TechSpot

"Windows has encountered a critical problem and will restart in 3 minutes"

Inactive
By Ausnp84
Dec 23, 2012
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Farbar Recovery Scan Tool

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  2. Ausnp84

    Ausnp84 TS Rookie Topic Starter

    Howdy,

    Thanks for coming back so quickly.

    Result of the logs below:

    FRST LOG /start
    ==========
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
    Ran by SYSTEM at 16-08-2012 20:20:26
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-12] (Synaptics Incorporated)
    HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6234144 2010-03-13] (Realtek Semiconductor)
    HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-16] (Sun Microsystems, Inc.)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x]
    HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [29696 2006-09-18] (Cyberlink Corp.)
    HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" [49152 2006-09-29] ()
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-01-25] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    HKU\Nathan\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    HKU\Nathan\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
    HKU\Nathan\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    SubSystems: [Windows] ATTENTION! ====> ZeroAccess
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Launcher.lnk
    ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk
    ShortcutTarget: PHOTOfunSTUDIO 5.0 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
    ==================== Services (Whitelisted) ===================
    2 Crypkey License; crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.)
    2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
    2 OrangeMobileBroadband_Service; C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [334792 2011-06-01] ()
    2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
    4 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [x]
    ==================== Drivers (Whitelisted) =====================
    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [138752 2012-06-16] (Huawei Technologies Co., Ltd.)
    3 ewusbnet; C:\Windows\SysWow64\Drivers\ewusbnet.sys [138752 2012-06-16] (Huawei Technologies Co., Ltd.)
    3 ew_hwusbdev; C:\Windows\SysWow64\Drivers\ew_hwusbdev.sys [117248 2012-06-16] (Huawei Technologies Co., Ltd.)
    3 ew_usbenumfilter; C:\Windows\SysWow64\Drivers\ew_usbenumfilter.sys [13952 2012-06-16] (Huawei Technologies Co., Ltd.)
    1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-13] ()
    0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-07] (Trusteer Ltd.)
    2 sentemul; C:\Windows\SysWow64\Drivers\sentemul.sys [11812 2003-03-24] ()
    3 Sentinel; C:\Windows\SysWow64\Drivers\Sentinel.sys [73216 1999-07-19] ()
    1 NetworkX; C:\Windows\system32\ckldrv.sys [x]
    1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
    1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Users\All Users\ESET
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Program Files\ESET
    2012-11-04 02:34 - 2012-11-04 02:34 - 00000000 ____A C:\Windows\setuperr.log
    2012-11-04 02:34 - 2012-08-01 10:59 - 00000728 ____A C:\Windows\setupact.log
    2012-10-30 13:24 - 2012-10-30 13:24 - 15054390 ____A C:\Users\Nathan\Desktop\Bel Line Diag.bmp
    2012-09-30 09:36 - 2012-10-09 11:38 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-09-30 08:50 - 2012-09-30 08:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-09-30 08:45 - 2012-09-30 08:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-09-30 08:43 - 2012-11-25 01:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-30 08:43 - 2012-09-30 08:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\Macromedia
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-28 03:45 - 2012-10-09 10:48 - 00000087 ____A C:\Users\Nathan\Desktop\To Do 2.txt
    2012-09-10 21:45 - 2012-09-10 21:45 - 00000000 ____D C:\Users\Nathan\Downloads\Stereophonics - Decade in the Sun (2008)
    2012-09-06 14:11 - 2012-09-06 14:11 - 00154188 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-09-04 01:06 - 2012-09-09 18:46 - 00000493 ____A C:\Users\Nathan\Desktop\2013.txt
    2012-09-03 16:11 - 2012-09-09 18:46 - 00001582 ____A C:\Users\Nathan\Desktop\All_time_tracks.txt
    2012-09-02 13:41 - 2012-10-09 10:48 - 00000376 ____A C:\Users\Nathan\Desktop\To Do.txt
    2012-08-22 11:30 - 2012-08-22 11:30 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-08-16 20:18 - 2012-08-16 20:18 - 00000000 ____D C:\FRST
    2012-08-02 09:08 - 2012-08-05 05:28 - 00000000 ____D C:\Users\Nathan\Desktop\New folder (2)
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\InstallShield
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Local\Panasonic
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\All Users\Panasonic
    2012-07-30 11:51 - 2007-06-21 15:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
    2012-07-30 11:51 - 2007-06-21 15:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
    2012-07-30 11:51 - 2006-10-30 15:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
    2012-07-30 11:51 - 2006-10-30 15:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
    2012-07-30 11:51 - 2006-10-19 15:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
    2012-07-30 11:51 - 2006-10-19 15:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
    2012-07-30 11:51 - 2005-05-31 15:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
    2012-07-30 11:46 - 2012-07-30 11:46 - 00002170 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0 HD Edition.lnk
    2012-07-30 11:46 - 2010-09-28 10:24 - 00144864 ____A (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
