Highly infected laptop

I have a highly infected laptop that ive been trying my best to fix for months but just cant beat it and I give up so just before I full reinstall id LOVE to see one of you experts kick its arse PLEASE!!!!

Hey dragon, Thankyou so much im at work at the minute as soon as I get home ill follow you instructions and post logs. And give you a small run down on the disaster

Hey DMJ here goes,

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sad0r :: SAD0R-PC [administrator]

18/11/2012 12:22:34 AM
mbam-log-2012-11-18 (00-22-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 203389
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Sad0r at 15:42:49 on 2012-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12174.10114 [GMT 11:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Sad0r\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com.au/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveAutoRun = dword:32
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{01FD1468-EA1B-4F82-9C9E-7CC26212FDAF} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-12 16152]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-11-18 168096]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-8-31 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-4 277120]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-31 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-31 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 399432]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-11-18 143928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-31 363800]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-8-31 17152]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-22 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-8 16512]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-12 200488]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-12 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-12 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-12 787736]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-8-31 292968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 676936]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-11 57344]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-18 25928]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-31 565352]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-17 13:38:53168096----a-r-C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys
2012-11-17 13:38:52--------d-----w-C:\Windows\System32\drivers\NSTx64\7DD02000.012
2012-11-17 13:38:52--------d-----w-C:\Windows\System32\drivers\NSTx64
2012-11-17 13:38:51--------d-----w-C:\Program Files (x86)\Norton Identity Safe
2012-11-17 13:20:5725928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-17 13:20:57--------d-----w-C:\Program Files\Malwarebytes' Anti-Malware
2012-11-12 10:14:34--------d-----w-C:\Users\Sad0r\AppData\Local\Diagnostics
2012-11-05 05:30:42--------d-----w-C:\Program Files (x86)\iWisoft Free Video Downloader
2012-11-05 05:23:33758018----a-w-C:\Windows\SysWow64\xvidcore.dll
2012-11-05 05:23:33180224----a-w-C:\Windows\SysWow64\xvidvfw.dll
2012-11-05 05:23:33139264----a-w-C:\Windows\SysWow64\xvid.ax
2012-11-05 05:23:33--------d-----w-C:\Program Files (x86)\iWisoft Free Video Converter
2012-11-04 05:33:51--------d-----w-C:\Users\Sad0r\AppData\Local\CrashDumps
2012-10-29 14:06:56--------d-----w-C:\silentrunners
2012-10-25 15:28:54--------d-----w-C:\_OTM
2012-10-25 14:39:05--------d-----w-C:\Program Files\Registrar Registry Manager
2012-10-25 11:23:56--------d-----w-C:\Users\Sad0r\AppData\Local\NPE
2012-10-22 19:48:209291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2CF52C71-4E6F-4B46-8A8F-B8966A578E00}\mpengine.dll
2012-10-22 18:11:11--------d-----w-C:\Program Files (x86)\Common Files\Symantec Shared
2012-10-22 12:04:12--------d-----w-C:\ProgramData\Norton
2012-10-22 12:03:53--------d-----w-C:\ProgramData\NortonInstaller
2012-10-22 12:03:53--------d-----w-C:\Program Files (x86)\NortonInstaller
2012-10-22 11:37:40220242----a-w-C:\ProgramData\1350905593.bdinstall.bin
2012-10-22 11:24:12431568----a-w-C:\ProgramData\1350885310.bdinstall.bin
2012-10-21 04:32:03--------d-----w-C:\ProgramData\Kaspersky Lab
.
==================== Find3M ====================
.
2012-11-18 04:37:19380----a-w-C:\Users\Sad0r\AppData\Roaming\sp_data.sys
2012-10-15 18:49:14470508----a-w-C:\ProgramData\1350326436.bdinstall.bin
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-09-08 05:35:21348160----a-w-C:\Windows\SysWow64\msvcr71.dll
2012-09-08 05:35:211700352----a-w-C:\Windows\SysWow64\gdiplus.dll
2012-09-08 05:35:211060864----a-w-C:\Windows\SysWow64\mfc71.dll
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-08-31 10:43:3980512----a-w-C:\Windows\ASUS K5 Series ScreenSaver Uninstaller.exe
2012-08-31 10:43:313058304----a-w-C:\Windows\AsScrPro.exe
2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 15:43:04.07 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 31/08/2012 3:03:24 AM
System Uptime: 18/11/2012 12:29:53 PM (3 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K55A
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz | SOCKET 0 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 255 GiB total, 160.151 GiB free.
D: is FIXED (NTFS) - 419 GiB total, 418.558 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_14571043&REV_0A\89724418684CE00002
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_14571043&REV_0A\89724418684CE00002
Service:
.
==== System Restore Points ===================
.
RP78: 7/11/2012 3:00:11 AM - Windows Update
RP79: 8/11/2012 3:00:12 AM - Windows Update
RP80: 9/11/2012 3:00:10 AM - Windows Update
RP81: 9/11/2012 4:15:40 PM - Windows Update
RP82: 10/11/2012 3:00:10 AM - Windows Update
RP83: 13/11/2012 3:48:52 PM - Windows Update
RP84: 14/11/2012 3:00:10 AM - Windows Update
RP85: 15/11/2012 3:00:11 AM - Windows Update
RP86: 16/11/2012 3:00:13 AM - Windows Update
RP87: 17/11/2012 3:00:10 AM - Windows Update
RP88: 18/11/2012 3:00:12 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
ASUS AI Recovery
ASUS FaceLogon
ASUS K5 Series ScreenSaver
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS Virtual Touch
ASUS WebStorage
AsusVibe2.0
ATK Package
Bing Bar
CCleaner
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
DVD Decrypter (Remove Only)
ETDWare PS/2-X64 10.5.9.0
Fast Boot
FormatFactory 2.70
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Graboid Video 3.32
InstantOn for NB
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iWisoft Free Video Converter 1.2
iWisoft Free Video Downloader 2.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
Norton Identity Safe
PKR
Qualcomm Atheros WiFi Driver Installation
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Registrar Registry Manager 7.50
SceneSwitch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
ShowBiz DVD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 1.0.1
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
Wisdom-soft ScreenHunter 6.0 Free
.
==== Event Viewer Messages From Past Week ========
.
18/11/2012 3:37:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
18/11/2012 12:41:25 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
18/11/2012 12:41:02 AM, Error: volmgr [46] - Crash dump initialization failed!
.
==== End Of File ===========================
# AdwCleaner v2.008 - Logfile created 11/18/2012 at 16:11:52
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sad0r - SAD0R-PC
# Boot Mode : Normal
# Running from : C:\Users\Sad0r\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [553 octets] - [18/11/2012 16:11:52]
########## EOF - C:\AdwCleaner[S1].txt - [612 octets] ##########

