Solved Win64/Patched.A.Gen trojan :( please help me remove

[Liam Bell]

Hi there, I have just ran my Eset NOD32 this virus was found and also the Eset pop-up comes up sometime with the same info.

Please help me.

I also have AntiMalwareBytes installed and it did not find it when I scanned if that helps

Many thanks

Liam

 

[Jay Pfoutz]

Hello, and welcome back to TechSpot.

Please stick around this time.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[Liam Bell]

Hi, thanks. Here are the logs you asked for.

Here is the malwarebytes log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Liam :: LIAM-PC [administrator]

2/12/2012 8:30:33 a.m.
mbam-log-2012-12-02 (08-30-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225311
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Liam Bell]

And the dds log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Liam at 8:47:07 on 2012-12-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.8044.5323 [GMT 13:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B12952E7-C9CE-432B-A29C-D5EB3E6441CD} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-4 28992]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-10-5 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-10-5 141920]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-4 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-4 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-4 676936]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-4 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-19 52264]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-1 411688]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-4 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-4-12 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-4-12 181760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-4 1431888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-9-17 13368]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-9-13 105816]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-4 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2012-11-30 07:17:33--------d-----w-C:\ProgramData\Windows Codecs
2012-11-30 07:17:24--------d-----w-C:\Program Files (x86)\Mega Codec Pack
2012-11-29 05:50:32--------d-----w-C:\ProgramData\Blizzard
2012-11-29 04:33:049125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{514EB171-A5F4-4127-972B-519CE6FE8401}\mpengine.dll
2012-11-16 06:23:462560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 06:23:459728----a-w-C:\Windows\System32\Wdfres.dll
2012-11-16 06:23:45785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 06:23:4554376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 06:13:55678912----a-w-C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-11-16 06:13:55499200----a-w-C:\Program Files\Internet Explorer\jsdbgui.dll
2012-11-16 06:13:55387584----a-w-C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-11-16 06:13:54887296----a-w-C:\Program Files\Internet Explorer\iedvtool.dll
2012-11-16 06:10:1787040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 06:10:17198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 06:10:1684992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-11-16 06:10:16194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-11-16 06:10:14744448----a-w-C:\Windows\System32\WUDFx.dll
2012-11-16 06:10:1445056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 06:10:14229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-11-15 05:57:5918944----a-w-C:\Windows\SysWow64\netevent.dll
2012-11-15 05:57:5918944----a-w-C:\Windows\System32\netevent.dll
2012-11-15 05:57:1295744----a-w-C:\Windows\System32\synceng.dll
2012-11-15 05:57:1178336----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-13 06:18:37--------d-----w-C:\Users\Liam\AppData\Local\Darksiders
2012-11-13 05:41:34--------d-----w-C:\Program Files (x86)\Darksiders
.
==================== Find3M ====================
.
2012-11-01 08:52:5075928----a-w-C:\Windows\System32\drivers\dc3d.sys
2012-11-01 08:52:501795952----a-w-C:\Windows\System32\WdfCoInstaller01011.dll
2012-10-21 20:55:5373656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-21 20:55:53696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-05 04:04:11971360----a-w-C:\Windows\System32\drivers\timntr.sys
2012-10-05 04:04:07210016----a-w-C:\Windows\System32\drivers\vididr.sys
2012-10-05 04:04:05275552----a-w-C:\Windows\System32\drivers\snapman.sys
2012-10-05 04:04:05141920----a-w-C:\Windows\System32\drivers\vsflt53.sys
2012-10-04 08:58:151640768----a-w-C:\Windows\System32\nvvsvc.exe
2012-10-04 08:58:145160256----a-w-C:\Windows\System32\nvsvc64.dll
2012-10-04 08:58:143074368----a-w-C:\Windows\System32\nvsvcr.dll
2012-10-04 08:58:13137536----a-w-C:\Windows\System32\nvshext.dll
2012-10-04 08:58:12222528----a-w-C:\Windows\System32\nvmctray.dll
2012-10-04 08:58:11540992----a-w-C:\Windows\System32\nvhotkey.dll
2012-10-04 08:58:0010428736----a-w-C:\Windows\System32\nvcpl.dll
2012-10-04 07:55:0991648----a-w-C:\Windows\System32\SetIEInstalledDate.exe
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 06:54:2625928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-28 09:32:082177688----a-w-C:\Windows\System32\coin92.dll
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-09-12 18:14:18237400----a-w-C:\Windows\System32\drivers\VBoxDrv.sys
2012-09-12 18:13:42131416----a-w-C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-09-12 18:13:26146264----a-w-C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-09-12 18:13:26119640----a-w-C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-09-12 18:13:26105816----a-w-C:\Windows\System32\drivers\VBoxUSB.sys
2012-09-12 18:13:24203608----a-w-C:\Windows\System32\VBoxNetFltNobj.dll
.
============= FINISH: 8:47:44.23 ===============

 

[Liam Bell]

And the attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2012 7:58:28 p.m.
System Uptime: 30/11/2012 2:01:55 p.m. (42 hours ago)
.
Motherboard: Acer | | JE50_HR
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU1 | 780/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 543.689 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP44: 13/11/2012 7:13:19 p.m. - Installed Microsoft Visual C++ 2005 Redistributable
RP45: 14/11/2012 3:59:12 a.m. - Windows Update
RP46: 16/11/2012 7:07:43 p.m. - Windows Update
RP47: 21/11/2012 4:46:11 p.m. - Windows Update
RP48: 29/11/2012 5:32:35 p.m. - Windows Update
RP49: 30/11/2012 3:00:11 a.m. - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
AIO_Scan
Atheros Driver Installation Program
µTorrent
AutoCAD 2012 - English
AutoCAD 2012 Language Pack - English
Autodesk Content Service
Autodesk Inventor Fusion 2012
Autodesk Inventor Fusion 2012 Language Pack
Autodesk Inventor Fusion plug-in for AutoCAD 2012
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Broadcom Card Reader Driver Installer
Broadcom Gigabit NetLink Controller
BufferChm
Copy
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations
DeviceDiscovery
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
ESET NOD32 Antivirus
F2100
F2100_Help
FARO LS 1.1.406.58
Google Chrome
Google Update Helper
GPBaseService2
HMA! Pro VPN 2.6.9
HP Customer Participation Program 13.0
HP Deskjet All-In-One Driver Software 13.0 Rel. 1
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Hotmail Connector 64-bit
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MSI Afterburner 2.2.4
MSI Kombustor 2.4.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 285.90
NVIDIA Graphics Driver 285.90
NVIDIA Install Application
NVIDIA Optimus 1.5.21
NVIDIA Update Components
Oracle VM VirtualBox 4.2.0
PDF Settings CS5
Renesas Electronics USB 3.0 Host Controller Driver
Scan
Seagate DiscWizard
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
StarCraft II
Status
Steam
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
uTorrentControl_v2 Toolbar
VirtualCloneDrive
VLC media player 2.0.3
WebReg
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
27/11/2012 3:13:01 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
27/11/2012 3:09:23 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
.
==== End Of File ===========================

 

[Liam Bell]

Thank you so much for you help

 

[Liam Bell]

Sorry also the adaware log for delete

# AdwCleaner v2.010 - Logfile created 12/02/2012 at 08:54:38
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Liam - LIAM-PC
# Boot Mode : Normal
# Running from : C:\Users\Liam\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\Users\Liam\AppData\Local\Conduit
Folder Deleted : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Liam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Liam\AppData\LocalLow\uTorrentControl_v2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{964F9CB2-3128-4B35-9EE4-BB5650751C34}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0A60C91-62EB-460F-9BE8-8FCE5685B29F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3361 octets] - [02/12/2012 08:51:59]
AdwCleaner[S1].txt - [3356 octets] - [02/12/2012 08:54:38]

########## EOF - C:\AdwCleaner[S1].txt - [3416 octets] ##########

 

[Jay Pfoutz]

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Liam Bell]

Hi, here is the log. Thank you.