    2012-07-30 11:46 - 2010-09-28 10:24 - 00058848 ____A (B.H.A Corporation) C:\Windows\SysWOW64\GenSvcInst.exe
    2012-07-30 11:46 - 2006-08-25 05:36 - 00039208 ____A (B.H.A Corporation) C:\Windows\System32\Drivers\cdrbsdrv.sys
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files (x86)\Panasonic
    2012-07-30 11:44 - 2012-07-30 11:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2012-07-29 10:52 - 2012-07-29 11:05 - 00000000 ____D C:\Users\Nathan\Desktop\Invoices
    ==================== One Month Modified Files and Folders =======
    2012-11-25 01:36 - 2012-09-30 08:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-24 08:50 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-23 12:19 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-23 12:19 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-17 03:22 - 2010-10-24 08:09 - 00355442 ____A C:\Windows\PFRO.log
    2012-11-17 03:22 - 2010-10-24 05:08 - 00000000 ____D C:\Program Files (x86)\Eset
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Users\All Users\ESET
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Program Files\ESET
    2012-11-16 10:33 - 2011-07-18 09:23 - 00000012 ____A C:\Users\All Users\ReminderNextRun
    2012-11-04 02:34 - 2012-11-04 02:34 - 00000000 ____A C:\Windows\setuperr.log
    2012-11-03 07:48 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-03 00:15 - 2010-11-26 09:37 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype
    2012-10-30 13:24 - 2012-10-30 13:24 - 15054390 ____A C:\Users\Nathan\Desktop\Bel Line Diag.bmp
    2012-10-19 23:47 - 2012-06-16 22:54 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\OrangeMobileBroadband
    2012-10-12 11:20 - 2010-10-24 05:10 - 00000000 ____D C:\Users\Nathan\AppData\Local\Adobe
    2012-10-09 11:38 - 2012-09-30 09:36 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-10-09 11:38 - 2012-07-12 12:24 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-09 11:38 - 2011-10-03 11:01 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-09 10:48 - 2012-09-28 03:45 - 00000087 ____A C:\Users\Nathan\Desktop\To Do 2.txt
    2012-10-09 10:48 - 2012-09-02 13:41 - 00000376 ____A C:\Users\Nathan\Desktop\To Do.txt
    2012-10-06 23:37 - 2011-02-10 11:06 - 00000144 ____A C:\Users\All Users\MagicPlayDVD.ini
    2012-09-30 08:51 - 2012-09-30 08:50 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-09-30 08:45 - 2012-09-30 08:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-09-30 08:43 - 2012-09-30 08:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\Macromedia
    2012-09-30 08:43 - 2010-05-16 10:37 - 00000000 ____D C:\Users\All Users\Adobe
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-30 08:33 - 2011-10-25 10:31 - 00001094 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-30 08:33 - 2010-10-24 04:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-28 03:32 - 2010-10-21 09:34 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\BitTorrent
    2012-09-17 11:14 - 2012-06-23 06:06 - 00000000 ____D C:\Users\All Users\Video Strip Poker Supreme
    2012-09-10 21:45 - 2012-09-10 21:45 - 00000000 ____D C:\Users\Nathan\Downloads\Stereophonics - Decade in the Sun (2008)
    2012-09-09 18:46 - 2012-09-04 01:06 - 00000493 ____A C:\Users\Nathan\Desktop\2013.txt
    2012-09-09 18:46 - 2012-09-03 16:11 - 00001582 ____A C:\Users\Nathan\Desktop\All_time_tracks.txt
    2012-09-07 02:07 - 2011-01-25 10:07 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
    2012-09-06 14:11 - 2012-09-06 14:11 - 00154188 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-08-27 18:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-08-25 22:32 - 2011-04-26 11:49 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\WinFF
    2012-08-22 11:30 - 2012-08-22 11:30 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-08-22 11:30 - 2010-11-26 09:37 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-08-22 11:30 - 2010-11-26 09:36 - 00000000 ____D C:\Users\All Users\Skype
    2012-08-22 10:01 - 2010-11-26 09:38 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\skypePM
    2012-08-16 20:18 - 2012-08-16 20:18 - 00000000 ____D C:\FRST
    2012-08-05 10:55 - 2010-05-16 10:58 - 00000000 ____D C:\Users\All Users\CyberLink
    2012-08-05 05:28 - 2012-08-02 09:08 - 00000000 ____D C:\Users\Nathan\Desktop\New folder (2)
    2012-08-01 18:50 - 2010-10-24 05:16 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-08-01 18:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2012-08-01 18:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-08-01 10:59 - 2012-11-04 02:34 - 00000728 ____A C:\Windows\setupact.log
    2012-08-01 10:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-01 10:53 - 2010-06-19 21:45 - 01270426 ____A C:\Windows\WindowsUpdate.log
    2012-08-01 10:52 - 2010-10-20 08:49 - 00000000 ____D C:\users\Nathan
    2012-07-31 10:37 - 2009-07-13 20:45 - 00352264 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\InstallShield
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Local\Panasonic
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\All Users\Panasonic
    2012-07-30 11:51 - 2010-10-20 08:55 - 00090392 ____A C:\Users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-30 11:46 - 2012-07-30 11:46 - 00002170 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0 HD Edition.lnk
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files (x86)\Panasonic
    2012-07-30 11:45 - 2010-05-16 09:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-07-30 11:44 - 2012-07-30 11:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2012-07-30 11:44 - 2010-05-16 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-07-29 11:05 - 2012-07-29 10:52 - 00000000 ____D C:\Users\Nathan\Desktop\Invoices

