Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C0000135 %hs is missing because of Avast - help please


  • This topic is locked This topic is locked
12 replies to this topic

#1 intheshadows

intheshadows

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 05 April 2012 - 07:43 PM

I have just stumbled upon this excellent site while desperately trying to fix my machine. It looks a really great community!

After running an Avast scan yesterday, I awoke to find that my machine wasn't booting and I was receiving the error "C0000135 %hs is missing". I've ran the Farbar Recovery Scan tool and I attach my log below.

Any help will be highly appreciated.

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 06-04-2012 01:23:23
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Launchpad] %programfiles%\Windows Server\Bin\Launchpad.exe -autostart [1096576 2012-01-12] (Microsoft Corporation)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Mark\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B3E8A5FA-D17F-4C7A-A906-AADD4911BE55}: [NameServer]8.8.8.8 8.8.4.4
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 arXfrSvc; "C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe" [79744 2011-03-02] (Microsoft Corporation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd)
2 HealthAlertsSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientAlertServiceConfig" [30592 2011-03-02] (Microsoft Corporation)
2 initMonitor; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientSystemServiceConfig" [30592 2011-03-02] (Microsoft Corporation)
2 LANConfig; "C:\Program Files\Windows Server\Bin\LANConfigSvc.exe" [27520 2011-03-02] (Microsoft Corporation)
2 NotificationsProviderSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientLocalServiceConfig" [30592 2011-03-02] (Microsoft Corporation)
2 providers_system; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\ClientSystemServiceConfig" [30592 2011-03-02] (Microsoft Corporation)
2 ServiceProviderRegistry; "C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe" [40832 2012-01-12] (Microsoft Corporation)
2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [531328 2012-02-09] (Splashtop Inc.)
4 SqmProviderSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\SqmServiceConfig" [30592 2011-03-02] (Microsoft Corporation)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 WhsMcClient; "C:\Program Files\Windows Server\Bin\WhsMcClient.exe" [111488 2011-03-02] (Microsoft Corporation)
2 WSConnectorUpdate; "C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe" [228736 2011-03-02] (Microsoft Corporation)
2 WSS_ComputerBackupProviderSvc; "C:\Program Files\Windows Server\Bin\SharedServiceHost.exe" "C:\Program Files\Windows Server\Bin\BackupClientConfig" [30592 2011-03-02] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 BackupReader; C:\Windows\System32\Drivers\BackupReader.sys [63872 2011-03-02] (Microsoft Corporation)
3 CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [202776 2009-06-03] (Creative Technology Ltd.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-08-13] (DT Soft Ltd)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [31232 2011-07-01] (The OpenVPN Project)
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-08-26] (CyberLink Corp.)

========================== NetSvcs (Whitelisted) ===========
NETSVC: tbiosdrv
NETSVC: https-admserv61

