ComboFix 12-09-15.02 - Mark 15/09/2012 21:22:59.1.4 - x86
Running from: c:\users\Mark\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\restore
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12E9.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BF.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4972.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50DE.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A74.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B10.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3D1.tmp
c:\users\Mark\AppData\Roaming\.#
c:\users\Mark\AppData\Roaming\inst.exe
c:\users\Mark\AppData\Roaming\system32
c:\users\Mark\AppData\Roaming\vso_ts_preview.xml
c:\windows\jestertb.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
C:\winntse.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 08:51 . 2012-09-15 18:03--------d-----w-C:\FRST
2012-09-13 19:50 . 2012-09-13 19:50--------d-----w-c:\windows\system32\drivers\NST
2012-09-13 19:50 . 2012-09-13 19:50--------d-----w-c:\program files\Norton Identity Safe
2012-09-13 18:51 . 2012-09-13 22:02--------d-----w-C:\NBRT
2012-09-09 18:44 . 2012-09-11 15:17--------d-----w-c:\users\Mark\AppData\Local\CrashDumps
2012-09-09 16:11 . 2012-09-09 16:11--------d-----w-c:\users\Mark\AppData\Roaming\Malwarebytes
2012-09-09 16:11 . 2012-09-09 16:11--------d-----w-c:\programdata\Malwarebytes
2012-09-09 08:11 . 2012-09-09 08:11--------d-----w-c:\programdata\SMR310
2012-09-09 08:11 . 2012-09-09 08:1197440----a-w-c:\windows\system32\drivers\SMR310.SYS
2012-09-08 16:16 . 2012-09-08 16:16--------d-----w-C:\TDSSKiller_Quarantine
2012-09-08 14:29 . 2012-07-26 05:3226840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-08 14:29 . 2012-09-08 14:29--------d-----w-c:\windows\system32\drivers\NBRTWizard
2012-09-08 14:29 . 2012-09-08 14:29--------d-----w-c:\program files\Norton Bootable Recovery Tool Wizard
2012-09-07 21:04 . 2012-09-07 21:04--------d-----w-c:\windows\system32\N360_BACKUP
2012-09-07 19:02 . 2012-09-09 08:10--------d-----w-c:\users\Mark\AppData\Local\NPE
2012-09-07 18:26 . 2012-09-13 19:52--------d-----w-c:\program files\NortonInstaller
2012-09-07 18:26 . 2012-09-13 19:51--------d-----w-c:\programdata\NortonInstaller
2012-09-07 17:31 . 2012-09-07 18:47--------d-----w-c:\users\Mark\Sources
2012-09-07 17:09 . 2012-09-07 17:09--------d-----w-c:\users\Mark\AppData\Local\NokiaAccount
2012-08-23 09:29 . 2012-08-23 09:29--------d-----w-c:\users\Mark\AppData\Local\MediaShow
2012-08-23 08:03 . 2012-08-23 08:03--------d-----w-c:\users\Mark\AppData\Local\Power2Go8
2012-08-22 16:04 . 2012-08-22 16:04--------d-----w-c:\users\Mark\AppData\Local\MediaServer
2012-08-22 16:04 . 2012-08-22 16:04--------d-----w-c:\programdata\PDVD
2012-08-22 15:58 . 2012-08-22 15:58--------d-----w-c:\program files\Common Files\CyberLink
2012-08-22 15:54 . 2012-09-13 20:24--------d-----w-c:\users\Mark\AppData\Local\Cyberlink
2012-08-22 15:51 . 2012-08-22 16:07--------d-----w-c:\programdata\install_clap
2012-08-22 15:47 . 2012-09-13 20:27--------d-----w-c:\programdata\CLSK
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 11:10 . 2012-03-31 07:50696520----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-27 11:10 . 2011-06-18 07:5573416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 05:32 . 2010-11-16 20:17106928----a-w-c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-08-10 20:45516576----a-r-c:\program files\Norton Identity Safe\Engine\2012.6.3.2\CoIEPlg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files\Norton Identity Safe\Engine\2012.6.3.2\coIEPlg.dll" [2012-08-10 516576]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HostManager"="c:\program files\Common Files\AOL\1219316984\ee\AOLSoftware.exe" [2008-06-24 41824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-07-05 1988608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-02 161336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-05-14 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(0):
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-17 08:4216680----a-w-c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 11:07451872----a-w-c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 11:10]
.
2012-09-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-19 20:41]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 20:14]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 20:14]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 15:20]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 15:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.voover.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Power2GoExpress - (no file)
HKCU-Run-GameXN GO - c:\programdata\GameXN\GameXNGO.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-39681871.sys
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
"ImagePath"="System32\drivers\SMR310.SYS"
"ImagePath"="c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3716)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ezNTSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe
c:\program files\Common Files\Motive\pcCMService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\vssvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\hp\kbd\kbd.exe
.
**************************************************************************
.
Completion time: 2012-09-15 21:54:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 20:53
.
Pre-Run: 193,439,764,480 bytes free
Post-Run: 193,828,491,264 bytes free
.
- - End Of File - - 09CF607C59CBD86DF71A0CB7F64F2804