ComboFix 12-12-02.01 - Liam 03/12/2012 17:43:53.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.8044.6462 [GMT 13:00]
Running from: c:\users\Liam\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Liam\AppData\Local\Temp\7zS30D4\HPSLPSVC64.DLL
c:\users\Public\sdelevURL.tmp
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\@
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\L\00000004.@
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\L\201d3dde
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\L\4cce1f70
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\L\55490ac4
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\U\00000008.@
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\U\80000032.@
c:\windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 04:50 . 2012-12-03 04:50--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-12-03 04:50 . 2012-12-03 04:50--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-01 20:02 . 2012-12-01 20:02--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-11-30 07:17 . 2012-11-30 07:19--------d-----w-c:\programdata\Windows Codecs
2012-11-30 07:17 . 2012-11-30 07:17--------d-----w-c:\program files (x86)\Mega Codec Pack
2012-11-29 06:25 . 2012-11-29 07:08--------d-----w-c:\users\Public\Games
2012-11-29 05:50 . 2012-11-29 05:50--------d-----w-c:\programdata\Blizzard
2012-11-29 04:33 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{514EB171-A5F4-4127-972B-519CE6FE8401}\mpengine.dll
2012-11-16 06:23 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 06:23 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 06:23 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 06:23 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-16 06:13 . 2012-10-08 11:17816640----a-w-c:\windows\system32\jscript.dll
2012-11-16 06:13 . 2012-10-08 11:152144768----a-w-c:\windows\system32\iertutil.dll
2012-11-16 06:13 . 2012-10-08 11:25499200----a-w-c:\program files\Internet Explorer\jsdbgui.dll
2012-11-16 06:13 . 2012-10-08 07:50678912----a-w-c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-11-16 06:13 . 2012-10-08 07:49387584----a-w-c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-11-16 06:13 . 2012-10-08 11:26887296----a-w-c:\program files\Internet Explorer\iedvtool.dll
2012-11-16 06:13 . 2012-10-08 12:1917811968----a-w-c:\windows\system32\mshtml.dll
2012-11-16 06:13 . 2012-10-08 11:4210925568----a-w-c:\windows\system32\ieframe.dll
2012-11-16 06:10 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 06:10 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 06:10 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-16 06:10 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-16 06:10 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-16 06:10 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-16 06:10 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 05:57 . 2012-10-03 17:4418944----a-w-c:\windows\system32\netevent.dll
2012-11-15 05:57 . 2012-10-03 16:4218944----a-w-c:\windows\SysWow64\netevent.dll
2012-11-15 05:57 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-15 05:57 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-13 06:18 . 2012-11-13 06:52--------d-----w-c:\users\Liam\AppData\Local\Darksiders
2012-11-13 05:41 . 2012-11-13 06:17--------d-----w-c:\program files (x86)\Darksiders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 06:11 . 2012-10-04 07:5066395536----a-w-c:\windows\system32\MRT.exe
2012-11-01 08:52 . 2012-11-01 08:5275928----a-w-c:\windows\system32\drivers\dc3d.sys
2012-11-01 08:52 . 2012-11-01 08:521795952----a-w-c:\windows\system32\WdfCoInstaller01011.dll
2012-10-21 20:55 . 2012-10-21 20:5573656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-21 20:55 . 2012-10-21 20:55696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:38 . 2012-11-29 04:32135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 04:32350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 04:32561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-05 04:04 . 2012-10-05 04:04971360----a-w-c:\windows\system32\drivers\timntr.sys
2012-10-05 04:04 . 2012-10-05 04:04210016----a-w-c:\windows\system32\drivers\vididr.sys
2012-10-05 04:04 . 2012-10-05 04:04275552----a-w-c:\windows\system32\drivers\snapman.sys
2012-10-05 04:04 . 2012-10-05 04:04141920----a-w-c:\windows\system32\drivers\vsflt53.sys
2012-10-04 08:58 . 2012-10-04 09:021640768----a-w-c:\windows\system32\nvvsvc.exe
2012-10-04 08:58 . 2012-10-04 09:025160256----a-w-c:\windows\system32\nvsvc64.dll
2012-10-04 08:58 . 2012-10-04 09:023074368----a-w-c:\windows\system32\nvsvcr.dll
2012-10-04 08:58 . 2012-10-04 09:02137536----a-w-c:\windows\system32\nvshext.dll
2012-10-04 08:58 . 2012-10-04 09:02222528----a-w-c:\windows\system32\nvmctray.dll
2012-10-04 08:58 . 2012-10-04 09:02540992----a-w-c:\windows\system32\nvhotkey.dll
2012-10-04 08:58 . 2012-10-04 09:0210428736----a-w-c:\windows\system32\nvcpl.dll
2012-10-04 08:57 . 2012-10-04 09:022417322----a-w-c:\windows\system32\nvcoproc.bin
2012-10-04 08:57 . 2012-10-04 09:02837952----a-w-c:\windows\system32\easyupdatusapiu64.dll
2012-10-04 08:57 . 2012-10-04 09:0255616----a-w-c:\windows\system32\nv3dappshextr.dll
2012-10-04 08:57 . 2012-10-04 09:021350976----a-w-c:\windows\system32\nv3dappshext.dll
2012-10-04 08:57 . 2012-10-04 09:018798528----a-w-c:\windows\system32\nvwgf2umx.dll
2012-10-04 08:57 . 2012-10-04 09:0168928----a-w-c:\windows\system32\OpenCL.dll
2012-10-04 08:57 . 2012-10-04 09:0161248----a-w-c:\windows\SysWow64\OpenCL.dll
2012-10-04 08:57 . 2012-10-04 09:01862016----a-w-c:\windows\system32\nvumdshimx.dll
2012-10-04 08:57 . 2012-10-04 09:01718144----a-w-c:\windows\SysWow64\nvumdshim.dll
2012-10-04 08:57 . 2012-10-04 09:017049536----a-w-c:\windows\SysWow64\nvwgf2um.dll
2012-10-04 08:57 . 2012-10-04 09:01371520----a-w-c:\windows\system32\nvoptimusmft.dll
2012-10-04 08:57 . 2012-10-04 09:01330560----a-w-c:\windows\SysWow64\nvoptimusmft.dll
2012-10-04 08:57 . 2012-10-04 09:0128992----a-w-c:\windows\system32\drivers\nvpciflt.sys
2012-10-04 08:57 . 2012-10-04 09:0124748864----a-w-c:\windows\system32\nvoglv64.dll
2012-10-04 08:57 . 2012-10-04 09:01241984----a-w-c:\windows\system32\nvinitx.dll
2012-10-04 08:57 . 2012-10-04 09:01203072----a-w-c:\windows\SysWow64\nvinit.dll
2012-10-04 08:57 . 2012-10-04 09:0118876736----a-w-c:\windows\SysWow64\nvoglv32.dll
2012-10-04 08:57 . 2012-10-04 09:011454912----a-w-c:\windows\system32\nvgenco64.dll
2012-10-04 08:57 . 2012-10-04 09:0113012800----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-04 08:57 . 2012-10-04 09:01364352----a-w-c:\windows\system32\nvdecodemft.dll
2012-10-04 08:57 . 2012-10-04 09:01301888----a-w-c:\windows\SysWow64\nvdecodemft.dll
2012-10-04 08:57 . 2012-10-04 09:0115696704----a-w-c:\windows\system32\nvd3dumx.dll
2012-10-04 08:57 . 2012-10-04 09:011543488----a-w-c:\windows\system32\nvdispco64.dll
2012-10-04 08:57 . 2012-10-04 09:0113208384----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-10-04 08:57 . 2012-10-04 09:017598400----a-w-c:\windows\system32\nvcuda.dll
2012-10-04 08:57 . 2012-10-04 09:015589824----a-w-c:\windows\SysWow64\nvcuda.dll
2012-10-04 08:57 . 2012-10-04 09:012544960----a-w-c:\windows\system32\nvcuvid.dll
2012-10-04 08:57 . 2012-10-04 09:012403136----a-w-c:\windows\SysWow64\nvcuvid.dll
2012-10-04 08:57 . 2012-10-04 09:012233664----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-04 08:57 . 2012-10-04 09:012100544----a-w-c:\windows\SysWow64\nvcuvenc.dll
2012-10-04 08:57 . 2012-10-04 09:0117248576----a-w-c:\windows\SysWow64\nvcompiler.dll
2012-10-04 08:57 . 2012-10-04 09:012824000----a-w-c:\windows\system32\nvapi64.dll
2012-10-04 08:57 . 2012-10-04 09:0124796992----a-w-c:\windows\system32\nvcompiler.dll
2012-10-04 08:57 . 2012-10-04 09:012472768----a-w-c:\windows\SysWow64\nvapi.dll
2012-10-04 07:55 . 2012-10-04 07:5591648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2012-10-04 07:55 . 2012-10-04 07:5589088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2012-10-04 07:55 . 2012-10-04 07:5586528----a-w-c:\windows\SysWow64\iesysprep.dll
2012-10-04 07:55 . 2012-10-04 07:5576800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-04 07:55 . 2012-10-04 07:5574752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-04 07:55 . 2012-10-04 07:5574752----a-w-c:\windows\SysWow64\iesetup.dll
2012-10-04 07:55 . 2012-10-04 07:5565024----a-w-c:\windows\system32\pngfilt.dll
2012-10-04 07:55 . 2012-10-04 07:5563488----a-w-c:\windows\SysWow64\tdc.ocx
2012-10-04 07:55 . 2012-10-04 07:5555296----a-w-c:\windows\system32\msfeedsbs.dll
2012-10-04 07:55 . 2012-10-04 07:5549664----a-w-c:\windows\system32\imgutil.dll
2012-10-04 07:55 . 2012-10-04 07:5548640----a-w-c:\windows\SysWow64\mshtmler.dll
2012-10-04 07:55 . 2012-10-04 07:5548640----a-w-c:\windows\system32\mshtmler.dll
2012-10-04 07:55 . 2012-10-04 07:55367104----a-w-c:\windows\SysWow64\html.iec
2012-10-04 07:55 . 2012-10-04 07:5535840----a-w-c:\windows\SysWow64\imgutil.dll
2012-10-04 07:55 . 2012-10-04 07:55267776----a-w-c:\windows\system32\ieaksie.dll
2012-10-04 07:55 . 2012-10-04 07:5523552----a-w-c:\windows\SysWow64\licmgr10.dll
2012-10-04 07:55 . 2012-10-04 07:55222208----a-w-c:\windows\system32\msls31.dll
2012-10-04 07:55 . 2012-10-04 07:55197120----a-w-c:\windows\system32\msrating.dll
2012-10-04 07:55 . 2012-10-04 07:55163840----a-w-c:\windows\system32\ieakui.dll
2012-10-04 07:55 . 2012-10-04 07:55161792----a-w-c:\windows\SysWow64\msls31.dll
2012-10-04 07:55 . 2012-10-04 07:55160256----a-w-c:\windows\system32\ieakeng.dll
2012-10-04 07:55 . 2012-10-04 07:55152064----a-w-c:\windows\SysWow64\wextract.exe
2012-10-04 07:55 . 2012-10-04 07:55150528----a-w-c:\windows\SysWow64\iexpress.exe
2012-10-04 07:55 . 2012-10-04 07:55149504----a-w-c:\windows\system32\occache.dll
2012-10-04 07:55 . 2012-10-04 07:55145920----a-w-c:\windows\system32\iepeers.dll
2012-10-04 07:55 . 2012-10-04 07:55135168----a-w-c:\windows\system32\IEAdvpack.dll
2012-10-04 07:55 . 2012-10-04 07:5512288----a-w-c:\windows\system32\mshta.exe
2012-10-04 07:55 . 2012-10-04 07:5511776----a-w-c:\windows\SysWow64\mshta.exe
2012-10-04 07:55 . 2012-10-04 07:55114176----a-w-c:\windows\system32\admparse.dll
2012-10-04 07:55 . 2012-10-04 07:55111616----a-w-c:\windows\system32\iesysprep.dll
2012-10-04 07:55 . 2012-10-04 07:55110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2012-10-04 07:55 . 2012-10-04 07:5510752----a-w-c:\windows\system32\msfeedssync.exe
2012-10-04 07:55 . 2012-10-04 07:55101888----a-w-c:\windows\SysWow64\admparse.dll
2012-10-04 07:55 . 2012-10-04 07:5589088----a-w-c:\windows\system32\ie4uinit.exe
2012-10-04 07:55 . 2012-10-04 07:5585504----a-w-c:\windows\system32\iesetup.dll
2012-10-04 07:55 . 2012-10-04 07:5582432----a-w-c:\windows\system32\icardie.dll
2012-10-04 07:55 . 2012-10-04 07:5576800----a-w-c:\windows\system32\tdc.ocx
2012-10-04 07:55 . 2012-10-04 07:55534528----a-w-c:\windows\system32\ieapfltr.dll
2012-10-04 07:55 . 2012-10-04 07:55452608----a-w-c:\windows\system32\dxtmsft.dll
2012-10-04 07:55 . 2012-10-04 07:55448512----a-w-c:\windows\system32\html.iec
2012-10-04 07:55 . 2012-10-04 07:55403248----a-w-c:\windows\system32\iedkcs32.dll
2012-10-04 07:55 . 2012-10-04 07:5539936----a-w-c:\windows\system32\iernonce.dll
2012-10-04 07:55 . 2012-10-04 07:553695416----a-w-c:\windows\system32\ieapfltr.dat
2012-10-04 07:55 . 2012-10-04 07:5530720----a-w-c:\windows\system32\licmgr10.dll
2012-10-04 07:55 . 2012-10-04 07:55282112----a-w-c:\windows\system32\dxtrans.dll
2012-10-04 07:55 . 2012-10-04 07:55249344----a-w-c:\windows\system32\webcheck.dll
2012-10-04 07:55 . 2012-10-04 07:55165888----a-w-c:\windows\system32\iexpress.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Windows Codecs]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-30 07:17172032----a-w-c:\programdata\Windows Codecs\MediaShellOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-21 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-17 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-04-12 113288]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-17 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-01 75928]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-04 1431888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-09-17 13368]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-09-12 105816]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-04 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-04 28992]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-10-05 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-10-05 141920]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-03 146432]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-12 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-12 119640]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-21 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-03 137144]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-01-19 52264]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-12-01 411688]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-04-12 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-04-12 181760]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-12 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-12 146264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 20:55]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:31]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-21 4035152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.daum.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2012-12-03 17:53:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-03 04:53
.
Pre-Run: 589,453,541,376 bytes free
Post-Run: 590,719,184,896 bytes free
.
- - End Of File - - 52E0A7657CA0B5E48492BEDA44EB4AA7