ComboFix 12-11-16.02 - Sad0r 19/11/2012 22:23:03.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12174.10383 [GMT 11:00]
Running from: c:\users\Sad0r\Desktop\Com.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-3254260356-3574314768-983753981-1000\$RVN1D90.16385_none_1dd3ce8d1e7524cd\msdatt.dll
c:\program files (x86)\INSTALL.LOG
c:\programdata\1350326436.bdinstall.bin
c:\programdata\1350885310.bdinstall.bin
c:\programdata\1350905593.bdinstall.bin
c:\programdata\ntuser.dat
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 11:26 . 2012-11-19 11:26--------d-----w-c:\users\Public\AppData\Local\temp
2012-11-19 11:26 . 2012-11-19 11:26--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-17 13:38 . 2012-11-17 13:38--------d-----w-c:\windows\system32\drivers\NSTx64
2012-11-17 13:38 . 2012-11-17 13:38--------d-----w-c:\program files (x86)\Norton Identity Safe
2012-11-17 13:20 . 2012-11-17 13:20--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-11-17 13:20 . 2012-09-29 08:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-12 10:14 . 2012-11-12 10:14--------d-----w-c:\users\Sad0r\AppData\Local\Diagnostics
2012-11-05 05:30 . 2012-11-05 05:30--------d-----w-c:\program files (x86)\iWisoft Free Video Downloader
2012-11-05 05:23 . 2012-11-05 05:23--------d-----w-c:\program files (x86)\iWisoft Free Video Converter
2012-11-05 05:23 . 2009-09-29 09:57758018----a-w-c:\windows\SysWow64\xvidcore.dll
2012-11-05 05:23 . 2008-12-04 10:46180224----a-w-c:\windows\SysWow64\xvidvfw.dll
2012-11-05 05:23 . 2008-10-07 23:16139264----a-w-c:\windows\SysWow64\xvid.ax
2012-11-04 05:33 . 2012-11-07 13:25--------d-----w-c:\users\Sad0r\AppData\Local\CrashDumps
2012-10-29 14:06 . 2012-10-29 14:08--------d-----w-C:\silentrunners
2012-10-25 15:28 . 2012-10-25 15:28--------d-----w-C:\_OTM
2012-10-25 14:39 . 2012-10-26 11:35--------d-----w-c:\program files\Registrar Registry Manager
2012-10-25 11:23 . 2012-11-18 04:51--------d-----w-c:\users\Sad0r\AppData\Local\NPE
2012-10-22 19:48 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CF52C71-4E6F-4B46-8A8F-B8966A578E00}\mpengine.dll
2012-10-22 18:11 . 2012-11-19 11:16--------d-----w-c:\program files (x86)\Common Files\Symantec Shared
2012-10-22 12:04 . 2012-11-19 11:18--------d-----w-c:\programdata\Norton
2012-10-22 12:03 . 2012-11-19 11:18--------d-----w-c:\program files (x86)\NortonInstaller
2012-10-21 04:32 . 2012-10-21 04:32--------d-----w-c:\programdata\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 11:19 . 2012-08-30 17:03380----a-w-c:\users\Sad0r\AppData\Roaming\sp_data.sys
2012-10-29 21:01 . 2012-09-19 10:1648648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-29 21:01 . 2012-10-15 18:13336208----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-10-25 08:33 . 2012-10-15 18:1348648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-22 06:03 . 2012-09-19 10:16336208----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-27 13:18 . 2012-10-04 05:0765309168----a-w-c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-10 12:332048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:332048----a-w-c:\windows\SysWow64\tzres.dll
2012-09-08 05:35 . 2012-09-08 05:35348160----a-w-c:\windows\SysWow64\msvcr71.dll
2012-09-08 05:35 . 2012-09-08 05:351700352----a-w-c:\windows\SysWow64\gdiplus.dll
2012-09-08 05:35 . 2012-09-08 05:351060864----a-w-c:\windows\SysWow64\mfc71.dll
2012-08-31 18:19 . 2012-10-10 12:341659760----a-w-c:\windows\system32\drivers\ntfs.sys
2012-08-31 10:43 . 2012-08-31 10:4380512----a-w-c:\windows\ASUS K5 Series ScreenSaver Uninstaller.exe
2012-08-31 10:43 . 2012-08-31 10:433058304----a-w-c:\windows\AsScrPro.exe
2012-08-30 18:03 . 2012-10-10 12:345559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 12:343914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 12:333968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:04 . 2011-03-29 02:3619720----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-24 18:05 . 2012-10-10 12:33220160----a-w-c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 12:33172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-26 17:0017810944----a-w-c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-26 17:0010925568----a-w-c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-26 17:002312704----a-w-c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-26 17:001346048----a-w-c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-26 17:001392128----a-w-c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-26 17:001494528----a-w-c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-26 17:00237056----a-w-c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-26 17:0085504----a-w-c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-26 17:00173056----a-w-c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-26 17:00816640----a-w-c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-26 17:00599040----a-w-c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-26 17:002144768----a-w-c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-26 17:00729088----a-w-c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-26 17:0096768----a-w-c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-26 17:002382848----a-w-c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-26 17:00248320----a-w-c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-26 17:001800704----a-w-c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-26 17:001129472----a-w-c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-26 17:001427968----a-w-c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-26 17:00142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-26 17:00420864----a-w-c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-26 17:002382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 08:491913200----a-w-c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 08:49950128----a-w-c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 08:49376688----a-w-c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 08:49288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 01:15245760----a-w-c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-10-18 17:57498584----a-r-c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-18 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-06 17536]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-08 16512]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 292968]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3254260356-3574314768-983753981-1000Core.job
- c:\users\Sad0r\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 02:50]
.
2012-10-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-10-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com.au/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-77118655.sys
SafeBoot-95310364.sys
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-19 22:27:50
ComboFix-quarantined-files.txt 2012-11-19 11:27
ComboFix2.txt 2012-09-20 23:35
.
Pre-Run: 171,741,958,144 bytes free
Post-Run: 171,226,935,296 bytes free
.
- - End Of File - - 5E4364868D838EF217D48A15D9C1CABD

Hey DMJ, this line at the top I have also seen in my 2tb seagate hard drive (c:\$recycle.bin\S-1-5-21-3254260356-3574314768-983753981-1000\$RV.....) hidden away in a hidden recycle bin within another and I cant delete it as it just keeps saying access denied and even after changing permissions and deleting it just respawns so ill wait to see what you can see about these logs first and concentrate on the laptop before the HD, and I wont plug it in again either untill you say so. Long story short we had an infected laptop in the house and after trying to delete the virus manually the infected laptop self activated windows media player sharing and we literally watched the other 2 laptops in the house activate and join with the initial one so after giving up on the first and throwing it in a drawer to die we both noticed our 2 good LTs were joining still and everytime we turn them on they keep trying to install an unwanted network adapter so I reformated hers and it seems to be o.k so far but as I just bought this expensive one and have been reading about some new rootkit that even infects a machines MBR I thought I would let an expert have a look, and here we are.. so seek and DESTROY

Sorry for taking so long im working 17 hour shifts, it`ll be done by tomorrow night

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 21-11-2012 08:54:09
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [3331312 2012-02-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-06] (Intel Corporation)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-18] (ASUS)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

==================== Services (Whitelisted) ===================

2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-20] (ASUS)
2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll" /prefetch:1 [535416 2012-10-11] (Symantec Corporation)
2 NCO; "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll" /prefetch:1 [535416 2012-10-11] (Symantec Corporation)