Tobydog, Sep 15, 2012

#29
Broni Malware Annihilator Posts: 39,231 +175

Use that restore point from before running Combofix and see if you get your connection back.

Broni, Sep 15, 2012

#30
Tobydog Newcomer, in training Posts: 44

Hi Broni

Unable to get Internet connection back - during restore from a restore point I get the message 'System Restore did not complete successfully - The writer has experienced a transient error - 0x800423F3' - I have tried several restore points

Tobydog, Sep 16, 2012

#31
Broni Malware Annihilator Posts: 39,231 +175

Please post fresh FRST log.

Broni, Sep 16, 2012

#32
Tobydog Newcomer, in training Posts: 44

Hi Broni - thanks for your help - much appreciated

Here's a fresh FRST log - FRST.txt and Search.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2012
Ran by SYSTEM at 16-09-2012 17:49:23
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1219316984\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1988608 2012-07-04] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-10-02] (Google)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-14] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-03-09] (TomTom)
HKU\Mark\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-11-19] (Google Inc.)
HKU\Mark\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Policies\system: [DisableLockWorkstation] 0
HKU\Mark\...\Policies\system: [DisableChangePassword] 0
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services ================================

2 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 ezntsvc; C:\Windows\system32\ezNTSvc.exe [33792 2008-08-21] (EasyBits Software Corp.)
2 NCO; "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe" /s "NCO" /m "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

==================== Drivers =================================

1 ccSet_NST; C:\Windows\system32\drivers\NST\7DC06030.002\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-04-12] (VSO Software)
0 SMR310; C:\Windows\System32\drivers\SMR310.SYS [97440 2012-09-09] (Symantec Corporation)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2011-05-31] ()
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-15 13:23 - 2012-09-15 13:23 - 00000452 ____A C:\Users\Mark\Desktop\log - Shortcut.lnk
2012-09-15 13:22 - 2012-09-15 13:22 - 00000000 ____D C:\Users\Mark\My Documents\log
2012-09-15 13:22 - 2012-09-15 13:22 - 00000000 ____D C:\Users\Mark\Documents\log
2012-09-15 12:54 - 2012-09-15 12:54 - 00013696 ____A C:\ComboFix.txt
2012-09-15 12:19 - 2012-09-15 12:54 - 00000000 ____D C:\Qoobox
2012-09-15 12:19 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-15 12:19 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-15 12:19 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-15 12:18 - 2012-09-15 12:50 - 00000000 ____D C:\Windows\erdnt
2012-09-15 12:11 - 2012-09-15 12:11 - 04754503 ____R (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2012-09-15 00:51 - 2012-09-16 08:40 - 00000000 ____D C:\FRST
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Windows\System32\Drivers\NST
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Program Files\Norton Identity Safe
2012-09-13 10:54 - 2012-09-13 10:55 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:51 - 2012-09-13 14:02 - 00000000 ____D C:\NBRT
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:16 - 2012-09-13 10:17 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:57 - 2012-09-13 07:58 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:23 - 2012-09-13 01:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:20 - 2012-09-13 00:21 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\Application Data\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\SMR310
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\Application Data\SMR310
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:52 - 2012-09-08 09:55 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 08:16 - 2012-09-08 08:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizard
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Program Files\Norton Bootable Recovery Tool Wizard
2012-09-08 06:29 - 2012-07-25 21:32 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:12 - 2012-09-09 00:11 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:52 - 2012-09-13 10:36 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-07 13:04 - 2012-09-07 13:04 - 00000000 ____D C:\Windows\System32\N360_BACKUP
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\AppData\Local\NPE
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Mozilla
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\My Documents\Symantec
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\Documents\Symantec
2012-09-07 10:09 - 2012-09-08 06:27 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-09-07 09:31 - 2012-09-07 10:47 - 00000000 ____D C:\Users\Mark\Sources
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\AppData\Local\NokiaAccount
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\My Documents\NPS
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\Documents\NPS
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaShow
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\AppData\Local\Power2Go8
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\PDVD
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Application Data\PDVD
2012-08-22 07:58 - 2012-08-22 07:58 - 00000000 ____D C:\Program Files\Common Files\CyberLink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\AppData\Local\Cyberlink
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\install_clap
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\Application Data\install_clap
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\CLSK
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\Application Data\CLSK
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps

============ 3 Months Modified Files ========================

2012-09-16 08:46 - 2006-11-02 05:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-16 08:46 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-16 08:46 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-16 08:46 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-16 08:35 - 2012-07-24 11:30 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
2012-09-16 08:25 - 2009-12-26 12:14 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-16 07:56 - 2012-03-30 23:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-16 07:28 - 2008-04-28 06:04 - 01232542 ____A C:\Windows\WindowsUpdate.log
2012-09-16 07:25 - 2009-12-26 12:14 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-16 01:14 - 2009-02-22 12:11 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-09-15 13:23 - 2012-09-15 13:23 - 00000452 ____A C:\Users\Mark\Desktop\log - Shortcut.lnk
2012-09-15 12:54 - 2012-09-15 12:54 - 00013696 ____A C:\ComboFix.txt
2012-09-15 12:40 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-09-15 12:37 - 2008-08-20 02:58 - 01637008 ____A C:\Windows\PFRO.log
2012-09-15 12:11 - 2012-09-15 12:11 - 04754503 ____R (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2012-09-15 11:42 - 2012-07-25 01:00 - 00024539 ____A C:\aaw7boot.log
2012-09-15 11:35 - 2012-07-24 11:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
2012-09-15 10:28 - 2011-11-26 04:25 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-09-15 10:28 - 2011-11-26 04:25 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 10:55 - 2012-09-13 10:54 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:54 - 2008-09-17 10:15 - 271553641 ____A C:\Windows\MEMORY.DMP
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:36 - 2012-09-08 05:52 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:17 - 2012-09-13 10:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:50 - 2006-11-02 04:47 - 00070656 _____ C:\Windows\System32\umstartup.etl
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:58 - 2012-09-13 07:57 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:24 - 2012-09-13 01:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:21 - 2012-09-13 00:20 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\Application Data\wklnhst.dat
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\AppData\Roaming\wklnhst.dat
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-08 06:12 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 23:52 - 2011-10-21 04:58 - 00009024 ____A C:\Windows\IE9_main.log
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-08 23:28 - 2006-11-02 04:47 - 00285328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-08 12:58 - 2006-11-02 02:22 - 59506688 ____A C:\Windows\System32\config\software_previous
2012-09-08 12:58 - 2006-11-02 02:22 - 18874368 ____A C:\Windows\System32\config\system_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\components_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:55 - 2012-09-08 09:52 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:51 - 2008-08-20 03:14 - 00095736 ____A C:\Windows\DPINST.LOG
2012-09-08 05:50 - 2006-11-02 02:23 - 00000324 ____A C:\Windows\win.ini
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-08 03:40 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2012-09-08 03:40 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-27 03:10 - 2012-03-30 23:50 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-27 03:10 - 2011-06-17 23:55 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps
2012-07-31 08:07 - 2006-11-02 04:52 - 00069228 ____A C:\Windows\setupact.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\Application Data\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\All Users\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\Application Data\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\Application Data\Rim.DesktopHelper.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\My Documents\carpark cardiff.wps
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\Documents\carpark cardiff.wps
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\My Documents\sara 429.xlr
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\Documents\sara 429.xlr
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\My Documents\Nirvana.p2g
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\Documents\Nirvana.p2g
2012-07-25 21:32 - 2012-09-08 06:29 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-07-25 21:32 - 2010-11-16 12:17 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-07-24 11:45 - 2012-07-24 11:22 - 00020969 ____A C:\INSTALLHELPER.LOG
2012-07-24 11:45 - 2012-07-24 11:22 - 00003982 ____A C:\alotserviceruntime.log
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\My Documents\Asda socket set.wps
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\Documents\Asda socket set.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\My Documents\Ryanair cancellation.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\Documents\Ryanair cancellation.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\My Documents\apodo flight.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\Documents\apodo flight.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\My Documents\Holiday Inn Kenilworth.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\Documents\Holiday Inn Kenilworth.wps