 

[Jay Pfoutz]

I would like to take a look from the Recovery Environment just to check things out...

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[Liam Bell]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 21:16:15
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-21] (ESET)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-17] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2012-04-11] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-21] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-07] (Hewlett-Packard)
HKU\Liam\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-05] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-01] ()
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-21] (ESET)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-28] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-28] (Malwarebytes Corporation)
3 OpenVPNService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2011-07-13] ()

==================== Drivers (Whitelisted) =====================

3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67624 2011-01-19] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2011-01-19] (Broadcom Corporation)
3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [52264 2011-01-18] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [85544 2011-01-12] (Broadcom Corporation)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-08] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-03] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-03] (ESET)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-28] (Malwarebytes Corporation)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2012-09-16] ()
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-12] (Oracle Corporation)
0 vididr; C:\Windows\System32\Drivers\vididr.sys [210016 2012-10-04] (Acronis)
0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-10-04] (Acronis)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-02 20:53 - 2012-12-02 20:53 - 00026128 ____A C:\ComboFix.txt
2012-12-02 20:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-02 20:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-02 20:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-02 20:33 - 2012-12-02 20:53 - 00000000 ____D C:\Qoobox
2012-12-02 20:33 - 2012-12-02 20:52 - 00000000 ____D C:\Windows\erdnt
2012-12-02 20:32 - 2012-12-02 20:33 - 05009299 ____R (Swearware) C:\Users\Liam\Downloads\ComboFix.exe
2012-12-01 12:02 - 2012-12-01 12:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-01 11:56 - 2012-12-01 11:56 - 00003483 ____A C:\Users\Liam\Desktop\AdwCleaner[S1].txt
2012-12-01 11:54 - 2012-12-01 11:54 - 00003483 ____A C:\AdwCleaner[S1].txt
2012-12-01 11:52 - 2012-12-01 11:52 - 00003361 ____A C:\Users\Liam\Desktop\AdwCleaner[R1].txt
2012-12-01 11:51 - 2012-12-01 11:52 - 00003361 ____A C:\AdwCleaner[R1].txt
2012-12-01 11:47 - 2012-12-01 11:47 - 00020072 ____A C:\Users\Liam\Desktop\dds.txt
2012-12-01 11:47 - 2012-12-01 11:47 - 00008276 ____A C:\Users\Liam\Desktop\attach.txt
2012-11-30 09:01 - 2012-11-30 09:01 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man.(2012)
2012-11-29 23:17 - 2012-11-29 23:19 - 00000000 ____D C:\Users\All Users\Windows Codecs
2012-11-29 23:17 - 2012-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-29 23:15 - 2012-11-29 23:15 - 00059062 ____A C:\Users\Liam\Downloads\searching-for-sugar-man.-2012.torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE (1).torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00016778 ____A C:\Users\Liam\Downloads\Sugar_Man_DVDRip_XviD-aAF_rar.torrent
2012-11-29 22:29 - 2012-11-29 22:30 - 06324201 ____A (FreeVideoJoiner.com ) C:\Users\Liam\Downloads\freevideojoinersetup.exe
2012-11-29 19:24 - 2012-11-29 19:32 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man [English] (DVD) x264 AMIABLE
2012-11-29 19:24 - 2012-11-29 19:24 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE.torrent
2012-11-29 13:53 - 2012-11-29 14:36 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man[2012]BRRip XviD-ETRG
2012-11-29 10:54 - 2012-11-29 11:39 - 00000000 ____D C:\Users\Liam\Downloads\The.Expendables.2.2012.PROPER.720p.BRRip.XviD.AC3-ViSiON
2012-11-29 10:50 - 2012-11-29 10:50 - 00058353 ____A C:\Users\Liam\Downloads\[isoHunt] 2335093.torrent
2012-11-29 10:49 - 2012-11-29 11:02 - 00000000 ____D C:\Users\Liam\Downloads\Taken 2 2012 TS XViD-sC0rp
2012-11-29 10:46 - 2012-11-29 10:46 - 00110535 ____A C:\Users\Liam\Downloads\[kat.ph]the.expendables.2.2012.proper.720p.brrip.xvid.ac3.vision.torrent
2012-11-29 10:46 - 2012-11-29 10:46 - 00015083 ____A C:\Users\Liam\Downloads\[kat.ph]taken.2.2012.ts.xvid.sc0rp.torrent
2012-11-28 22:25 - 2012-11-28 23:08 - 00000000 ____D C:\Users\Public\Games
2012-11-28 21:50 - 2012-11-28 22:21 - 00001328 ____A C:\Users\UpdatusUser\Desktop\World of Warcraft Installer.lnk
2012-11-28 21:50 - 2012-11-28 22:21 - 00001328 ____A C:\Users\Liam\Desktop\World of Warcraft Installer.lnk
2012-11-28 21:50 - 2012-11-28 21:50 - 00000000 ____D C:\Users\All Users\Blizzard
2012-11-28 21:45 - 2012-11-29 06:21 - 00000000 ____D C:\Users\Liam\Downloads\Looper 2012 BDRip [SEEDBOX] Pimp4003
2012-11-28 21:45 - 2012-11-28 21:49 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2012-11-28 21:42 - 2012-11-28 21:42 - 00144435 ____A C:\Users\Liam\Downloads\[kat.ph]james.bond.007.films.50th.anniversary.collection.1962.2008.720p.bluray.x264.nhanc3.torrent
2012-11-28 21:41 - 2012-11-28 21:41 - 00012483 ____A C:\Users\Liam\Downloads\[kat.ph]looper.2012.bdrip.seedbox.pimp4003.torrent
2012-11-28 21:39 - 2012-11-28 21:39 - 00000000 ____D C:\Users\Liam\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
2012-11-28 21:38 - 2012-11-28 21:38 - 00114843 ____A C:\Users\Liam\Downloads\[kat.ph]snow.white.and.the.huntsman.2012.extended.bdrip.xvid.amiable.torrent
2012-11-26 18:12 - 2012-11-26 18:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-11-26 00:37 - 2012-11-26 00:37 - 00467505 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu_b.zip
2012-11-26 00:24 - 2012-11-26 00:24 - 00473455 ____A C:\Users\Liam\Downloads\mgs_peace_walker_c.zip
2012-11-25 23:26 - 2012-11-25 23:30 - 47818182 ____A C:\Users\Liam\Downloads\metal-gear-solid-peace-walker-dlc.zip
2012-11-25 23:24 - 2012-11-25 23:24 - 00468136 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu.zip
2012-11-15 22:23 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 22:23 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 22:23 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 22:23 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 22:14 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 22:14 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 22:14 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 22:14 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 22:14 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 22:14 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 22:14 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 22:14 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 22:14 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 22:14 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 22:14 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 22:14 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 22:14 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 22:14 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 22:14 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 22:14 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 22:14 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 22:14 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 22:14 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 22:14 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 22:14 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 22:14 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 22:14 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 22:14 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 22:13 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 22:13 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 22:13 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 22:13 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 22:13 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 22:13 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 22:13 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 22:13 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 22:10 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 22:10 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 22:10 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 22:10 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 21:58 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 21:58 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 21:58 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 21:58 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 21:58 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 21:58 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 21:58 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 21:58 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 21:58 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 21:58 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 21:58 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 21:58 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 21:58 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 21:58 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 21:58 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 21:57 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 21:57 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 21:57 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 21:57 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-12 22:18 - 2012-11-12 22:52 - 00000000 ____D C:\Users\Liam\AppData\Local\Darksiders
2012-11-12 22:18 - 2012-11-12 22:18 - 00000000 ____D C:\Users\Liam\Documents\My Games
2012-11-12 21:41 - 2012-11-12 22:17 - 00000000 ____D C:\Program Files (x86)\Darksiders
2012-11-09 17:15 - 2012-11-09 19:00 - 00000000 ____D C:\Users\Liam\Downloads\Men.in.Black.3.2012.720p.BluRay.x264.DTS-HDChina [PublicHD]
2012-11-09 17:10 - 2012-11-09 17:10 - 00033897 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.720p.bluray.x264.dts.hdchina.publichd.torrent
2012-11-09 16:56 - 2012-11-09 22:15 - 00000000 ____D C:\Users\Liam\Downloads\Total.Recall.2012.EXTENDED.DC.720p.BluRay.DTS.x264-PublicHD
2012-11-09 16:55 - 2012-11-10 21:56 - 00000000 ____D C:\Users\Liam\Downloads\The Amazing Spiderman (2012) [1080p]
2012-11-09 16:54 - 2012-11-09 16:54 - 00113180 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spider.man.2012.retail.dvdrip.xvid.psig.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00021381 ____A C:\Users\Liam\Downloads\[kat.ph]total.recall.2012.extended.dc.720p.bluray.dts.x264.publichd.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00011100 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spiderman.2012.1080p.brrip.x264.yify.torrent
2012-11-09 16:52 - 2012-11-09 16:52 - 00008604 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bdrip.x264.aac.26k.torrent
2012-11-08 22:40 - 2012-11-09 04:38 - 00000000 ____D C:\Users\Liam\Downloads\Men.In.Black.3.2012.1080p.BluRay.3D.H-SBS.DTS.x264-PublicHD
2012-11-08 22:36 - 2012-11-08 22:55 - 00000000 ____D C:\Users\Liam\Downloads\Ted[2012]BRRip XviD-ETRG
2012-11-08 22:35 - 2012-11-08 23:33 - 00000000 ____D C:\Users\Liam\Downloads\Madagascar 3 Europes Most Wanted (2012) [1080p]
2012-11-08 21:12 - 2012-11-08 21:12 - 00015151 ____A C:\Users\Liam\Downloads\[kat.ph]madagascar.3.europe.s.most.wanted.2012.1080p.brrip.x264.yify.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00060303 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bluray.3d.h.sbs.dts.x264.publichd.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00015259 ____A C:\Users\Liam\Downloads\[kat.ph]ted.2012.brrip.xvid.etrg.torrent