==================== Drivers (Whitelisted) =====================

3 AiCharger; C:\Windows\System32\Drivers\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
3 AiCharger; C:\Windows\SysWow64\Drivers\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
3 AsusVBus; C:\Windows\System32\Drivers\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
3 AsusVTouch; C:\Windows\System32\Drivers\AsusVTouch.sys [16512 2011-11-07] (Windows (R) Win 7 DDK provider)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-06] (ASUS)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-16] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-11-16] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121119.001\IDSvia64.sys [513184 2012-11-18] (Symantec Corporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121119.022\ENG64.SYS [126112 2012-11-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121119.022\EX64.SYS [2084000 2012-11-16] (Symantec Corporation)
3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [292968 2012-02-01] (Realtek Semiconductor Corp.)
3 SRTSP; C:\Windows\system32\drivers\N360x64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS [37496 2012-09-06] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-11-19] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2012-09-06] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\N360x64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
3 catchme; \??\C:\Com\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-20 06:16 - 2012-11-20 06:16 - 01154548 ____A C:\Users\Sad0r\Desktop\bookmkkk_11_21_12.html
2012-11-19 09:45 - 2012-11-19 09:45 - 00001175 ____A C:\Users\Sad0r\Desktop\adsl.txt
2012-11-19 07:37 - 2012-11-20 13:49 - 00524288 ____A C:\Windows\System32\Ikeext.etl
2012-11-19 06:57 - 2012-11-19 08:49 - 00000000 ____D C:\Netgear
2012-11-19 04:14 - 2012-11-19 10:59 - 00002611 ____A C:\Users\Sad0r\Desktop\fillll.txt
2012-11-19 03:41 - 2012-09-06 18:05 - 00043680 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys
2012-11-19 03:35 - 2012-11-19 03:35 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-11-19 03:35 - 2012-11-19 03:35 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-11-19 03:35 - 2012-11-19 03:35 - 00000000 ____D C:\Program Files\Symantec
2012-11-19 03:35 - 2012-11-19 03:35 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-11-19 03:34 - 2012-11-19 03:34 - 00002393 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-11-19 03:34 - 2012-11-19 03:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-11-19 03:34 - 2012-11-19 03:34 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-11-19 03:27 - 2012-11-19 03:27 - 00018998 ____A C:\ComboFix.txt
2012-11-19 03:21 - 2012-11-19 03:27 - 00000000 ____D C:\Windows\erdnt
2012-11-19 03:21 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-19 03:21 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-19 03:21 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-19 03:21 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-19 03:21 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-19 03:21 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-19 03:21 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-19 03:21 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-19 03:10 - 2012-11-19 03:13 - 05002404 ____R (Swearware) C:\Users\Sad0r\Desktop\Com.exe
2012-11-17 21:11 - 2012-11-17 21:11 - 00000680 ____A C:\AdwCleaner[S1].txt
2012-11-17 20:58 - 2012-11-17 20:58 - 00000000 ____D C:\Users\Sad0r\Documents\Symantec
2012-11-17 20:54 - 2012-11-19 03:34 - 00001298 ____A C:\Users\Sad0r\Desktop\Norton Installation Files.lnk
2012-11-17 20:54 - 2012-11-17 20:54 - 00915464 ____A (Symantec Corporation) C:\Users\Sad0r\Desktop\N360Downloader.exe
2012-11-17 20:54 - 2012-11-17 20:54 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-11-17 20:43 - 2012-11-17 20:43 - 00017859 ____A C:\Users\Sad0r\Desktop\dds.txt
2012-11-17 20:43 - 2012-11-17 20:43 - 00005812 ____A C:\Users\Sad0r\Desktop\attach.txt
2012-11-17 05:38 - 2012-11-17 05:38 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
2012-11-17 05:38 - 2012-11-17 05:38 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2012-11-17 05:20 - 2012-11-17 05:20 - 00000916 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-17 05:20 - 2012-11-17 05:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-17 05:20 - 2012-09-29 00:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-17 05:18 - 2012-11-17 05:19 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Sad0r\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-17 05:15 - 2012-11-20 13:15 - 02154832 ____A C:\Windows\PFRO.log
2012-11-17 03:59 - 2012-11-17 03:59 - 01149813 ____A C:\Users\Sad0r\Desktop\bookmarksTT_17_12.html
2012-11-16 09:28 - 2012-11-16 09:29 - 00001483 ____A C:\Users\Sad0r\Documents\acpie.txt
2012-11-16 03:43 - 2012-11-16 03:43 - 00000365 ____A C:\Users\Sad0r\Desktop\Block_Autorun.inf_Files.reg
2012-11-16 03:43 - 2012-11-16 03:43 - 00000330 ____A C:\Users\Sad0r\Desktop\Unblock_Autorun.inf_Files.reg
2012-11-12 20:57 - 2012-11-12 20:57 - 03258000 ____A (BrightFort LLC ) C:\Users\Sad0r\Desktop\spup46.exe
2012-11-12 04:46 - 2012-11-12 04:46 - 00347424 ____A (Microsoft Corporation) C:\Users\Sad0r\Desktop\MicrosoftFixit.malware.Run.exe
2012-11-12 03:00 - 2012-11-12 03:00 - 01777664 ____A C:\Users\Sad0r\Desktop\MBSASetup-x64-EN.msi
2012-11-12 02:59 - 2012-11-12 02:59 - 17667616 ____A (Microsoft Corporation) C:\Users\Sad0r\Desktop\Win.exe
2012-11-11 09:38 - 2012-11-11 09:38 - 15140440 ____A (flashvideodownloader.org ) C:\Users\Sad0r\Downloads\fvdsuite_installer.exe
2012-11-11 09:38 - 2012-11-11 09:38 - 15140440 ____A (flashvideodownloader.org ) C:\Users\Sad0r\Documents\fvdsuite_installer.ext
2012-11-09 10:11 - 2012-11-20 13:34 - 00003100 ____A C:\Windows\setupact.log
2012-11-09 10:11 - 2012-11-09 10:11 - 00000000 ____A C:\Windows\setuperr.log
2012-11-09 10:09 - 2012-11-09 10:09 - 00062516 ____A C:\Users\Sad0r\Documents_1121009_180957.dmp
2012-11-09 10:09 - 2012-11-09 10:09 - 00000552 ____A C:\Users\Sad0r\Documents_1121009_180957_main.txt
2012-11-09 09:58 - 2012-11-09 09:58 - 00002846 ____A C:\Users\Sad0r\SEXXX.txt
2012-11-09 05:54 - 2012-11-09 05:54 - 00000025 ____A C:\Users\Sad0r\THE BEST EVER.txt
2012-11-07 05:29 - 2012-11-07 05:29 - 00005750 ____A C:\Users\Sad0r\Documents\cc_20121108_002907.reg
2012-11-07 05:29 - 2012-11-07 05:29 - 00001448 ____A C:\Users\Sad0r\Documents\cc_20121108_002939.reg
2012-11-06 08:20 - 2012-11-09 08:22 - 00000000 ____D C:\Users\Sad0r\Desktop\hott
2012-11-05 08:30 - 2012-11-05 08:30 - 00000061 ____A C:\Users\Sad0r\FFFFFF.txt
2012-11-05 07:30 - 2012-11-05 07:32 - 20345824 ____A (flashvideodownloader.org ) C:\Users\Sad0r\Downloads\fvdsuite-2.7.6-release.exe
2012-11-04 21:32 - 2012-11-04 21:32 - 00079393 ____A C:\Users\Sad0r\Documents_1121005_053236.dmp
2012-11-04 21:32 - 2012-11-04 21:32 - 00000471 ____A C:\Users\Sad0r\Documents_1121005_053236_main.txt
2012-11-04 21:31 - 2012-11-04 21:31 - 00080641 ____A C:\Users\Sad0r\Documents_1121005_053114.dmp
2012-11-04 21:31 - 2012-11-04 21:31 - 00000534 ____A C:\Users\Sad0r\Documents_1121005_053114_main.txt
2012-11-04 21:30 - 2012-11-04 21:30 - 00001085 ____A C:\Users\Sad0r\Desktop\iWisoft Free Video Downloader.lnk
2012-11-04 21:30 - 2012-11-04 21:30 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2012-11-04 21:26 - 2012-11-04 21:27 - 03127375 ____A (www.iwisoft.com ) C:\Users\Sad0r\Documents\flashvideodownloader.exe
2012-11-04 21:23 - 2012-11-20 05:18 - 00000000 ____D C:\Users\Sad0r\Documents\iWisoft Free Video Converter
2012-11-04 21:23 - 2012-11-19 14:31 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Converter
2012-11-04 21:23 - 2012-11-04 21:23 - 00001075 ____A C:\Users\Sad0r\Desktop\iWisoft Free Video Converter.lnk
2012-11-04 21:23 - 2009-09-29 01:57 - 00758018 ____A C:\Windows\SysWOW64\xvidcore.dll
2012-11-04 21:23 - 2008-12-04 02:46 - 00180224 ____A C:\Windows\SysWOW64\xvidvfw.dll
2012-11-04 21:23 - 2008-10-07 15:16 - 00139264 ____A (http://www.xvid.org) C:\Windows\SysWOW64\xvid.ax
2012-11-04 21:20 - 2012-11-04 21:21 - 09120817 ____A (www.easy-video-converter.com ) C:\Users\Sad0r\Documents\videoconverter.exe
2012-11-03 21:33 - 2012-11-19 08:28 - 00000000 ____D C:\Users\Sad0r\AppData\Local\CrashDumps
2012-11-03 09:06 - 2012-11-03 09:06 - 00000512 ____A C:\Users\Sad0r\Desktop\MBR.dat
2012-11-03 07:50 - 2012-11-03 07:50 - 00448512 ____A (OldTimer Tools) C:\Users\Sad0r\Desktop\TFC.exe
2012-10-29 07:06 - 2012-10-29 07:06 - 00655360 ____A C:\Users\Sad0r\Desktop\MicrosoftFixit50471.msi
2012-10-29 06:47 - 2012-11-06 01:44 - 00000000 ____D C:\Users\Sad0r\Desktop\crapola
2012-10-29 06:06 - 2012-10-29 06:08 - 00000000 ____D C:\silentrunners
2012-10-29 05:50 - 2012-10-29 05:57 - 00000336 ____A C:\Users\Sad0r\silent.txt
2012-10-29 05:30 - 2012-10-29 05:30 - 00002549 ____A C:\Users\Sad0r\xxx.txt
2012-10-29 04:32 - 2012-10-29 04:32 - 00000987 ____A C:\Users\Sad0r\MUD.txt
2012-10-28 08:33 - 2012-10-28 08:33 - 00001407 ____A C:\Users\Sad0r\GYYYY.txt
2012-10-28 03:41 - 2012-10-28 03:41 - 00000000 ____A C:\Windows\System32\remote_PC.csv
2012-10-25 21:11 - 2012-10-25 21:11 - 00000026 ____A C:\Users\Sad0r\AMOLD.txt
2012-10-25 10:51 - 2012-10-25 10:51 - 00000764 ____A C:\Users\Sad0r\quir.txt
2012-10-25 07:40 - 2012-10-25 07:40 - 00000035 ____A C:\Users\Sad0r\hookd.txt
2012-10-25 07:28 - 2012-10-25 07:28 - 00000000 ____D C:\_OTM
2012-10-25 07:21 - 2012-10-25 07:21 - 00000391 ____A C:\Users\Sad0r\reddd.txt
2012-10-25 07:12 - 2012-10-25 07:12 - 00000035 ____A C:\Users\Sad0r\convo.txt
2012-10-25 06:39 - 2012-10-26 03:35 - 00000000 ____D C:\Program Files\Registrar Registry Manager
2012-10-25 06:39 - 2012-10-25 06:42 - 00001057 ____A C:\Users\Sad0r\Desktop\Registrar Registry Manager.lnk
2012-10-25 06:00 - 2012-10-25 06:00 - 00000042 ____A C:\Users\Sad0r\conh.txt
2012-10-25 04:39 - 2012-10-25 04:39 - 00000093 ____A C:\Users\Sad0r\dri.txt
2012-10-25 03:59 - 2012-10-25 04:40 - 00000157 ____A C:\Users\Sad0r\DRIVE.txt
2012-10-25 03:23 - 2012-11-17 20:51 - 00000000 ____D C:\Users\Sad0r\AppData\Local\NPE
2012-10-25 02:51 - 2012-10-25 02:51 - 02957840 ____A (Symantec Corporation) C:\Users\Sad0r\Desktop\Nuts.exe
2012-10-23 05:45 - 2012-10-23 05:45 - 00005768 ____A C:\Users\Sad0r\Documents\cc_20121024_004532.reg
2012-10-23 05:40 - 2012-10-23 05:40 - 00001151 ____A C:\Users\Sad0r\sum.txt
2012-10-22 20:32 - 2012-10-23 03:37 - 00015255 ____A C:\Users\Sad0r\mee.txt
2012-10-22 04:09 - 2012-10-22 04:09 - 00000635 ____A C:\Users\Sad0r\nor.txt
2012-10-22 04:04 - 2012-11-19 03:37 - 00000000 ____D C:\Users\All Users\Norton