    ZeroAccess:
    C:\Windows\assembly\temp
    C:\Windows\assembly\temp\@
    C:\Windows\assembly\temp\cfg.ini
    C:\Windows\assembly\temp\L
    C:\Windows\assembly\temp\U
    C:\Windows\assembly\temp\L\00000004.@
    C:\Windows\assembly\temp\L\201d3dde
    C:\Windows\assembly\temp\U\00000001.@
    C:\Windows\assembly\temp\U\00000002.@
    C:\Windows\assembly\temp\U\00000004.@
    C:\Windows\assembly\temp\U\000000c0.@
    C:\Windows\assembly\temp\U\000000cb.@
    C:\Windows\assembly\temp\U\000000cf.@
    C:\Windows\assembly\temp\U\80000000.@
    C:\Windows\assembly\temp\U\80000004.@
    C:\Windows\assembly\temp\U\80000032.@
    C:\Windows\assembly\temp\U\80000064.@
    C:\Windows\assembly\temp\U\800000c0.@
    C:\Windows\assembly\temp\U\800000cb.@
    C:\Windows\assembly\temp\U\800000cf.@
    ZeroAccess:
    c:\Windows\System32\consrv.dll
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1425057868-2842774435-2894805428-1000\$2a7c3d4ae2032b5f98ac7377eef0e8f3
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-11-25 01:38:36
    Restore point made on: 2012-11-30 23:53:54
    Restore point made on: 2012-12-08 03:28:39
    ==================== Memory info ===========================
    Percentage of memory in use: 30%
    Total physical RAM: 1909.86 MB
    Available physical RAM: 1324.08 MB
    Total Pagefile: 1909.86 MB
    Available Pagefile: 1317.88 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:48.83 GB) (Free:2.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Data) (Fixed) (Total:170.2 GB) (Free:73.31 GB) NTFS
    3 Drive e: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (MAN_ON_FIRE) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
    5 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    6 Drive h: (RECOVERY) (Fixed) (Total:13.56 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    7 Drive I: () (Removable) (Total:0.49 GB) (Free:0.45 GB) FAT
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 3072 KB *
    Disk 1 Online 502 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Dynamic Data 199 MB 1024 KB
    Partition 2 Dynamic Data 48 GB 200 MB
    Partition 3 Dynamic Data 13 GB 219 GB
    Partition 4 Dynamic Data 103 MB 232 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 42
    Hidden: Yes
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E SYSTEM NTFS Simple 199 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 42
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Simple 48 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 42
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 H RECOVERY NTFS Simple 13 GB Healthy
    =========================================================
    Disk: 0
    Partition 4
    Type : 42
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G HP_TOOLS FAT32 Simple 103 MB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 501 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT Removable 501 MB Healthy
    =========================================================
    Last Boot: 2012-12-08 03:21
    ==================== End Of Log =============================
    FRST LOG /end