==================== One Month Modified Files and Folders =======

2012-12-05 21:15 - 2012-12-05 21:15 - 00000000 ____D C:\FRST
2012-12-05 00:14 - 2012-10-03 22:58 - 01237620 ____A C:\Windows\WindowsUpdate.log
2012-12-05 00:14 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 00:14 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 00:11 - 2012-10-21 12:22 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-05 00:10 - 2012-10-06 18:13 - 00007750 ____A C:\Windows\setupact.log
2012-12-05 00:10 - 2012-10-04 00:31 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-05 00:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 00:08 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-04 23:41 - 2012-10-04 00:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-04 23:15 - 2012-10-21 12:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-02 20:53 - 2012-12-02 20:53 - 00026128 ____A C:\ComboFix.txt
2012-12-02 20:53 - 2012-12-02 20:33 - 00000000 ____D C:\Qoobox
2012-12-02 20:53 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-12-02 20:52 - 2012-12-02 20:33 - 00000000 ____D C:\Windows\erdnt
2012-12-02 20:51 - 2010-11-20 19:47 - 00021620 ____A C:\Windows\PFRO.log
2012-12-02 20:51 - 2009-07-13 18:34 - 72089600 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 15466496 ____A C:\Windows\System32\config\SYSTEM.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-02 20:38 - 2009-07-13 21:08 - 00012588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-02 20:33 - 2012-12-02 20:32 - 05009299 ____R (Swearware) C:\Users\Liam\Downloads\ComboFix.exe
2012-12-01 12:02 - 2012-12-01 12:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-01 11:56 - 2012-12-01 11:56 - 00003483 ____A C:\Users\Liam\Desktop\AdwCleaner[S1].txt
2012-12-01 11:54 - 2012-12-01 11:54 - 00003483 ____A C:\AdwCleaner[S1].txt
2012-12-01 11:52 - 2012-12-01 11:52 - 00003361 ____A C:\Users\Liam\Desktop\AdwCleaner[R1].txt
2012-12-01 11:52 - 2012-12-01 11:51 - 00003361 ____A C:\AdwCleaner[R1].txt
2012-12-01 11:51 - 2012-10-04 02:01 - 00000000 ____D C:\Users\Liam\AppData\Roaming\uTorrent
2012-12-01 11:47 - 2012-12-01 11:47 - 00020072 ____A C:\Users\Liam\Desktop\dds.txt
2012-12-01 11:47 - 2012-12-01 11:47 - 00008276 ____A C:\Users\Liam\Desktop\attach.txt
2012-11-30 09:01 - 2012-11-30 09:01 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man.(2012)
2012-11-29 23:19 - 2012-11-29 23:17 - 00000000 ____D C:\Users\All Users\Windows Codecs
2012-11-29 23:18 - 2012-10-04 17:13 - 00000000 ____D C:\Users\Liam\AppData\Roaming\vlc
2012-11-29 23:17 - 2012-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-29 23:15 - 2012-11-29 23:15 - 00059062 ____A C:\Users\Liam\Downloads\searching-for-sugar-man.-2012.torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE (1).torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00016778 ____A C:\Users\Liam\Downloads\Sugar_Man_DVDRip_XviD-aAF_rar.torrent
2012-11-29 22:30 - 2012-11-29 22:29 - 06324201 ____A (FreeVideoJoiner.com ) C:\Users\Liam\Downloads\freevideojoinersetup.exe
2012-11-29 19:32 - 2012-11-29 19:24 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man [English] (DVD) x264 AMIABLE
2012-11-29 19:24 - 2012-11-29 19:24 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE.torrent
2012-11-29 14:36 - 2012-11-29 13:53 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man[2012]BRRip XviD-ETRG
2012-11-29 11:39 - 2012-11-29 10:54 - 00000000 ____D C:\Users\Liam\Downloads\The.Expendables.2.2012.PROPER.720p.BRRip.XviD.AC3-ViSiON
2012-11-29 11:02 - 2012-11-29 10:49 - 00000000 ____D C:\Users\Liam\Downloads\Taken 2 2012 TS XViD-sC0rp
2012-11-29 10:50 - 2012-11-29 10:50 - 00058353 ____A C:\Users\Liam\Downloads\[isoHunt] 2335093.torrent
2012-11-29 10:46 - 2012-11-29 10:46 - 00110535 ____A C:\Users\Liam\Downloads\[kat.ph]the.expendables.2.2012.proper.720p.brrip.xvid.ac3.vision.torrent
2012-11-29 10:46 - 2012-11-29 10:46 - 00015083 ____A C:\Users\Liam\Downloads\[kat.ph]taken.2.2012.ts.xvid.sc0rp.torrent
2012-11-29 07:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-29 06:21 - 2012-11-28 21:45 - 00000000 ____D C:\Users\Liam\Downloads\Looper 2012 BDRip [SEEDBOX] Pimp4003
2012-11-28 23:08 - 2012-11-28 22:25 - 00000000 ____D C:\Users\Public\Games
2012-11-28 22:21 - 2012-11-28 21:50 - 00001328 ____A C:\Users\UpdatusUser\Desktop\World of Warcraft Installer.lnk
2012-11-28 22:21 - 2012-11-28 21:50 - 00001328 ____A C:\Users\Liam\Desktop\World of Warcraft Installer.lnk
2012-11-28 21:50 - 2012-11-28 21:50 - 00000000 ____D C:\Users\All Users\Blizzard
2012-11-28 21:49 - 2012-11-28 21:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2012-11-28 21:42 - 2012-11-28 21:42 - 00144435 ____A C:\Users\Liam\Downloads\[kat.ph]james.bond.007.films.50th.anniversary.collection.1962.2008.720p.bluray.x264.nhanc3.torrent
2012-11-28 21:41 - 2012-11-28 21:41 - 00012483 ____A C:\Users\Liam\Downloads\[kat.ph]looper.2012.bdrip.seedbox.pimp4003.torrent
2012-11-28 21:39 - 2012-11-28 21:39 - 00000000 ____D C:\Users\Liam\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
2012-11-28 21:38 - 2012-11-28 21:38 - 00114843 ____A C:\Users\Liam\Downloads\[kat.ph]snow.white.and.the.huntsman.2012.extended.bdrip.xvid.amiable.torrent
2012-11-26 18:12 - 2012-11-26 18:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-11-26 00:37 - 2012-11-26 00:37 - 00467505 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu_b.zip
2012-11-26 00:24 - 2012-11-26 00:24 - 00473455 ____A C:\Users\Liam\Downloads\mgs_peace_walker_c.zip
2012-11-25 23:30 - 2012-11-25 23:26 - 47818182 ____A C:\Users\Liam\Downloads\metal-gear-solid-peace-walker-dlc.zip
2012-11-25 23:24 - 2012-11-25 23:24 - 00468136 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu.zip
2012-11-15 22:46 - 2012-10-04 00:00 - 00142464 ____A C:\Users\Liam\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 22:45 - 2009-07-13 20:45 - 05047880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 22:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-15 22:29 - 2012-10-04 01:27 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-15 22:11 - 2012-10-03 23:50 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 22:08 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-11-12 22:52 - 2012-11-12 22:18 - 00000000 ____D C:\Users\Liam\AppData\Local\Darksiders
2012-11-12 22:18 - 2012-11-12 22:18 - 00000000 ____D C:\Users\Liam\Documents\My Games
2012-11-12 22:17 - 2012-11-12 21:41 - 00000000 ____D C:\Program Files (x86)\Darksiders
2012-11-12 22:13 - 2012-10-04 18:52 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-12 22:13 - 2012-10-04 01:34 - 00014537 ____A C:\Windows\DirectX.log
2012-11-12 21:55 - 2012-10-04 18:52 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-11-10 21:56 - 2012-11-09 16:55 - 00000000 ____D C:\Users\Liam\Downloads\The Amazing Spiderman (2012) [1080p]
2012-11-09 22:15 - 2012-11-09 16:56 - 00000000 ____D C:\Users\Liam\Downloads\Total.Recall.2012.EXTENDED.DC.720p.BluRay.DTS.x264-PublicHD
2012-11-09 19:00 - 2012-11-09 17:15 - 00000000 ____D C:\Users\Liam\Downloads\Men.in.Black.3.2012.720p.BluRay.x264.DTS-HDChina [PublicHD]
2012-11-09 17:10 - 2012-11-09 17:10 - 00033897 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.720p.bluray.x264.dts.hdchina.publichd.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00113180 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spider.man.2012.retail.dvdrip.xvid.psig.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00021381 ____A C:\Users\Liam\Downloads\[kat.ph]total.recall.2012.extended.dc.720p.bluray.dts.x264.publichd.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00011100 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spiderman.2012.1080p.brrip.x264.yify.torrent
2012-11-09 16:52 - 2012-11-09 16:52 - 00008604 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bdrip.x264.aac.26k.torrent
2012-11-09 07:15 - 2012-10-06 23:21 - 00000000 ____D C:\Users\Liam\Downloads\Darksiders - SKIDROW
2012-11-09 04:38 - 2012-11-08 22:40 - 00000000 ____D C:\Users\Liam\Downloads\Men.In.Black.3.2012.1080p.BluRay.3D.H-SBS.DTS.x264-PublicHD
2012-11-08 23:33 - 2012-11-08 22:35 - 00000000 ____D C:\Users\Liam\Downloads\Madagascar 3 Europes Most Wanted (2012) [1080p]
2012-11-08 22:55 - 2012-11-08 22:36 - 00000000 ____D C:\Users\Liam\Downloads\Ted[2012]BRRip XviD-ETRG
2012-11-08 21:12 - 2012-11-08 21:12 - 00015151 ____A C:\Users\Liam\Downloads\[kat.ph]madagascar.3.europe.s.most.wanted.2012.1080p.brrip.x264.yify.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00060303 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bluray.3d.h.sbs.dts.x264.publichd.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00015259 ____A C:\Users\Liam\Downloads\[kat.ph]ted.2012.brrip.xvid.etrg.torrent