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-08 04:55:28
Restore point made on: 2012-09-08 05:31:03
Restore point made on: 2012-09-08 05:31:59
Restore point made on: 2012-09-08 05:32:57
Restore point made on: 2012-09-08 05:33:43
Restore point made on: 2012-09-08 05:35:25
Restore point made on: 2012-09-08 05:36:31
Restore point made on: 2012-09-08 05:37:37
Restore point made on: 2012-09-08 05:39:00
Restore point made on: 2012-09-08 05:39:59
Restore point made on: 2012-09-08 05:42:24
Restore point made on: 2012-09-08 05:43:53
Restore point made on: 2012-09-08 05:45:12
Restore point made on: 2012-09-08 05:46:13
Restore point made on: 2012-09-08 05:47:35
Restore point made on: 2012-09-08 05:48:31
Restore point made on: 2012-09-08 05:49:35
Restore point made on: 2012-09-08 13:57:43
Restore point made on: 2012-09-09 07:12:43
Restore point made on: 2012-09-09 07:16:55
Restore point made on: 2012-09-10 01:47:13
Restore point made on: 2012-09-11 23:50:00
Restore point made on: 2012-09-13 12:17:53
Restore point made on: 2012-09-14 09:16:37
Restore point made on: 2012-09-14 09:20:38
Restore point made on: 2012-09-15 10:34:04
Restore point made on: 2012-09-15 10:42:51
Restore point made on: 2012-09-15 10:43:51
Restore point made on: 2012-09-15 10:47:46
Restore point made on: 2012-09-15 11:02:04
Restore point made on: 2012-09-15 11:17:54
Restore point made on: 2012-09-15 12:13:11
Restore point made on: 2012-09-16 00:25:20
Restore point made on: 2012-09-16 00:34:44
Restore point made on: 2012-09-16 02:57:18
Restore point made on: 2012-09-16 07:33:56

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.5 MB
Available physical RAM: 3501.08 MB
Total Pagefile: 3762.31 MB
Available Pagefile: 3564.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.14 MB

==================== Partitions ============================

1 Drive c: (HP) (Fixed) (Total:455.51 GB) (Free:181.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.25 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Cruzer) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 Online 1912 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 456 GB 32 KB
Partition 2 Primary 10 GB 456 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C HP NTFS Partition 456 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 D FACTORY_IMA NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 65 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F Cruzer FAT Removable 1908 MB Healthy

==================================================================================

Last Boot: 2012-09-16 00:54

==================== End Of Log =============================

Farbar Recovery Scan Tool (x86) Version: 12-09-2012
Ran by SYSTEM at 2012-09-16 17:51:07
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-24 08:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-08-29 04:32] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-24 08:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\erdnt\cache\services.exe
[2012-09-15 12:50] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\FRST\Quarantine\services.exe
[2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

=== End Of Search ===

Tobydog, Sep 16, 2012

#33
Broni Malware Annihilator Posts: 39,231 +175
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and see if you can connect.
Attached Files:
- fixlist.txt
  
  File size:
  
  16 bytes
  
  Views:
  
  10
Broni, Sep 16, 2012

#34
Tobydog Newcomer, in training Posts: 44

Hi Broni

I must be doing something wrong - the computer can not find fixlist.txt on my flashdrive even though I can see it there ?

Tobydog, Sep 16, 2012

#35
Tobydog Newcomer, in training Posts: 44

Hi
Broni

The computer is telling me that the fixlist.txt should be made and saved in the same directory the tool is located - I'm saving it to the same flashdrive

Tobydog, Sep 16, 2012

#36
Broni Malware Annihilator Posts: 39,231 +175

Delete everything from your flash drive, get new copy of FRST and try again.

Broni, Sep 16, 2012

#37
Tobydog Newcomer, in training Posts: 44

Thanks Broni - will do immediatley

Tobydog, Sep 16, 2012

#38
Tobydog Newcomer, in training Posts: 44

Hi Broni

Deleted everything on flashdrive, got new copy of FRST and fixlist.tx, but computer still can not see the fixlist - is it anything to do with the USB drive on my laptop ( which I'm communicating with you on now ) which I'm using to copy to my flashdrive and the USB drive I'm using on the problem PC ? When I drag the fixlist on to my flashdrive, do I need to drop it directly on top of the FRST file ?

Tobydog, Sep 16, 2012

#39
Broni Malware Annihilator Posts: 39,231 +175

No.

Are you booting to System Recovery Options?

Try different flash drive.

Broni, Sep 16, 2012

#40

Page 2 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.