    Search.txt / start
    =============
    Farbar Recovery Scan Tool (x64) Version: 23-12-2012 01
    Ran by SYSTEM at 2012-08-16 20:26:56
    Running from I:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\system64\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
    Search.txt/end
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    Post new FRST log, please, also. :)
     
  4. Ausnp84

    Ausnp84 TS Rookie Topic Starter

    Thanks for coming back so quickly.

    Instructions run as requested; logs below. I did restart and run Windows normally, but now it displays needing to restart after one minute.

    start FRST/log
    ===========
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
    Ran by SYSTEM at 17-08-2012 12:35:50
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-12] (Synaptics Incorporated)
    HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6234144 2010-03-13] (Realtek Semiconductor)
    HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-16] (Sun Microsystems, Inc.)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x]
    HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [29696 2006-09-18] (Cyberlink Corp.)
    HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" [49152 2006-09-29] ()
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-01-25] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    HKU\Nathan\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
    HKU\Nathan\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
    HKU\Nathan\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\Nathan\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [692152 2012-10-09] (Adobe Systems Incorporated)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    SubSystems: [Windows] ATTENTION! ====> ZeroAccess
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Launcher.lnk
    ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0 HD Edition.lnk
    ShortcutTarget: PHOTOfunSTUDIO 5.0 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
    ==================== Services (Whitelisted) ===================
    2 Crypkey License; crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.)
    2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
    2 OrangeMobileBroadband_Service; C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [334792 2011-06-01] ()
    2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
    2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [x]
    ==================== Drivers (Whitelisted) =====================
    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [138752 2012-06-16] (Huawei Technologies Co., Ltd.)
    3 ewusbnet; C:\Windows\SysWow64\Drivers\ewusbnet.sys [138752 2012-06-16] (Huawei Technologies Co., Ltd.)
    3 ew_hwusbdev; C:\Windows\SysWow64\Drivers\ew_hwusbdev.sys [117248 2012-06-16] (Huawei Technologies Co., Ltd.)
    3 ew_usbenumfilter; C:\Windows\SysWow64\Drivers\ew_usbenumfilter.sys [13952 2012-06-16] (Huawei Technologies Co., Ltd.)
    0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-07] (Trusteer Ltd.)
    2 sentemul; C:\Windows\SysWow64\Drivers\sentemul.sys [11812 2003-03-24] ()
    3 Sentinel; C:\Windows\SysWow64\Drivers\Sentinel.sys [73216 1999-07-19] ()
    1 NetworkX; C:\Windows\system32\ckldrv.sys [x]
    1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [x]
    1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
    1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Users\All Users\ESET
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Program Files\ESET
    2012-11-04 02:34 - 2012-11-04 02:34 - 00000000 ____A C:\Windows\setuperr.log
    2012-11-04 02:34 - 2012-08-17 03:34 - 00001578 ____A C:\Windows\setupact.log
    2012-10-30 13:24 - 2012-10-30 13:24 - 15054390 ____A C:\Users\Nathan\Desktop\Bel Line Diag.bmp
    2012-09-30 09:36 - 2012-10-09 11:38 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-09-30 08:50 - 2012-09-30 08:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-09-30 08:45 - 2012-09-30 08:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-09-30 08:43 - 2012-11-25 01:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-30 08:43 - 2012-09-30 08:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\Macromedia
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-28 03:45 - 2012-10-09 10:48 - 00000087 ____A C:\Users\Nathan\Desktop\To Do 2.txt
    2012-09-10 21:45 - 2012-09-10 21:45 - 00000000 ____D C:\Users\Nathan\Downloads\Stereophonics - Decade in the Sun (2008)
    2012-09-06 14:11 - 2012-09-06 14:11 - 00154188 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-09-04 01:06 - 2012-09-09 18:46 - 00000493 ____A C:\Users\Nathan\Desktop\2013.txt
    2012-09-03 16:11 - 2012-09-09 18:46 - 00001582 ____A C:\Users\Nathan\Desktop\All_time_tracks.txt
    2012-09-02 13:41 - 2012-10-09 10:48 - 00000376 ____A C:\Users\Nathan\Desktop\To Do.txt
    2012-08-22 11:30 - 2012-08-22 11:30 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-08-17 11:28 - 2012-08-17 11:28 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-08-16 20:18 - 2012-08-16 20:18 - 00000000 ____D C:\FRST
    2012-08-02 09:08 - 2012-08-05 05:28 - 00000000 ____D C:\Users\Nathan\Desktop\New folder (2)
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\InstallShield
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Local\Panasonic
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\All Users\Panasonic
    2012-07-30 11:51 - 2007-06-21 15:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
    2012-07-30 11:51 - 2007-06-21 15:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
    2012-07-30 11:51 - 2006-10-30 15:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
    2012-07-30 11:51 - 2006-10-30 15:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
    2012-07-30 11:51 - 2006-10-19 15:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
    2012-07-30 11:51 - 2006-10-19 15:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
    2012-07-30 11:51 - 2005-05-31 15:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat
    2012-07-30 11:51 - 2004-03-02 21:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