==================== One Month Modified Files and Folders =======

2012-11-21 08:53 - 2012-11-21 08:53 - 00000000 ____D C:\FRST
2012-11-20 13:49 - 2012-11-19 07:37 - 00524288 ____A C:\Windows\System32\Ikeext.etl
2012-11-20 13:49 - 2012-10-21 03:44 - 01868064 ____A C:\Windows\WindowsUpdate.log
2012-11-20 13:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-11-20 13:42 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-20 13:42 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-20 13:39 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-20 13:36 - 2012-08-30 09:03 - 00000380 ____A C:\Users\Sad0r\AppData\Roaming\sp_data.sys
2012-11-20 13:34 - 2012-11-09 10:11 - 00003100 ____A C:\Windows\setupact.log
2012-11-20 13:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-20 13:15 - 2012-11-17 05:15 - 02154832 ____A C:\Windows\PFRO.log
2012-11-20 06:17 - 2012-09-08 06:47 - 00000000 ____D C:\Users\Sad0r\AppData\Roaming\vlc
2012-11-20 06:16 - 2012-11-20 06:16 - 01154548 ____A C:\Users\Sad0r\Desktop\bookmkkk_11_21_12.html
2012-11-20 05:29 - 2012-09-06 00:06 - 00000000 ____D C:\Users\Sad0r\Documents\FFOutput
2012-11-20 05:28 - 2012-09-22 05:48 - 00000000 ____D C:\Users\Sad0r\Documents\iWisoft Free Video Downloader
2012-11-20 05:18 - 2012-11-04 21:23 - 00000000 ____D C:\Users\Sad0r\Documents\iWisoft Free Video Converter
2012-11-19 14:31 - 2012-11-04 21:23 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Converter
2012-11-19 12:18 - 2012-09-26 10:10 - 00000000 ____D C:\Users\Sad0r\Documents\My Albums
2012-11-19 10:59 - 2012-11-19 04:14 - 00002611 ____A C:\Users\Sad0r\Desktop\fillll.txt
2012-11-19 10:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-19 09:45 - 2012-11-19 09:45 - 00001175 ____A C:\Users\Sad0r\Desktop\adsl.txt
2012-11-19 08:49 - 2012-11-19 06:57 - 00000000 ____D C:\Netgear
2012-11-19 08:28 - 2012-11-03 21:33 - 00000000 ____D C:\Users\Sad0r\AppData\Local\CrashDumps
2012-11-19 03:37 - 2012-10-22 04:04 - 00000000 ____D C:\Users\All Users\Norton
2012-11-19 03:35 - 2012-11-19 03:35 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-11-19 03:35 - 2012-11-19 03:35 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-11-19 03:35 - 2012-11-19 03:35 - 00000000 ____D C:\Program Files\Symantec
2012-11-19 03:35 - 2012-11-19 03:35 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-11-19 03:34 - 2012-11-19 03:34 - 00002393 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-11-19 03:34 - 2012-11-19 03:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-11-19 03:34 - 2012-11-19 03:34 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-11-19 03:34 - 2012-11-17 20:54 - 00001298 ____A C:\Users\Sad0r\Desktop\Norton Installation Files.lnk
2012-11-19 03:27 - 2012-11-19 03:27 - 00018998 ____A C:\ComboFix.txt
2012-11-19 03:27 - 2012-11-19 03:21 - 00000000 ____D C:\Windows\erdnt
2012-11-19 03:27 - 2012-09-20 15:30 - 00000000 ____D C:\Qoobox
2012-11-19 03:26 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-19 03:13 - 2012-11-19 03:10 - 05002404 ____R (Swearware) C:\Users\Sad0r\Desktop\Com.exe
2012-11-17 21:11 - 2012-11-17 21:11 - 00000680 ____A C:\AdwCleaner[S1].txt
2012-11-17 20:58 - 2012-11-17 20:58 - 00000000 ____D C:\Users\Sad0r\Documents\Symantec
2012-11-17 20:54 - 2012-11-17 20:54 - 00915464 ____A (Symantec Corporation) C:\Users\Sad0r\Desktop\N360Downloader.exe
2012-11-17 20:54 - 2012-11-17 20:54 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-11-17 20:51 - 2012-10-25 03:23 - 00000000 ____D C:\Users\Sad0r\AppData\Local\NPE
2012-11-17 20:43 - 2012-11-17 20:43 - 00017859 ____A C:\Users\Sad0r\Desktop\dds.txt
2012-11-17 20:43 - 2012-11-17 20:43 - 00005812 ____A C:\Users\Sad0r\Desktop\attach.txt
2012-11-17 05:53 - 2012-08-31 02:43 - 00001783 ____A C:\Windows\System32\ServiceFilter.ini
2012-11-17 05:38 - 2012-11-17 05:38 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
2012-11-17 05:38 - 2012-11-17 05:38 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2012-11-17 05:20 - 2012-11-17 05:20 - 00000916 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-17 05:20 - 2012-11-17 05:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-17 05:19 - 2012-11-17 05:18 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Sad0r\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-17 03:59 - 2012-11-17 03:59 - 01149813 ____A C:\Users\Sad0r\Desktop\bookmarksTT_17_12.html
2012-11-16 09:29 - 2012-11-16 09:28 - 00001483 ____A C:\Users\Sad0r\Documents\acpie.txt
2012-11-16 03:43 - 2012-11-16 03:43 - 00000365 ____A C:\Users\Sad0r\Desktop\Block_Autorun.inf_Files.reg
2012-11-16 03:43 - 2012-11-16 03:43 - 00000330 ____A C:\Users\Sad0r\Desktop\Unblock_Autorun.inf_Files.reg
2012-11-15 21:17 - 2012-09-25 18:50 - 00002487 ____A C:\Users\Sad0r\Desktop\Google Chrome.lnk
2012-11-12 20:57 - 2012-11-12 20:57 - 03258000 ____A (BrightFort LLC ) C:\Users\Sad0r\Desktop\spup46.exe
2012-11-12 04:46 - 2012-11-12 04:46 - 00347424 ____A (Microsoft Corporation) C:\Users\Sad0r\Desktop\MicrosoftFixit.malware.Run.exe