ZeroAccess:
C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}
C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\L
C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-03 20:41:12

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8043.86 MB
Available physical RAM: 7240.32 MB
Total Pagefile: 8042.06 MB
Available Pagefile: 7228.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:547.39 GB) NTFS
3 Drive f: () (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 698 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 1768 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-12-04 09:57

==================== End Of Log =============================

 

[Liam Bell]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 21:16:15
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-21] (ESET)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-17] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2012-04-11] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-21] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-07] (Hewlett-Packard)
HKU\Liam\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-05] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ===================
2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-01] ()
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-21] (ESET)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-28] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-28] (Malwarebytes Corporation)
3 OpenVPNService; "C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2011-07-13] ()
==================== Drivers (Whitelisted) =====================
3 b57xdbd; C:\Windows\System32\Drivers\b57xdbd.sys [67624 2011-01-19] (Broadcom Corporation)
3 b57xdmp; C:\Windows\System32\Drivers\b57xdmp.sys [19496 2011-01-19] (Broadcom Corporation)
3 bScsiMSa; C:\Windows\System32\Drivers\bScsiMSa.sys [52264 2011-01-18] (Broadcom Corporation)
3 bScsiSDa; C:\Windows\System32\Drivers\bScsiSDa.sys [85544 2011-01-12] (Broadcom Corporation)
2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-08] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-03] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-03] (ESET)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-28] (Malwarebytes Corporation)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2012-09-16] ()
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-12] (Oracle Corporation)
0 vididr; C:\Windows\System32\Drivers\vididr.sys [210016 2012-10-04] (Acronis)
0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-10-04] (Acronis)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-12-02 20:53 - 2012-12-02 20:53 - 00026128 ____A C:\ComboFix.txt
2012-12-02 20:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-02 20:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-02 20:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-02 20:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-02 20:33 - 2012-12-02 20:53 - 00000000 ____D C:\Qoobox
2012-12-02 20:33 - 2012-12-02 20:52 - 00000000 ____D C:\Windows\erdnt
2012-12-02 20:32 - 2012-12-02 20:33 - 05009299 ____R (Swearware) C:\Users\Liam\Downloads\ComboFix.exe
2012-12-01 12:02 - 2012-12-01 12:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-01 11:56 - 2012-12-01 11:56 - 00003483 ____A C:\Users\Liam\Desktop\AdwCleaner[S1].txt
2012-12-01 11:54 - 2012-12-01 11:54 - 00003483 ____A C:\AdwCleaner[S1].txt
2012-12-01 11:52 - 2012-12-01 11:52 - 00003361 ____A C:\Users\Liam\Desktop\AdwCleaner[R1].txt
2012-12-01 11:51 - 2012-12-01 11:52 - 00003361 ____A C:\AdwCleaner[R1].txt
2012-12-01 11:47 - 2012-12-01 11:47 - 00020072 ____A C:\Users\Liam\Desktop\dds.txt
2012-12-01 11:47 - 2012-12-01 11:47 - 00008276 ____A C:\Users\Liam\Desktop\attach.txt
2012-11-30 09:01 - 2012-11-30 09:01 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man.(2012)
2012-11-29 23:17 - 2012-11-29 23:19 - 00000000 ____D C:\Users\All Users\Windows Codecs
2012-11-29 23:17 - 2012-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-29 23:15 - 2012-11-29 23:15 - 00059062 ____A C:\Users\Liam\Downloads\searching-for-sugar-man.-2012.torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE (1).torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00016778 ____A C:\Users\Liam\Downloads\Sugar_Man_DVDRip_XviD-aAF_rar.torrent
2012-11-29 22:29 - 2012-11-29 22:30 - 06324201 ____A (FreeVideoJoiner.com ) C:\Users\Liam\Downloads\freevideojoinersetup.exe
2012-11-29 19:24 - 2012-11-29 19:32 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man [English] (DVD) x264 AMIABLE
2012-11-29 19:24 - 2012-11-29 19:24 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE.torrent
2012-11-29 13:53 - 2012-11-29 14:36 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man[2012]BRRip XviD-ETRG
2012-11-29 10:54 - 2012-11-29 11:39 - 00000000 ____D C:\Users\Liam\Downloads\The.Expendables.2.2012.PROPER.720p.BRRip.XviD.AC3-ViSiON
2012-11-29 10:50 - 2012-11-29 10:50 - 00058353 ____A C:\Users\Liam\Downloads\[isoHunt] 2335093.torrent
2012-11-29 10:49 - 2012-11-29 11:02 - 00000000 ____D C:\Users\Liam\Downloads\Taken 2 2012 TS XViD-sC0rp
2012-11-29 10:46 - 2012-11-29 10:46 - 00110535 ____A C:\Users\Liam\Downloads\[kat.ph]the.expendables.2.2012.proper.720p.brrip.xvid.ac3.vision.torrent
2012-11-29 10:46 - 2012-11-29 10:46 - 00015083 ____A C:\Users\Liam\Downloads\[kat.ph]taken.2.2012.ts.xvid.sc0rp.torrent
2012-11-28 22:25 - 2012-11-28 23:08 - 00000000 ____D C:\Users\Public\Games
2012-11-28 21:50 - 2012-11-28 22:21 - 00001328 ____A C:\Users\UpdatusUser\Desktop\World of Warcraft Installer.lnk
2012-11-28 21:50 - 2012-11-28 22:21 - 00001328 ____A C:\Users\Liam\Desktop\World of Warcraft Installer.lnk
2012-11-28 21:50 - 2012-11-28 21:50 - 00000000 ____D C:\Users\All Users\Blizzard
2012-11-28 21:45 - 2012-11-29 06:21 - 00000000 ____D C:\Users\Liam\Downloads\Looper 2012 BDRip [SEEDBOX] Pimp4003
2012-11-28 21:45 - 2012-11-28 21:49 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2012-11-28 21:42 - 2012-11-28 21:42 - 00144435 ____A C:\Users\Liam\Downloads\[kat.ph]james.bond.007.films.50th.anniversary.collection.1962.2008.720p.bluray.x264.nhanc3.torrent
2012-11-28 21:41 - 2012-11-28 21:41 - 00012483 ____A C:\Users\Liam\Downloads\[kat.ph]looper.2012.bdrip.seedbox.pimp4003.torrent
2012-11-28 21:39 - 2012-11-28 21:39 - 00000000 ____D C:\Users\Liam\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
2012-11-28 21:38 - 2012-11-28 21:38 - 00114843 ____A C:\Users\Liam\Downloads\[kat.ph]snow.white.and.the.huntsman.2012.extended.bdrip.xvid.amiable.torrent
2012-11-26 18:12 - 2012-11-26 18:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-11-26 00:37 - 2012-11-26 00:37 - 00467505 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu_b.zip
2012-11-26 00:24 - 2012-11-26 00:24 - 00473455 ____A C:\Users\Liam\Downloads\mgs_peace_walker_c.zip
2012-11-25 23:26 - 2012-11-25 23:30 - 47818182 ____A C:\Users\Liam\Downloads\metal-gear-solid-peace-walker-dlc.zip
2012-11-25 23:24 - 2012-11-25 23:24 - 00468136 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu.zip
2012-11-15 22:23 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 22:23 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 22:23 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 22:23 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 22:14 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 22:14 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 22:14 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 22:14 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 22:14 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 22:14 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 22:14 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 22:14 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 22:14 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 22:14 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 22:14 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 22:14 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 22:14 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 22:14 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 22:14 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 22:14 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 22:14 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 22:14 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 22:14 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 22:14 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 22:14 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 22:14 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 22:14 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 22:14 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 22:13 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 22:13 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 22:13 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 22:13 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 22:13 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 22:13 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 22:13 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 22:13 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 22:10 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 22:10 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 22:10 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 22:10 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 22:10 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 21:58 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 21:58 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 21:58 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 21:58 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 21:58 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 21:58 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 21:58 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 21:58 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 21:58 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 21:58 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 21:58 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 21:58 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 21:58 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 21:58 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 21:58 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 21:57 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 21:57 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 21:57 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 21:57 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-12 22:18 - 2012-11-12 22:52 - 00000000 ____D C:\Users\Liam\AppData\Local\Darksiders
2012-11-12 22:18 - 2012-11-12 22:18 - 00000000 ____D C:\Users\Liam\Documents\My Games
2012-11-12 21:41 - 2012-11-12 22:17 - 00000000 ____D C:\Program Files (x86)\Darksiders
2012-11-09 17:15 - 2012-11-09 19:00 - 00000000 ____D C:\Users\Liam\Downloads\Men.in.Black.3.2012.720p.BluRay.x264.DTS-HDChina [PublicHD]
2012-11-09 17:10 - 2012-11-09 17:10 - 00033897 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.720p.bluray.x264.dts.hdchina.publichd.torrent
2012-11-09 16:56 - 2012-11-09 22:15 - 00000000 ____D C:\Users\Liam\Downloads\Total.Recall.2012.EXTENDED.DC.720p.BluRay.DTS.x264-PublicHD