    2012-07-30 11:46 - 2012-07-30 11:46 - 00002170 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0 HD Edition.lnk
    2012-07-30 11:46 - 2010-09-28 10:24 - 00144864 ____A (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
    2012-07-30 11:46 - 2010-09-28 10:24 - 00058848 ____A (B.H.A Corporation) C:\Windows\SysWOW64\GenSvcInst.exe
    2012-07-30 11:46 - 2006-08-25 05:36 - 00039208 ____A (B.H.A Corporation) C:\Windows\System32\Drivers\cdrbsdrv.sys
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files (x86)\Panasonic
    2012-07-30 11:44 - 2012-07-30 11:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2012-07-29 10:52 - 2012-07-29 11:05 - 00000000 ____D C:\Users\Nathan\Desktop\Invoices
    ==================== One Month Modified Files and Folders =======
    2012-11-25 01:36 - 2012-09-30 08:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-23 12:19 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-23 12:19 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-17 03:22 - 2010-10-24 08:09 - 00355442 ____A C:\Windows\PFRO.log
    2012-11-17 03:22 - 2010-10-24 05:08 - 00000000 ____D C:\Program Files (x86)\Eset
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Users\All Users\ESET
    2012-11-16 23:13 - 2012-11-16 23:13 - 00000000 ____D C:\Program Files\ESET
    2012-11-16 10:33 - 2011-07-18 09:23 - 00000012 ____A C:\Users\All Users\ReminderNextRun
    2012-11-04 02:34 - 2012-11-04 02:34 - 00000000 ____A C:\Windows\setuperr.log
    2012-11-03 07:48 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-03 00:15 - 2010-11-26 09:37 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype
    2012-10-30 13:24 - 2012-10-30 13:24 - 15054390 ____A C:\Users\Nathan\Desktop\Bel Line Diag.bmp
    2012-10-19 23:47 - 2012-06-16 22:54 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\OrangeMobileBroadband
    2012-10-12 11:20 - 2010-10-24 05:10 - 00000000 ____D C:\Users\Nathan\AppData\Local\Adobe
    2012-10-09 11:38 - 2012-09-30 09:36 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-10-09 11:38 - 2012-07-12 12:24 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-09 11:38 - 2011-10-03 11:01 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-09 10:48 - 2012-09-28 03:45 - 00000087 ____A C:\Users\Nathan\Desktop\To Do 2.txt
    2012-10-09 10:48 - 2012-09-02 13:41 - 00000376 ____A C:\Users\Nathan\Desktop\To Do.txt
    2012-10-06 23:37 - 2011-02-10 11:06 - 00000144 ____A C:\Users\All Users\MagicPlayDVD.ini
    2012-09-30 08:51 - 2012-09-30 08:50 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-09-30 08:45 - 2012-09-30 08:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-09-30 08:43 - 2012-09-30 08:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\Macromedia
    2012-09-30 08:43 - 2010-05-16 10:37 - 00000000 ____D C:\Users\All Users\Adobe
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-30 08:33 - 2012-09-30 08:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-30 08:33 - 2011-10-25 10:31 - 00001094 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-30 08:33 - 2010-10-24 04:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-28 03:32 - 2010-10-21 09:34 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\BitTorrent
    2012-09-17 11:14 - 2012-06-23 06:06 - 00000000 ____D C:\Users\All Users\Video Strip Poker Supreme
    2012-09-10 21:45 - 2012-09-10 21:45 - 00000000 ____D C:\Users\Nathan\Downloads\Stereophonics - Decade in the Sun (2008)
    2012-09-09 18:46 - 2012-09-04 01:06 - 00000493 ____A C:\Users\Nathan\Desktop\2013.txt
    2012-09-09 18:46 - 2012-09-03 16:11 - 00001582 ____A C:\Users\Nathan\Desktop\All_time_tracks.txt
    2012-09-07 02:07 - 2011-01-25 10:07 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
    2012-09-06 14:11 - 2012-09-06 14:11 - 00154188 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-08-27 18:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-08-25 22:32 - 2011-04-26 11:49 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\WinFF
    2012-08-22 11:30 - 2012-08-22 11:30 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-08-22 11:30 - 2010-11-26 09:37 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-08-22 11:30 - 2010-11-26 09:36 - 00000000 ____D C:\Users\All Users\Skype
    2012-08-22 10:01 - 2010-11-26 09:38 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\skypePM
    2012-08-17 11:28 - 2012-08-17 11:28 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-08-17 03:34 - 2012-11-04 02:34 - 00001578 ____A C:\Windows\setupact.log
    2012-08-17 03:33 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-17 03:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-16 20:18 - 2012-08-16 20:18 - 00000000 ____D C:\FRST
    2012-08-05 10:55 - 2010-05-16 10:58 - 00000000 ____D C:\Users\All Users\CyberLink
    2012-08-05 05:28 - 2012-08-02 09:08 - 00000000 ____D C:\Users\Nathan\Desktop\New folder (2)
    2012-08-01 18:50 - 2010-10-24 05:16 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-08-01 18:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2012-08-01 18:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-08-01 10:53 - 2010-06-19 21:45 - 01270426 ____A C:\Windows\WindowsUpdate.log
    2012-08-01 10:52 - 2010-10-20 08:49 - 00000000 ____D C:\users\Nathan
    2012-07-31 10:37 - 2009-07-13 20:45 - 00352264 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\InstallShield
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\Nathan\AppData\Local\Panasonic
    2012-07-30 11:51 - 2012-07-30 11:51 - 00000000 ____D C:\Users\All Users\Panasonic
    2012-07-30 11:51 - 2010-10-20 08:55 - 00090392 ____A C:\Users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-30 11:46 - 2012-07-30 11:46 - 00002170 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0 HD Edition.lnk
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2012-07-30 11:45 - 2012-07-30 11:45 - 00000000 ____D C:\Program Files (x86)\Panasonic
    2012-07-30 11:45 - 2010-05-16 09:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-07-30 11:44 - 2012-07-30 11:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2012-07-30 11:44 - 2010-05-16 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-07-29 11:05 - 2012-07-29 10:52 - 00000000 ____D C:\Users\Nathan\Desktop\Invoices