2012-11-12 03:00 - 2012-11-12 03:00 - 01777664 ____A C:\Users\Sad0r\Desktop\MBSASetup-x64-EN.msi
2012-11-12 02:59 - 2012-11-12 02:59 - 17667616 ____A (Microsoft Corporation) C:\Users\Sad0r\Desktop\Win.exe
2012-11-11 09:38 - 2012-11-11 09:38 - 15140440 ____A (flashvideodownloader.org ) C:\Users\Sad0r\Downloads\fvdsuite_installer.exe
2012-11-11 09:38 - 2012-11-11 09:38 - 15140440 ____A (flashvideodownloader.org ) C:\Users\Sad0r\Documents\fvdsuite_installer.ext
2012-11-09 10:11 - 2012-11-09 10:11 - 00000000 ____A C:\Windows\setuperr.log
2012-11-09 10:09 - 2012-11-09 10:09 - 00062516 ____A C:\Users\Sad0r\Documents_1121009_180957.dmp
2012-11-09 10:09 - 2012-11-09 10:09 - 00000552 ____A C:\Users\Sad0r\Documents_1121009_180957_main.txt
2012-11-09 10:09 - 2012-08-30 09:03 - 00000000 ____D C:\users\Sad0r
2012-11-09 09:58 - 2012-11-09 09:58 - 00002846 ____A C:\Users\Sad0r\SEXXX.txt
2012-11-09 08:22 - 2012-11-06 08:20 - 00000000 ____D C:\Users\Sad0r\Desktop\hott
2012-11-09 05:54 - 2012-11-09 05:54 - 00000025 ____A C:\Users\Sad0r\THE BEST EVER.txt
2012-11-09 04:19 - 2012-09-17 05:21 - 00000000 ___SD C:\Users\Sad0r\Documents\Passwords Database
2012-11-07 05:29 - 2012-11-07 05:29 - 00005750 ____A C:\Users\Sad0r\Documents\cc_20121108_002907.reg
2012-11-07 05:29 - 2012-11-07 05:29 - 00001448 ____A C:\Users\Sad0r\Documents\cc_20121108_002939.reg
2012-11-06 01:44 - 2012-10-29 06:47 - 00000000 ____D C:\Users\Sad0r\Desktop\crapola
2012-11-05 08:30 - 2012-11-05 08:30 - 00000061 ____A C:\Users\Sad0r\FFFFFF.txt
2012-11-05 07:32 - 2012-11-05 07:30 - 20345824 ____A (flashvideodownloader.org ) C:\Users\Sad0r\Downloads\fvdsuite-2.7.6-release.exe
2012-11-04 21:32 - 2012-11-04 21:32 - 00079393 ____A C:\Users\Sad0r\Documents_1121005_053236.dmp
2012-11-04 21:32 - 2012-11-04 21:32 - 00000471 ____A C:\Users\Sad0r\Documents_1121005_053236_main.txt
2012-11-04 21:31 - 2012-11-04 21:31 - 00080641 ____A C:\Users\Sad0r\Documents_1121005_053114.dmp
2012-11-04 21:31 - 2012-11-04 21:31 - 00000534 ____A C:\Users\Sad0r\Documents_1121005_053114_main.txt
2012-11-04 21:30 - 2012-11-04 21:30 - 00001085 ____A C:\Users\Sad0r\Desktop\iWisoft Free Video Downloader.lnk
2012-11-04 21:30 - 2012-11-04 21:30 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2012-11-04 21:27 - 2012-11-04 21:26 - 03127375 ____A (www.iwisoft.com ) C:\Users\Sad0r\Documents\flashvideodownloader.exe
2012-11-04 21:23 - 2012-11-04 21:23 - 00001075 ____A C:\Users\Sad0r\Desktop\iWisoft Free Video Converter.lnk
2012-11-04 21:21 - 2012-11-04 21:20 - 09120817 ____A (www.easy-video-converter.com ) C:\Users\Sad0r\Documents\videoconverter.exe
2012-11-04 02:29 - 2012-08-31 02:42 - 00000000 ____D C:\Users\All Users\P4G
2012-11-04 02:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-11-03 09:06 - 2012-11-03 09:06 - 00000512 ____A C:\Users\Sad0r\Desktop\MBR.dat
2012-11-03 07:50 - 2012-11-03 07:50 - 00448512 ____A (OldTimer Tools) C:\Users\Sad0r\Desktop\TFC.exe
2012-11-02 01:59 - 2012-09-08 06:27 - 00000000 ____D C:\Users\Sad0r\AppData\Local\Graboid
2012-10-29 07:06 - 2012-10-29 07:06 - 00655360 ____A C:\Users\Sad0r\Desktop\MicrosoftFixit50471.msi
2012-10-29 06:08 - 2012-10-29 06:06 - 00000000 ____D C:\silentrunners
2012-10-29 05:57 - 2012-10-29 05:50 - 00000336 ____A C:\Users\Sad0r\silent.txt
2012-10-29 05:30 - 2012-10-29 05:30 - 00002549 ____A C:\Users\Sad0r\xxx.txt
2012-10-29 04:32 - 2012-10-29 04:32 - 00000987 ____A C:\Users\Sad0r\MUD.txt
2012-10-28 08:33 - 2012-10-28 08:33 - 00001407 ____A C:\Users\Sad0r\GYYYY.txt
2012-10-28 03:41 - 2012-10-28 03:41 - 00000000 ____A C:\Windows\System32\remote_PC.csv
2012-10-26 03:35 - 2012-10-25 06:39 - 00000000 ____D C:\Program Files\Registrar Registry Manager
2012-10-25 21:11 - 2012-10-25 21:11 - 00000026 ____A C:\Users\Sad0r\AMOLD.txt
2012-10-25 10:51 - 2012-10-25 10:51 - 00000764 ____A C:\Users\Sad0r\quir.txt
2012-10-25 07:40 - 2012-10-25 07:40 - 00000035 ____A C:\Users\Sad0r\hookd.txt
2012-10-25 07:28 - 2012-10-25 07:28 - 00000000 ____D C:\_OTM
2012-10-25 07:21 - 2012-10-25 07:21 - 00000391 ____A C:\Users\Sad0r\reddd.txt
2012-10-25 07:12 - 2012-10-25 07:12 - 00000035 ____A C:\Users\Sad0r\convo.txt
2012-10-25 06:42 - 2012-10-25 06:39 - 00001057 ____A C:\Users\Sad0r\Desktop\Registrar Registry Manager.lnk
2012-10-25 06:00 - 2012-10-25 06:00 - 00000042 ____A C:\Users\Sad0r\conh.txt
2012-10-25 04:40 - 2012-10-25 03:59 - 00000157 ____A C:\Users\Sad0r\DRIVE.txt
2012-10-25 04:39 - 2012-10-25 04:39 - 00000093 ____A C:\Users\Sad0r\dri.txt
2012-10-25 02:51 - 2012-10-25 02:51 - 02957840 ____A (Symantec Corporation) C:\Users\Sad0r\Desktop\Nuts.exe
2012-10-23 05:45 - 2012-10-23 05:45 - 00005768 ____A C:\Users\Sad0r\Documents\cc_20121024_004532.reg
2012-10-23 05:40 - 2012-10-23 05:40 - 00001151 ____A C:\Users\Sad0r\sum.txt
2012-10-23 03:37 - 2012-10-22 20:32 - 00015255 ____A C:\Users\Sad0r\mee.txt
2012-10-22 04:09 - 2012-10-22 04:09 - 00000635 ____A C:\Users\Sad0r\nor.txt
2012-10-22 03:38 - 2012-10-15 10:41 - 00000000 ____D C:\Program Files\Bitdefender
2012-10-22 03:37 - 2012-10-15 10:40 - 00000000 ____D C:\Program Files\Common Files\Bitdefender