2012-11-09 16:55 - 2012-11-10 21:56 - 00000000 ____D C:\Users\Liam\Downloads\The Amazing Spiderman (2012) [1080p]
2012-11-09 16:54 - 2012-11-09 16:54 - 00113180 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spider.man.2012.retail.dvdrip.xvid.psig.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00021381 ____A C:\Users\Liam\Downloads\[kat.ph]total.recall.2012.extended.dc.720p.bluray.dts.x264.publichd.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00011100 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spiderman.2012.1080p.brrip.x264.yify.torrent
2012-11-09 16:52 - 2012-11-09 16:52 - 00008604 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bdrip.x264.aac.26k.torrent
2012-11-08 22:40 - 2012-11-09 04:38 - 00000000 ____D C:\Users\Liam\Downloads\Men.In.Black.3.2012.1080p.BluRay.3D.H-SBS.DTS.x264-PublicHD
2012-11-08 22:36 - 2012-11-08 22:55 - 00000000 ____D C:\Users\Liam\Downloads\Ted[2012]BRRip XviD-ETRG
2012-11-08 22:35 - 2012-11-08 23:33 - 00000000 ____D C:\Users\Liam\Downloads\Madagascar 3 Europes Most Wanted (2012) [1080p]
2012-11-08 21:12 - 2012-11-08 21:12 - 00015151 ____A C:\Users\Liam\Downloads\[kat.ph]madagascar.3.europe.s.most.wanted.2012.1080p.brrip.x264.yify.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00060303 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bluray.3d.h.sbs.dts.x264.publichd.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00015259 ____A C:\Users\Liam\Downloads\[kat.ph]ted.2012.brrip.xvid.etrg.torrent
==================== One Month Modified Files and Folders =======
2012-12-05 21:15 - 2012-12-05 21:15 - 00000000 ____D C:\FRST
2012-12-05 00:14 - 2012-10-03 22:58 - 01237620 ____A C:\Windows\WindowsUpdate.log
2012-12-05 00:14 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 00:14 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 00:11 - 2012-10-21 12:22 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-05 00:10 - 2012-10-06 18:13 - 00007750 ____A C:\Windows\setupact.log
2012-12-05 00:10 - 2012-10-04 00:31 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-05 00:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 00:08 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-04 23:41 - 2012-10-04 00:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-04 23:15 - 2012-10-21 12:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-02 20:53 - 2012-12-02 20:53 - 00026128 ____A C:\ComboFix.txt
2012-12-02 20:53 - 2012-12-02 20:33 - 00000000 ____D C:\Qoobox
2012-12-02 20:53 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-12-02 20:52 - 2012-12-02 20:33 - 00000000 ____D C:\Windows\erdnt
2012-12-02 20:51 - 2010-11-20 19:47 - 00021620 ____A C:\Windows\PFRO.log
2012-12-02 20:51 - 2009-07-13 18:34 - 72089600 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 15466496 ____A C:\Windows\System32\config\SYSTEM.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-12-02 20:51 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-02 20:38 - 2009-07-13 21:08 - 00012588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-02 20:33 - 2012-12-02 20:32 - 05009299 ____R (Swearware) C:\Users\Liam\Downloads\ComboFix.exe
2012-12-01 12:02 - 2012-12-01 12:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-01 11:56 - 2012-12-01 11:56 - 00003483 ____A C:\Users\Liam\Desktop\AdwCleaner[S1].txt
2012-12-01 11:54 - 2012-12-01 11:54 - 00003483 ____A C:\AdwCleaner[S1].txt
2012-12-01 11:52 - 2012-12-01 11:52 - 00003361 ____A C:\Users\Liam\Desktop\AdwCleaner[R1].txt
2012-12-01 11:52 - 2012-12-01 11:51 - 00003361 ____A C:\AdwCleaner[R1].txt
2012-12-01 11:51 - 2012-10-04 02:01 - 00000000 ____D C:\Users\Liam\AppData\Roaming\uTorrent
2012-12-01 11:47 - 2012-12-01 11:47 - 00020072 ____A C:\Users\Liam\Desktop\dds.txt
2012-12-01 11:47 - 2012-12-01 11:47 - 00008276 ____A C:\Users\Liam\Desktop\attach.txt
2012-11-30 09:01 - 2012-11-30 09:01 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man.(2012)
2012-11-29 23:19 - 2012-11-29 23:17 - 00000000 ____D C:\Users\All Users\Windows Codecs
2012-11-29 23:18 - 2012-10-04 17:13 - 00000000 ____D C:\Users\Liam\AppData\Roaming\vlc
2012-11-29 23:17 - 2012-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-29 23:15 - 2012-11-29 23:15 - 00059062 ____A C:\Users\Liam\Downloads\searching-for-sugar-man.-2012.torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE (1).torrent
2012-11-29 23:14 - 2012-11-29 23:14 - 00016778 ____A C:\Users\Liam\Downloads\Sugar_Man_DVDRip_XviD-aAF_rar.torrent
2012-11-29 22:30 - 2012-11-29 22:29 - 06324201 ____A (FreeVideoJoiner.com ) C:\Users\Liam\Downloads\freevideojoinersetup.exe
2012-11-29 19:32 - 2012-11-29 19:24 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man [English] (DVD) x264 AMIABLE
2012-11-29 19:24 - 2012-11-29 19:24 - 00030966 ____A C:\Users\Liam\Downloads\[isoHunt] Searching for Sugar Man [English] (DVD) x264 AMIABLE.torrent
2012-11-29 14:36 - 2012-11-29 13:53 - 00000000 ____D C:\Users\Liam\Downloads\Searching for Sugar Man[2012]BRRip XviD-ETRG
2012-11-29 11:39 - 2012-11-29 10:54 - 00000000 ____D C:\Users\Liam\Downloads\The.Expendables.2.2012.PROPER.720p.BRRip.XviD.AC3-ViSiON
2012-11-29 11:02 - 2012-11-29 10:49 - 00000000 ____D C:\Users\Liam\Downloads\Taken 2 2012 TS XViD-sC0rp
2012-11-29 10:50 - 2012-11-29 10:50 - 00058353 ____A C:\Users\Liam\Downloads\[isoHunt] 2335093.torrent
2012-11-29 10:46 - 2012-11-29 10:46 - 00110535 ____A C:\Users\Liam\Downloads\[kat.ph]the.expendables.2.2012.proper.720p.brrip.xvid.ac3.vision.torrent
2012-11-29 10:46 - 2012-11-29 10:46 - 00015083 ____A C:\Users\Liam\Downloads\[kat.ph]taken.2.2012.ts.xvid.sc0rp.torrent
2012-11-29 07:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-29 06:21 - 2012-11-28 21:45 - 00000000 ____D C:\Users\Liam\Downloads\Looper 2012 BDRip [SEEDBOX] Pimp4003
2012-11-28 23:08 - 2012-11-28 22:25 - 00000000 ____D C:\Users\Public\Games
2012-11-28 22:21 - 2012-11-28 21:50 - 00001328 ____A C:\Users\UpdatusUser\Desktop\World of Warcraft Installer.lnk
2012-11-28 22:21 - 2012-11-28 21:50 - 00001328 ____A C:\Users\Liam\Desktop\World of Warcraft Installer.lnk
2012-11-28 21:50 - 2012-11-28 21:50 - 00000000 ____D C:\Users\All Users\Blizzard
2012-11-28 21:49 - 2012-11-28 21:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2012-11-28 21:42 - 2012-11-28 21:42 - 00144435 ____A C:\Users\Liam\Downloads\[kat.ph]james.bond.007.films.50th.anniversary.collection.1962.2008.720p.bluray.x264.nhanc3.torrent
2012-11-28 21:41 - 2012-11-28 21:41 - 00012483 ____A C:\Users\Liam\Downloads\[kat.ph]looper.2012.bdrip.seedbox.pimp4003.torrent
2012-11-28 21:39 - 2012-11-28 21:39 - 00000000 ____D C:\Users\Liam\Downloads\Snow.White.and.the.Huntsman.2012.EXTENDED.BDRip.XviD-AMIABLE
2012-11-28 21:38 - 2012-11-28 21:38 - 00114843 ____A C:\Users\Liam\Downloads\[kat.ph]snow.white.and.the.huntsman.2012.extended.bdrip.xvid.amiable.torrent
2012-11-26 18:12 - 2012-11-26 18:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2012-11-26 00:37 - 2012-11-26 00:37 - 00467505 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu_b.zip
2012-11-26 00:24 - 2012-11-26 00:24 - 00473455 ____A C:\Users\Liam\Downloads\mgs_peace_walker_c.zip
2012-11-25 23:30 - 2012-11-25 23:26 - 47818182 ____A C:\Users\Liam\Downloads\metal-gear-solid-peace-walker-dlc.zip
2012-11-25 23:24 - 2012-11-25 23:24 - 00468136 ____A C:\Users\Liam\Downloads\mgs_peace_walker_eu.zip
2012-11-15 22:46 - 2012-10-04 00:00 - 00142464 ____A C:\Users\Liam\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 22:45 - 2009-07-13 20:45 - 05047880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 22:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-15 22:29 - 2012-10-04 01:27 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-15 22:11 - 2012-10-03 23:50 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 22:08 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-11-12 22:52 - 2012-11-12 22:18 - 00000000 ____D C:\Users\Liam\AppData\Local\Darksiders
2012-11-12 22:18 - 2012-11-12 22:18 - 00000000 ____D C:\Users\Liam\Documents\My Games
2012-11-12 22:17 - 2012-11-12 21:41 - 00000000 ____D C:\Program Files (x86)\Darksiders
2012-11-12 22:13 - 2012-10-04 18:52 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-12 22:13 - 2012-10-04 01:34 - 00014537 ____A C:\Windows\DirectX.log
2012-11-12 21:55 - 2012-10-04 18:52 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-11-10 21:56 - 2012-11-09 16:55 - 00000000 ____D C:\Users\Liam\Downloads\The Amazing Spiderman (2012) [1080p]
2012-11-09 22:15 - 2012-11-09 16:56 - 00000000 ____D C:\Users\Liam\Downloads\Total.Recall.2012.EXTENDED.DC.720p.BluRay.DTS.x264-PublicHD
2012-11-09 19:00 - 2012-11-09 17:15 - 00000000 ____D C:\Users\Liam\Downloads\Men.in.Black.3.2012.720p.BluRay.x264.DTS-HDChina [PublicHD]
2012-11-09 17:10 - 2012-11-09 17:10 - 00033897 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.720p.bluray.x264.dts.hdchina.publichd.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00113180 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spider.man.2012.retail.dvdrip.xvid.psig.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00021381 ____A C:\Users\Liam\Downloads\[kat.ph]total.recall.2012.extended.dc.720p.bluray.dts.x264.publichd.torrent
2012-11-09 16:54 - 2012-11-09 16:54 - 00011100 ____A C:\Users\Liam\Downloads\[kat.ph]the.amazing.spiderman.2012.1080p.brrip.x264.yify.torrent
2012-11-09 16:52 - 2012-11-09 16:52 - 00008604 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bdrip.x264.aac.26k.torrent
2012-11-09 07:15 - 2012-10-06 23:21 - 00000000 ____D C:\Users\Liam\Downloads\Darksiders - SKIDROW
2012-11-09 04:38 - 2012-11-08 22:40 - 00000000 ____D C:\Users\Liam\Downloads\Men.In.Black.3.2012.1080p.BluRay.3D.H-SBS.DTS.x264-PublicHD
2012-11-08 23:33 - 2012-11-08 22:35 - 00000000 ____D C:\Users\Liam\Downloads\Madagascar 3 Europes Most Wanted (2012) [1080p]
2012-11-08 22:55 - 2012-11-08 22:36 - 00000000 ____D C:\Users\Liam\Downloads\Ted[2012]BRRip XviD-ETRG
2012-11-08 21:12 - 2012-11-08 21:12 - 00015151 ____A C:\Users\Liam\Downloads\[kat.ph]madagascar.3.europe.s.most.wanted.2012.1080p.brrip.x264.yify.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00060303 ____A C:\Users\Liam\Downloads\[kat.ph]men.in.black.3.2012.1080p.bluray.3d.h.sbs.dts.x264.publichd.torrent
2012-11-08 21:11 - 2012-11-08 21:11 - 00015259 ____A C:\Users\Liam\Downloads\[kat.ph]ted.2012.brrip.xvid.etrg.torrent
ZeroAccess:
C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}
C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\L
C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\U
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-12-03 20:41:12
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8043.86 MB
Available physical RAM: 7240.32 MB
Total Pagefile: 8042.06 MB
Available Pagefile: 7228.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:698.54 GB) (Free:547.39 GB) NTFS
3 Drive f: () (Removable) (Total:15.22 GB) (Free:15.22 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 15 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 698 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 1768 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 15 GB Healthy
=========================================================
Last Boot: 2012-12-04 09:57
==================== End Of Log =============================