    ZeroAccess:
    C:\Windows\assembly\temp
    C:\Windows\assembly\temp\@
    C:\Windows\assembly\temp\cfg.ini
    C:\Windows\assembly\temp\L
    C:\Windows\assembly\temp\U
    C:\Windows\assembly\temp\L\00000004.@
    C:\Windows\assembly\temp\L\201d3dde
    C:\Windows\assembly\temp\U\00000001.@
    C:\Windows\assembly\temp\U\00000002.@
    C:\Windows\assembly\temp\U\00000004.@
    C:\Windows\assembly\temp\U\000000c0.@
    C:\Windows\assembly\temp\U\000000cb.@
    C:\Windows\assembly\temp\U\000000cf.@
    C:\Windows\assembly\temp\U\80000000.@
    C:\Windows\assembly\temp\U\80000004.@
    C:\Windows\assembly\temp\U\80000032.@
    C:\Windows\assembly\temp\U\80000064.@
    C:\Windows\assembly\temp\U\800000c0.@
    C:\Windows\assembly\temp\U\800000cb.@
    C:\Windows\assembly\temp\U\800000cf.@
    ZeroAccess:
    c:\Windows\System32\consrv.dll
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1425057868-2842774435-2894805428-1000\$2a7c3d4ae2032b5f98ac7377eef0e8f3
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-11-25 01:38:36
    Restore point made on: 2012-11-30 23:53:54
    Restore point made on: 2012-12-08 03:28:39
    ==================== Memory info ===========================
    Percentage of memory in use: 31%
    Total physical RAM: 1909.86 MB
    Available physical RAM: 1314.35 MB
    Total Pagefile: 1909.86 MB
    Available Pagefile: 1302.8 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:48.83 GB) (Free:2.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Data) (Fixed) (Total:170.2 GB) (Free:73.31 GB) NTFS
    3 Drive e: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (MAN_ON_FIRE) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
    5 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    6 Drive h: (RECOVERY) (Fixed) (Total:13.56 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    7 Drive I: () (Removable) (Total:0.49 GB) (Free:0.45 GB) FAT
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 3072 KB *
    Disk 1 Online 502 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Dynamic Data 199 MB 1024 KB
    Partition 2 Dynamic Data 48 GB 200 MB
    Partition 3 Dynamic Data 13 GB 219 GB
    Partition 4 Dynamic Data 103 MB 232 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 42
    Hidden: Yes
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E SYSTEM NTFS Simple 199 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 42
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Simple 48 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 42
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 H RECOVERY NTFS Simple 13 GB Healthy
    =========================================================
    Disk: 0
    Partition 4
    Type : 42
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G HP_TOOLS FAT32 Simple 103 MB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 501 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT Removable 501 MB Healthy
    =========================================================
    Last Boot: 2012-12-08 03:21
    ==================== End Of Log =============================
    ===========
    end FRST/log