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-09 08:00:19
Restore point made on: 2012-11-12 20:49:03
Restore point made on: 2012-11-13 08:00:22
Restore point made on: 2012-11-14 08:00:23
Restore point made on: 2012-11-15 08:00:43
Restore point made on: 2012-11-16 08:00:19
Restore point made on: 2012-11-17 08:00:22
Restore point made on: 2012-11-18 08:00:20
Restore point made on: 2012-11-19 08:00:23
Restore point made on: 2012-11-20 13:00:44

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 12173.91 MB
Available physical RAM: 11257.16 MB
Total Pagefile: 12172.06 MB
Available Pagefile: 11246.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:254.72 GB) (Free:192.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:419.18 GB) (Free:418.56 GB) NTFS
3 Drive e: (first) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B *

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 200 MB 1024 KB
Partition 2 Reserved 128 MB 201 MB
Partition 3 Primary 254 GB 329 MB
Partition 4 Primary 419 GB 255 GB
Partition 5 Recovery 24 GB 674 GB

==================================================================================

Disk: 0
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 SYSTEM FAT32 Partition 200 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 254 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 419 GB Healthy

=========================================================

Disk: 0
Partition 5
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X8000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Recovery NTFS Partition 24 GB Healthy Hidden

=========================================================

Last Boot: 2012-11-14 08:39

==================== End Of Log =============================

Sorry DMG after running farbar it was as if a devil was unleashed comp slowed down froze, went offline and locked me out of half my files so I ran kaspersky scanning tool from drive and found a heur.backdoor.trojan.win32.generic which everywhere ive read says that it is very new and one of the worst yet rendering most systems dead within a couple of weeks. Well at the moment I have and now cannot install any antivirus ive tried bar one been dr web cureit through stealth mode but within hours was mashed to bits playing up with files corrupted and missing and after having to remove manually through the registry in safe mode as computer completely froze on every boot now I cant connect because my browser keeps saying access restricted so am writing from phone. I will try to get back online tonight and if I can what do you suggest cause this is way past my level?????