 

[Liam Bell]

Sorry it took so long to get the logs, I kept trying but I kept wring frst.exe not frst64.exe.... so yeah I thought I was pretty dumb after I figured that out...

Got there in the end

Liam

 

[Jay Pfoutz]

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.



ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[Liam Bell]

Here is frst64 log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2012
Ran by SYSTEM at 2012-12-06 14:26:53 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2} moved successfully.

==== End of Fixlog ====

 

[Liam Bell]

Here is combofix log

ComboFix 12-12-02.01 - Liam 06/12/2012 14:32:53.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.8044.6391 [GMT 13:00]
Running from: c:\users\Liam\Downloads\ComboFix.exe
Command switches used :: c:\users\Liam\Downloads\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-12-06 05:15 . 2012-12-06 05:15--------d-----w-C:\FRST
2012-12-06 01:58 . 2012-12-06 01:58--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-12-06 01:58 . 2012-12-06 01:58--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-04 06:34 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{91E8ABE3-B79F-4925-A5BE-A13C3F0B8046}\mpengine.dll
2012-12-01 20:02 . 2012-12-01 20:02--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-11-30 07:17 . 2012-11-30 07:19--------d-----w-c:\programdata\Windows Codecs
2012-11-30 07:17 . 2012-11-30 07:17--------d-----w-c:\program files (x86)\Mega Codec Pack
2012-11-29 06:25 . 2012-11-29 07:08--------d-----w-c:\users\Public\Games
2012-11-29 05:50 . 2012-11-29 05:50--------d-----w-c:\programdata\Blizzard
2012-11-16 06:23 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 06:23 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 06:23 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 06:23 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-16 06:13 . 2012-10-08 11:17816640----a-w-c:\windows\system32\jscript.dll
2012-11-16 06:13 . 2012-10-08 11:152144768----a-w-c:\windows\system32\iertutil.dll
2012-11-16 06:13 . 2012-10-08 11:25499200----a-w-c:\program files\Internet Explorer\jsdbgui.dll
2012-11-16 06:13 . 2012-10-08 07:50678912----a-w-c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-11-16 06:13 . 2012-10-08 07:49387584----a-w-c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-11-16 06:13 . 2012-10-08 11:26887296----a-w-c:\program files\Internet Explorer\iedvtool.dll
2012-11-16 06:13 . 2012-10-08 12:1917811968----a-w-c:\windows\system32\mshtml.dll
2012-11-16 06:13 . 2012-10-08 11:4210925568----a-w-c:\windows\system32\ieframe.dll
2012-11-16 06:10 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 06:10 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 06:10 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-16 06:10 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-16 06:10 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-16 06:10 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-16 06:10 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 05:57 . 2012-10-03 17:4418944----a-w-c:\windows\system32\netevent.dll
2012-11-15 05:57 . 2012-10-03 16:4218944----a-w-c:\windows\SysWow64\netevent.dll
2012-11-15 05:57 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-15 05:57 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-13 06:18 . 2012-11-13 06:52--------d-----w-c:\users\Liam\AppData\Local\Darksiders
2012-11-13 05:41 . 2012-11-13 06:17--------d-----w-c:\program files (x86)\Darksiders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 06:11 . 2012-10-04 07:5066395536----a-w-c:\windows\system32\MRT.exe
2012-11-01 08:52 . 2012-11-01 08:5275928----a-w-c:\windows\system32\drivers\dc3d.sys
2012-11-01 08:52 . 2012-11-01 08:521795952----a-w-c:\windows\system32\WdfCoInstaller01011.dll
2012-10-21 20:55 . 2012-10-21 20:5573656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-21 20:55 . 2012-10-21 20:55696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:38 . 2012-11-29 04:32135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 04:32350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 04:32561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-05 04:04 . 2012-10-05 04:04971360----a-w-c:\windows\system32\drivers\timntr.sys
2012-10-05 04:04 . 2012-10-05 04:04210016----a-w-c:\windows\system32\drivers\vididr.sys
2012-10-05 04:04 . 2012-10-05 04:04275552----a-w-c:\windows\system32\drivers\snapman.sys
2012-10-05 04:04 . 2012-10-05 04:04141920----a-w-c:\windows\system32\drivers\vsflt53.sys
2012-10-04 08:58 . 2012-10-04 09:021640768----a-w-c:\windows\system32\nvvsvc.exe
2012-10-04 08:58 . 2012-10-04 09:025160256----a-w-c:\windows\system32\nvsvc64.dll
2012-10-04 08:58 . 2012-10-04 09:023074368----a-w-c:\windows\system32\nvsvcr.dll
2012-10-04 08:58 . 2012-10-04 09:02137536----a-w-c:\windows\system32\nvshext.dll
2012-10-04 08:58 . 2012-10-04 09:02222528----a-w-c:\windows\system32\nvmctray.dll
2012-10-04 08:58 . 2012-10-04 09:02540992----a-w-c:\windows\system32\nvhotkey.dll
2012-10-04 08:58 . 2012-10-04 09:0210428736----a-w-c:\windows\system32\nvcpl.dll
2012-10-04 08:57 . 2012-10-04 09:022417322----a-w-c:\windows\system32\nvcoproc.bin
2012-10-04 08:57 . 2012-10-04 09:02837952----a-w-c:\windows\system32\easyupdatusapiu64.dll
2012-10-04 08:57 . 2012-10-04 09:0255616----a-w-c:\windows\system32\nv3dappshextr.dll
2012-10-04 08:57 . 2012-10-04 09:021350976----a-w-c:\windows\system32\nv3dappshext.dll
2012-10-04 08:57 . 2012-10-04 09:018798528----a-w-c:\windows\system32\nvwgf2umx.dll
2012-10-04 08:57 . 2012-10-04 09:0168928----a-w-c:\windows\system32\OpenCL.dll
2012-10-04 08:57 . 2012-10-04 09:0161248----a-w-c:\windows\SysWow64\OpenCL.dll
2012-10-04 08:57 . 2012-10-04 09:01862016----a-w-c:\windows\system32\nvumdshimx.dll
2012-10-04 08:57 . 2012-10-04 09:01718144----a-w-c:\windows\SysWow64\nvumdshim.dll
2012-10-04 08:57 . 2012-10-04 09:017049536----a-w-c:\windows\SysWow64\nvwgf2um.dll
2012-10-04 08:57 . 2012-10-04 09:01371520----a-w-c:\windows\system32\nvoptimusmft.dll
2012-10-04 08:57 . 2012-10-04 09:01330560----a-w-c:\windows\SysWow64\nvoptimusmft.dll
2012-10-04 08:57 . 2012-10-04 09:0128992----a-w-c:\windows\system32\drivers\nvpciflt.sys
2012-10-04 08:57 . 2012-10-04 09:0124748864----a-w-c:\windows\system32\nvoglv64.dll
2012-10-04 08:57 . 2012-10-04 09:01241984----a-w-c:\windows\system32\nvinitx.dll
2012-10-04 08:57 . 2012-10-04 09:01203072----a-w-c:\windows\SysWow64\nvinit.dll
2012-10-04 08:57 . 2012-10-04 09:0118876736----a-w-c:\windows\SysWow64\nvoglv32.dll
2012-10-04 08:57 . 2012-10-04 09:011454912----a-w-c:\windows\system32\nvgenco64.dll
2012-10-04 08:57 . 2012-10-04 09:0113012800----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-04 08:57 . 2012-10-04 09:01364352----a-w-c:\windows\system32\nvdecodemft.dll
2012-10-04 08:57 . 2012-10-04 09:01301888----a-w-c:\windows\SysWow64\nvdecodemft.dll
2012-10-04 08:57 . 2012-10-04 09:0115696704----a-w-c:\windows\system32\nvd3dumx.dll
2012-10-04 08:57 . 2012-10-04 09:011543488----a-w-c:\windows\system32\nvdispco64.dll
2012-10-04 08:57 . 2012-10-04 09:0113208384----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-10-04 08:57 . 2012-10-04 09:017598400----a-w-c:\windows\system32\nvcuda.dll
2012-10-04 08:57 . 2012-10-04 09:015589824----a-w-c:\windows\SysWow64\nvcuda.dll
2012-10-04 08:57 . 2012-10-04 09:012544960----a-w-c:\windows\system32\nvcuvid.dll
2012-10-04 08:57 . 2012-10-04 09:012403136----a-w-c:\windows\SysWow64\nvcuvid.dll
2012-10-04 08:57 . 2012-10-04 09:012233664----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-04 08:57 . 2012-10-04 09:012100544----a-w-c:\windows\SysWow64\nvcuvenc.dll
2012-10-04 08:57 . 2012-10-04 09:0117248576----a-w-c:\windows\SysWow64\nvcompiler.dll