    start fixlog/log
    ==========
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
    Ran by SYSTEM at 2012-08-17 11:28:08 Run:1
    Running from I:\
    ==============================================
    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.
    ==== End of Fixlog ====
    ==========
    end fixlog/log

    nathan
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  6. Ausnp84

    Ausnp84 TS Rookie Topic Starter

    Combifix run; has stayed up ok for the past 20 mins without a restart. Log below - will restart now and see if it hangs together.

    What is this malware that my machine's picked up? And what is the best program for keeping it at bay? Appreciate your assistance with this.

    Combifix Log /start
    ==============
    ComboFix 12-12-23.01 - Nathan 24/12/2012 14:19:18.2.2 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1910.886 [GMT 0:00]
    Running from: c:\users\Nathan\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\consrv.dll
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-24 14:25 . 2012-12-24 14:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-12-24 14:25 . 2012-12-24 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 19:38 . 2012-07-12 20:24 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 19:38 . 2011-10-03 19:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 19:38 . 2012-09-30 17:36 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
    "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    Launcher.lnk - c:\program files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe [2012-6-17 510920]
    PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-7-30 170480]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe"
    .
    R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [x]
    R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
    R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
    R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
    R2 sentemul;sentemul;c:\windows\system32\drivers\sentemul.sys [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-06-17 117248]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-06-17 13952]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-06-17 138752]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-06-17 91136]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-06-17 85504]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-14 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-07 101688]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
    S2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [2011-06-02 334792]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 14:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
    "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
    "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-16 172032]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\cnidrqro.default\
    FF - ExtSQL: !HIDDEN! 2010-11-29 18:58; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-HPAdvisorDock - c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
    Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0043\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\bgsvcgen.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-24 14:43:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-24 14:42
    .
    Pre-Run: 2,213,580,800 bytes free
    Post-Run: 1,834,164,224 bytes free
    .
    - - End Of File - - 0113B480DF8CAAB360C15550C3993DEE
    =============
    Combifix Log /end
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    The only ways for keeping "ZeroAccess" at bay, is to have good internet security protection, update your plugins (Adobe Flash Player, Java Runtime Environment, Adobe Reader, etc.), and maintain a clean browsing experience.

    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.