Well after nearly 500 key, data and binary deletions later I`m back online and will never install Dr web cureit again!!!!!! anyway I downloaded the larest combofix and ran it but the first time it ran it came to a point saying folder deletions c:\x\ cannot find batch file and just froze for 2 hours so I closed then ran again and it went fine though I often wonder does that mean it has been compromised but her are those latter logs.

ComboFix 12-11-23.02 - Sad0r 25/11/2012 0:30.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12174.10206 [GMT 11:00]
Running from: c:\users\Sad0r\Desktop\x.exe
AV: Dr.Web Security Space *Disabled/Updated* {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
SP: Dr.Web Security Space *Disabled/Updated* {13A08056-4630-4D73-AD50-7760EEADD551}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\x
c:\x\d-del2b.dat
c:\x\ErrTrap1
c:\x\N_\11335
c:\x\N_\2867
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 13:32 . 2012-11-24 13:32--------d-----w-c:\users\Sad0r\AppData\Local\temp
2012-11-23 11:58 . 2012-11-23 11:59--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-11-23 11:58 . 2012-09-29 08:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-23 11:31 . 2012-11-23 11:31--------d-----w-c:\users\Sad0r\AppData\Roaming\SUPERAntiSpyware.com
2012-11-23 11:31 . 2012-11-23 11:31--------d-----w-c:\program files\SUPERAntiSpyware
2012-11-23 11:31 . 2012-11-23 11:31--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-11-23 06:47 . 2012-11-23 06:47--------d-----w-c:\users\Sad0r\AppData\Roaming\addpcs
2012-11-23 06:47 . 2012-11-23 06:47--------d-----w-c:\program files\Temp File Cleaner
2012-11-23 06:27 . 2012-11-23 08:31--------d-----w-c:\programdata\F-Secure
2012-11-21 16:53 . 2012-11-21 16:53--------d-----w-C:\FRST
2012-11-21 04:34 . 2012-11-21 04:34--------d-----w-c:\program files (x86)\UltraISO
2012-11-21 04:34 . 2012-11-21 04:34--------d-----w-c:\program files (x86)\Common Files\EZB Systems
2012-11-19 14:57 . 2012-11-19 16:49--------d-----w-C:\Netgear
2012-11-12 10:14 . 2012-11-19 14:49--------d-----w-c:\users\Sad0r\AppData\Local\Diagnostics
2012-11-05 05:30 . 2012-11-05 05:30--------d-----w-c:\program files (x86)\iWisoft Free Video Downloader
2012-11-05 05:23 . 2012-11-19 22:31--------d-----w-c:\program files (x86)\iWisoft Free Video Converter
2012-11-05 05:23 . 2009-09-29 09:57758018----a-w-c:\windows\SysWow64\xvidcore.dll
2012-11-05 05:23 . 2008-12-04 10:46180224----a-w-c:\windows\SysWow64\xvidvfw.dll
2012-11-05 05:23 . 2008-10-07 23:16139264----a-w-c:\windows\SysWow64\xvid.ax
2012-11-04 05:33 . 2012-11-23 18:06--------d-----w-c:\users\Sad0r\AppData\Local\CrashDumps
2012-10-29 14:06 . 2012-11-23 19:02--------d-----w-C:\silentrunners
2012-10-25 15:28 . 2012-10-25 15:28--------d-----w-C:\_OTM
2012-10-25 14:39 . 2012-10-26 11:35--------d-----w-c:\program files\Registrar Registry Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-24 11:40 . 2012-08-30 17:03380----a-w-c:\users\Sad0r\AppData\Roaming\sp_data.sys
2012-10-29 21:01 . 2012-09-19 10:1648648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-29 21:01 . 2012-10-15 18:13336208----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-10-25 08:33 . 2012-10-15 18:1348648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-22 06:03 . 2012-09-19 10:16336208----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-12 07:19 . 2012-10-22 19:489291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CF52C71-4E6F-4B46-8A8F-B8966A578E00}\mpengine.dll
2012-09-27 13:18 . 2012-10-04 05:0765309168----a-w-c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-10 12:332048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:332048----a-w-c:\windows\SysWow64\tzres.dll
2012-09-08 05:35 . 2012-09-08 05:35348160----a-w-c:\windows\SysWow64\msvcr71.dll
2012-09-08 05:35 . 2012-09-08 05:351700352----a-w-c:\windows\SysWow64\gdiplus.dll
2012-09-08 05:35 . 2012-09-08 05:351060864----a-w-c:\windows\SysWow64\mfc71.dll
2012-08-31 18:19 . 2012-10-10 12:341659760----a-w-c:\windows\system32\drivers\ntfs.sys
2012-08-31 10:43 . 2012-08-31 10:4380512----a-w-c:\windows\ASUS K5 Series ScreenSaver Uninstaller.exe
2012-08-31 10:43 . 2012-08-31 10:433058304----a-w-c:\windows\AsScrPro.exe
2012-08-30 18:03 . 2012-10-10 12:345559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 12:343914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 12:333968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:04 . 2011-03-29 02:3619720----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-18 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-06 17536]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-08 16512]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-02-20 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys [2012-02-01 292968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23 17:22]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23 17:22]
.
2012-10-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-10-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-11-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 87ad0517-321a-4540-b518-2b1ca9882ddf.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a5e493d9-23ae-4292-a764-805c38619a57.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-25 00:33:23
ComboFix-quarantined-files.txt 2012-11-24 13:33
ComboFix2.txt 2012-11-23 15:02
ComboFix3.txt 2012-11-19 11:27
ComboFix4.txt 2012-09-20 23:35
.
Pre-Run: 217,451,196,416 bytes free
Post-Run: 217,389,674,496 bytes free
.
- - End Of File - - AB9B4938F0570E903B04F0EDFC8351CB
this is also the text file left from the combo run that froze if it helps