2012-10-04 08:57 . 2012-10-04 09:012824000----a-w-c:\windows\system32\nvapi64.dll
2012-10-04 08:57 . 2012-10-04 09:0124796992----a-w-c:\windows\system32\nvcompiler.dll
2012-10-04 08:57 . 2012-10-04 09:012472768----a-w-c:\windows\SysWow64\nvapi.dll
2012-10-04 07:55 . 2012-10-04 07:5591648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2012-10-04 07:55 . 2012-10-04 07:5589088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2012-10-04 07:55 . 2012-10-04 07:5586528----a-w-c:\windows\SysWow64\iesysprep.dll
2012-10-04 07:55 . 2012-10-04 07:5576800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-04 07:55 . 2012-10-04 07:5574752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-04 07:55 . 2012-10-04 07:5574752----a-w-c:\windows\SysWow64\iesetup.dll
2012-10-04 07:55 . 2012-10-04 07:5565024----a-w-c:\windows\system32\pngfilt.dll
2012-10-04 07:55 . 2012-10-04 07:5563488----a-w-c:\windows\SysWow64\tdc.ocx
2012-10-04 07:55 . 2012-10-04 07:5555296----a-w-c:\windows\system32\msfeedsbs.dll
2012-10-04 07:55 . 2012-10-04 07:5549664----a-w-c:\windows\system32\imgutil.dll
2012-10-04 07:55 . 2012-10-04 07:5548640----a-w-c:\windows\SysWow64\mshtmler.dll
2012-10-04 07:55 . 2012-10-04 07:5548640----a-w-c:\windows\system32\mshtmler.dll
2012-10-04 07:55 . 2012-10-04 07:55367104----a-w-c:\windows\SysWow64\html.iec
2012-10-04 07:55 . 2012-10-04 07:5535840----a-w-c:\windows\SysWow64\imgutil.dll
2012-10-04 07:55 . 2012-10-04 07:55267776----a-w-c:\windows\system32\ieaksie.dll
2012-10-04 07:55 . 2012-10-04 07:5523552----a-w-c:\windows\SysWow64\licmgr10.dll
2012-10-04 07:55 . 2012-10-04 07:55222208----a-w-c:\windows\system32\msls31.dll
2012-10-04 07:55 . 2012-10-04 07:55197120----a-w-c:\windows\system32\msrating.dll
2012-10-04 07:55 . 2012-10-04 07:55163840----a-w-c:\windows\system32\ieakui.dll
2012-10-04 07:55 . 2012-10-04 07:55161792----a-w-c:\windows\SysWow64\msls31.dll
2012-10-04 07:55 . 2012-10-04 07:55160256----a-w-c:\windows\system32\ieakeng.dll
2012-10-04 07:55 . 2012-10-04 07:55152064----a-w-c:\windows\SysWow64\wextract.exe
2012-10-04 07:55 . 2012-10-04 07:55150528----a-w-c:\windows\SysWow64\iexpress.exe
2012-10-04 07:55 . 2012-10-04 07:55149504----a-w-c:\windows\system32\occache.dll
2012-10-04 07:55 . 2012-10-04 07:55145920----a-w-c:\windows\system32\iepeers.dll
2012-10-04 07:55 . 2012-10-04 07:55135168----a-w-c:\windows\system32\IEAdvpack.dll
2012-10-04 07:55 . 2012-10-04 07:5512288----a-w-c:\windows\system32\mshta.exe
2012-10-04 07:55 . 2012-10-04 07:5511776----a-w-c:\windows\SysWow64\mshta.exe
2012-10-04 07:55 . 2012-10-04 07:55114176----a-w-c:\windows\system32\admparse.dll
2012-10-04 07:55 . 2012-10-04 07:55111616----a-w-c:\windows\system32\iesysprep.dll
2012-10-04 07:55 . 2012-10-04 07:55110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2012-10-04 07:55 . 2012-10-04 07:5510752----a-w-c:\windows\system32\msfeedssync.exe
2012-10-04 07:55 . 2012-10-04 07:55101888----a-w-c:\windows\SysWow64\admparse.dll
2012-10-04 07:55 . 2012-10-04 07:5589088----a-w-c:\windows\system32\ie4uinit.exe
2012-10-04 07:55 . 2012-10-04 07:5585504----a-w-c:\windows\system32\iesetup.dll
2012-10-04 07:55 . 2012-10-04 07:5582432----a-w-c:\windows\system32\icardie.dll
2012-10-04 07:55 . 2012-10-04 07:5576800----a-w-c:\windows\system32\tdc.ocx
2012-10-04 07:55 . 2012-10-04 07:55534528----a-w-c:\windows\system32\ieapfltr.dll
2012-10-04 07:55 . 2012-10-04 07:55452608----a-w-c:\windows\system32\dxtmsft.dll
2012-10-04 07:55 . 2012-10-04 07:55448512----a-w-c:\windows\system32\html.iec
2012-10-04 07:55 . 2012-10-04 07:55403248----a-w-c:\windows\system32\iedkcs32.dll
2012-10-04 07:55 . 2012-10-04 07:5539936----a-w-c:\windows\system32\iernonce.dll
2012-10-04 07:55 . 2012-10-04 07:553695416----a-w-c:\windows\system32\ieapfltr.dat
2012-10-04 07:55 . 2012-10-04 07:5530720----a-w-c:\windows\system32\licmgr10.dll
2012-10-04 07:55 . 2012-10-04 07:55282112----a-w-c:\windows\system32\dxtrans.dll
2012-10-04 07:55 . 2012-10-04 07:55249344----a-w-c:\windows\system32\webcheck.dll
2012-10-04 07:55 . 2012-10-04 07:55165888----a-w-c:\windows\system32\iexpress.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Windows Codecs]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-30 07:17172032----a-w-c:\programdata\Windows Codecs\MediaShellOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-05 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-17 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-04-12 113288]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-04 1431888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-09-17 13368]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-09-12 105816]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-04 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-04 28992]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-10-05 210016]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-10-05 141920]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-03 146432]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-09-12 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-12 119640]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-21 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-03 137144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-17 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-01-19 52264]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-01 75928]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-12-01 411688]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-04-12 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-04-12 181760]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-12 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-12 146264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 20:55]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:31]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-21 4035152]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.daum.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-06 15:00:40
ComboFix-quarantined-files.txt 2012-12-06 02:00
ComboFix2.txt 2012-12-03 04:53
.
Pre-Run: 597,137,838,080 bytes free
Post-Run: 597,076,164,608 bytes free
.
- - End Of File - - 15BD16A00E7978F90E24D7EF2CAA5CCE

 

[Liam Bell]

Laptop seems to be running and booting fine, no eset popups lately

fantastic

thanks Jay

please let me know if it would be a suitable time to use my banking online

 

[Jay Pfoutz]

Good for banking now.

Let's finish up with a final check and cleanup.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Liam Bell]

Hi, it found two threats. My ESET gave me the option to delete or no action

 

[Liam Bell]

I pressed enter by mistake, anyway I have done nothing yet and will leave laptop running until further instructions

Here is the log that I saved

C:\Qoobox\Quarantine\C\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\U\80000032.@.virprobably a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{8a476e9b-0a60-74f7-30ef-5facd25f86e2}\U\80000064.@.vira variant of Win64/Sirefef.AN trojancleaned by deleting - quarantined
Thank you
Liam

 

[Liam Bell]

I didn't do any other steps after threats were found, please let me know if I should complete all the other steps

 

[Jay Pfoutz]

Go ahead with the other steps. Should be fine..

 

[Liam Bell]

Hi, thanks. I have completed steps.

Here are the logs.

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Okay... remove these old versions of Chrome, please:
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91


Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

Any other questions before I mark this topic solved?

 

[Jay Pfoutz]

Topic marked solved.