ComboFix-quarantined-files.txt
2012-11-24 11:54:46 . 2012-11-24 11:54:46 8 ----a-w- C:\Qoobox\Quarantine\C\x\d-del2b.dat.vir
2012-11-24 11:54:46 . 2012-11-24 11:54:46 28 ----a-w- C:\Qoobox\Quarantine\C\x\N_\2867.vir
2012-11-24 11:54:46 . 2012-11-24 11:54:46 275 ----a-w- C:\Qoobox\Quarantine\C\x\N_\11335.vir
2012-11-24 11:53:55 . 2012-11-24 11:53:55 0 ----a-w- C:\Qoobox\Quarantine\C\x\BitsPath.vir
2012-11-24 11:53:53 . 2012-11-24 11:53:53 739 ----a-w- C:\Qoobox\Quarantine\C\x\BitsStr.vir
2012-11-24 11:53:32 . 2012-11-24 11:53:32 0 ----a-w- C:\Qoobox\Quarantine\C\x\BHOFiles.dat.vir
2012-11-24 11:53:32 . 2012-11-24 11:53:32 0 ----a-w- C:\Qoobox\Quarantine\C\x\BHO.dat.vir
2012-11-24 11:53:32 . 2012-11-24 11:53:32 575 ----a-w- C:\Qoobox\Quarantine\C\x\BHOQuery.dat.vir
2012-11-24 11:53:27 . 2012-11-24 11:53:27 0 ----a-w- C:\Qoobox\Quarantine\C\x\catch_k.dat.vir
2012-11-24 11:52:11 . 2012-11-24 11:54:46 606 ----a-w- C:\Qoobox\Quarantine\C\x\ErrTrap1.vir
2012-11-24 11:51:55 . 2012-11-24 11:51:55 1,504 ----a-w- C:\Qoobox\Quarantine\C\x\borlander_file.dat.tmp.vir
2012-11-24 11:51:55 . 2012-11-24 11:51:55 439 ----a-w- C:\Qoobox\Quarantine\C\x\borlander_folder.dat.tmp.vir
2012-11-24 11:51:55 . 2012-11-24 11:51:55 436,854 ----a-w- C:\Qoobox\Quarantine\C\x\attr.dat.tmp.vir
2012-11-24 11:51:39 . 2012-11-19 11:22:30 123 ----a-w- C:\Qoobox\Quarantine\C\x\AppData.folder.dat.vir
2012-11-24 11:51:39 . 2012-11-19 11:22:30 228 ----a-w- C:\Qoobox\Quarantine\C\x\Cache.folder.dat.vir
2012-11-24 11:51:35 . 2012-11-24 11:52:13 105 ----a-w- C:\Qoobox\Quarantine\C\x\CCS.bat.vir
2012-11-24 11:51:35 . 2012-11-24 11:51:35 0 ----a-w- C:\Qoobox\Quarantine\C\x\c.mrk.vir
2012-11-24 11:51:35 . 2010-11-20 13:24:34 345,088 ----a-w- C:\Qoobox\Quarantine\C\x\CF7265.3XE.vir
2012-11-24 11:51:34 . 2009-07-14 01:38:55 18,432 ----a-w- C:\Qoobox\Quarantine\C\x\ATTRIB.3XE.vir
2012-11-19 11:27:12 . 2012-11-19 11:27:12 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-95310364.sys.reg.dat
2012-11-19 11:27:12 . 2012-11-19 11:27:12 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-77118655.sys.reg.dat
2012-11-19 11:25:36 . 2012-11-24 13:31:32 9,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-11-05 14:27:56 . 2012-11-24 11:51:36 56,252 ----a-w- C:\Qoobox\Quarantine\C\x\023.dat.vir
2012-11-02 10:54:10 . 2012-11-02 10:54:10 65,604 ----a-w- C:\Qoobox\Quarantine\C\x\c.bat.vir
2012-10-22 11:37:40 . 2012-10-22 11:37:40 220,242 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1350905593.bdinstall.bin.vir
2012-10-22 11:24:12 . 2012-10-22 11:24:12 431,568 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1350885310.bdinstall.bin.vir
2012-10-15 18:49:14 . 2012-10-15 18:49:14 470,508 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1350326436.bdinstall.bin.vir
2012-10-15 18:32:19 . 2012-10-15 18:32:19 262,144 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat.vir
2012-09-21 15:10:02 . 2012-09-21 15:10:04 2,035 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\INSTALL.LOG.vir
2012-09-20 23:34:35 . 2012-09-20 23:34:35 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ETDCtrl.reg.dat
2012-09-20 23:34:35 . 2012-11-19 11:27:15 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-09-20 23:34:30 . 2012-09-20 23:34:30 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-97384014.sys.reg.dat
2012-09-20 23:34:30 . 2012-09-20 23:34:30 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-08657672.sys.reg.dat
2012-09-20 23:34:30 . 2012-09-20 23:34:30 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-00705352.sys.reg.dat
2012-09-20 23:34:25 . 2012-11-24 13:32:40 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-09-20 23:30:09 . 2012-11-24 13:29:48 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-09-11 14:47:32 . 2012-09-11 14:47:32 5,343 ----a-w- C:\Qoobox\Quarantine\C\x\Boot-Rk.cmd.vir
2012-06-07 10:56:40 . 2012-06-07 10:56:40 4,638 ----a-w- C:\Qoobox\Quarantine\C\x\av.cmd.vir
2012-02-10 18:12:14 . 2012-02-10 18:12:14 690 ----a-w- C:\Qoobox\Quarantine\C\x\ActiveDrv.vbs.vir
2012-01-18 01:43:20 . 2012-01-18 01:43:20 348,160 ----a-w- C:\Qoobox\Quarantine\C\Windows\msvcr71.dll.vir
2012-01-03 09:27:24 . 2012-01-03 09:27:24 40,960 ----a-w- C:\Qoobox\Quarantine\C\x\BFE.dat.vir
2011-11-19 09:14:26 . 2011-11-19 09:14:26 8,400 ----a-w- C:\Qoobox\Quarantine\C\x\Boot.bat.vir
2011-06-26 15:16:00 . 2011-06-26 15:16:00 666 ----a-w- C:\Qoobox\Quarantine\C\x\AWF.cmd.vir
2010-12-15 15:02:06 . 2010-12-15 15:02:06 2,933 ----a-w- C:\Qoobox\Quarantine\C\x\av.vbs.vir
2010-11-26 19:07:20 . 2010-11-26 19:07:20 2,181 ----a-w- C:\Qoobox\Quarantine\C\x\023v.dat.vir
2010-10-21 08:45:48 . 2010-10-21 08:45:48 1,080 ----a-w- C:\Qoobox\Quarantine\C\x\Catch-sub.cmd.vir
2010-07-27 08:55:16 . 2010-07-27 08:55:16 875 ----a-w- C:\Qoobox\Quarantine\C\x\BootDrv.vbs.vir
2010-04-15 14:11:36 . 2010-04-15 14:11:36 4,144 ----a-w- C:\Qoobox\Quarantine\C\x\Assoc.cmd.vir
2010-02-12 17:55:28 . 2010-02-12 17:55:28 660 ----a-w- C:\Qoobox\Quarantine\C\x\023w7.dat.vir
2009-07-13 15:09:30 . 2009-07-13 15:09:30 602 ----a-w- C:\Qoobox\Quarantine\C\x\asp.str.vir
2009-04-17 09:37:10 . 2009-04-17 09:37:10 147,456 ----a-w- C:\Qoobox\Quarantine\C\x\catchme.3XE.vir
2000-08-31 00:00:00 . 2000-08-31 00:00:00 6,760 ----a-w- C:\Qoobox\Quarantine\C\x\appinit.bad.vir

Hey DMJ, not trying to rush you at all I`m just new to this so not sure what happens even though I have read all the rules e.t.c. So I can wait as long as you need I was just not sure if you were still helping me as I had made some changes of my own which as I read is understandably a "no no" but only did because I did not know what to do as my laptop became almost unusable and had no way of even logging on anymore, not out of any disrespect I can assure you!! So I`ll wait for further instruction and follow to the dot.. Thanks again

Should this be in safe or normal mode?

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f230948e045746419c43a7c6942e92ed
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-27 12:45:54
# local_time=2012-11-27 11:45:54 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 6615 105606339 0 0
# compatibility_mode=8192 67108863 100 0 444 444 0 0
# scanned=121115
# found=0
# cleaned=0
# scan_time=4265
nothing

Hey can I post a log I found, I`m not sure where it comes from actually I must have ran something before a contacted you but I think it may be useful as its pretty in depth?