============ One Month Created Files and Folders ==============

2012-04-04 07:10 - 2012-04-04 07:10 - 0001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-04 07:10 - 2012-04-04 07:10 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-04 07:10 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-04-04 07:10 - 2012-03-06 15:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-04-04 07:10 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-04-04 07:10 - 2012-03-06 15:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-04-04 07:10 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-04-04 07:10 - 2012-03-06 15:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-04-04 07:10 - 2012-03-06 15:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-04-04 07:09 - 2012-03-06 15:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-04-04 07:09 - 2012-03-06 15:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-04-03 15:00 - 2012-04-03 15:00 - 0000000 ____D C:\Program Files (x86)\VS Revo Group
2012-04-03 14:55 - 2012-04-04 07:09 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-03 14:55 - 2012-04-04 07:09 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-03 14:55 - 2012-04-04 07:09 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-03 14:53 - 2012-04-03 14:54 - 74761776 ____A C:\Users\Mark\Downloads\avast_free_antivirus_setup.exe
2012-04-03 14:42 - 2012-04-03 14:42 - 1402880 ____A C:\Users\Mark\Downloads\HiJackThis.msi
2012-04-03 14:42 - 2012-04-03 14:42 - 0002971 ____A C:\Users\Mark\Desktop\HiJackThis.lnk
2012-04-03 14:42 - 2012-04-03 14:42 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-04-02 14:39 - 2012-04-03 23:28 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-02 14:39 - 2012-04-02 14:39 - 0000000 ____D C:\Users\Mark\AppData\Roaming\mkvtoolnix
2012-04-02 14:38 - 2012-04-02 14:38 - 5655241 ____A C:\Users\Mark\Downloads\mkvtoolnix-unicode-3.3.0-setup.exe
2012-04-02 14:38 - 2012-04-02 14:38 - 0001892 ____A C:\Users\Public\Desktop\mkvmerge GUI.lnk
2012-04-02 14:38 - 2012-04-02 14:38 - 0000000 ____D C:\Windows\system64
2012-04-02 14:38 - 2012-04-02 14:38 - 0000000 ____D C:\Program Files (x86)\MKVtoolnix
2012-04-02 14:37 - 2012-04-02 14:37 - 0000000 ____D C:\Users\Mark\Downloads\mkvtoolnix-0.4.2
2012-04-02 14:36 - 2012-04-02 14:36 - 2222932 ____A C:\Users\Mark\Downloads\mkvtoolnix-0.4.2.zip
2012-04-02 14:36 - 2012-04-02 14:36 - 0715796 ____A C:\Users\Mark\Downloads\MKVExtractGUI-2.2.2.8.zip
2012-04-02 13:51 - 2012-04-02 13:51 - 0001002 ____A C:\Users\Public\Desktop\VideoReDo TVSuite V4.lnk
2012-04-02 13:51 - 2012-04-02 13:51 - 0000000 ____D C:\Users\Mark\Documents\VideoReDo
2012-04-02 13:50 - 2012-04-02 14:15 - 0000000 ____D C:\Users\Mark\AppData\Roaming\VideoReDo-TVSuite4
2012-04-02 13:50 - 2012-04-02 13:51 - 0000000 ____D C:\Program Files (x86)\VideoReDoTVSuite4
2012-04-02 13:47 - 2012-04-02 13:47 - 27048584 ____A (DRD Systems, Inc. ) C:\Users\Mark\Downloads\VRDTVSH264-4-20-7-629d.exe
2012-04-01 08:16 - 2012-03-28 13:44 - 0034067 ____A C:\Users\Mark\Desktop\CCcam.channelinfo
2012-04-01 08:00 - 2012-04-01 08:00 - 0000000 ____D C:\Users\Mark\Downloads\SGTFlipFlop.SkyUK.Picon.Pack.28.03.12
2012-04-01 08:00 - 2012-04-01 08:00 - 0000000 ____D C:\Users\Mark\Downloads\SGTFlipFlop ENiGMA2 28.03.12
2012-04-01 08:00 - 2012-04-01 08:00 - 0000000 ____D C:\Users\Mark\Downloads\CCcam.channelinfo.28.2e.only.28.03.12
2012-04-01 07:59 - 2012-04-01 07:59 - 3099008 ____A C:\Users\Mark\Downloads\SGTFlipFlop.SkyUK.Picon.Pack.28.03.12.rar
2012-04-01 07:59 - 2012-04-01 07:59 - 0041043 ____A C:\Users\Mark\Downloads\SGTFlipFlop ENiGMA2 28.03.12.rar
2012-04-01 07:59 - 2012-04-01 07:59 - 0005769 ____A C:\Users\Mark\Downloads\CCcam.channelinfo.28.2e.only.28.03.12.rar
2012-04-01 07:44 - 2012-04-01 08:38 - 302401030 ____A C:\Users\Mark\Downloads\btasab_0327.mp4
2012-03-31 03:13 - 2012-03-31 08:56 - 0000000 ____D C:\Users\Mark\Downloads\Nikita.S02E18.720p.HDTV.X264-DIMENSION
2012-03-27 13:37 - 2012-03-27 13:38 - 7068498 ____A C:\Users\Mark\Downloads\01 Drive By.m4a
2012-03-27 13:37 - 2012-03-27 13:37 - 0000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-03-27 13:37 - 2012-03-27 13:37 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-27 13:36 - 2012-04-03 15:25 - 0000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent
2012-03-27 13:36 - 2012-03-27 13:36 - 0742264 ____A (BitTorrent, Inc.) C:\Users\Mark\Downloads\uTorrent(2).exe
2012-03-27 13:33 - 2012-03-27 13:33 - 0742264 ____A (BitTorrent, Inc.) C:\Users\Mark\Downloads\uTorrent(1).exe
2012-03-25 08:23 - 2012-03-25 03:56 - 168058540 ____N C:\Users\Mark\Desktop\IMG_2084.MOV
2012-03-22 15:16 - 2012-03-22 15:17 - 144044409 ____A C:\Users\Mark\Downloads\Lionel Messi - ALL 234 Goals for Barcelona in 12 Minutes [HD].mp4
2012-03-19 06:04 - 2011-03-29 12:50 - 239122753 ____N C:\Users\Mark\Desktop\IMG_1256.MOV
2012-03-19 06:03 - 2011-07-20 22:47 - 206634140 ____A C:\Users\Mark\Desktop\IMG_1648.MOV
2012-03-17 06:48 - 2012-03-17 06:48 - 76763504 ____A (Apple Inc.) C:\Users\Mark\Downloads\iTunes64Setup.exe
2012-03-16 11:55 - 2012-03-16 17:41 - 368563029 ____A C:\Users\Mark\Downloads\TM52+04.wmv
2012-03-13 15:50 - 2011-11-19 10:30 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 15:50 - 2011-11-19 06:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-13 15:50 - 2011-11-19 06:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 13:24 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 13:24 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 13:24 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 13:24 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 13:24 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 13:24 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-13 13:24 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 13:24 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-13 13:24 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-13 13:24 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-13 13:24 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 09:44 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 09:44 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 09:44 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 09:44 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 09:44 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 09:44 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 09:44 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-12 12:54 - 2012-03-12 12:54 - 0000000 ____D C:\Users\Mark\AppData\Local\Splashtop
2012-03-11 08:42 - 2012-03-11 08:50 - 27554344 ____A C:\Users\Mark\Downloads\prst_ma_22_02_12_555719733.avi
2012-03-11 06:21 - 2012-03-11 06:21 - 0000000 ____D C:\Users\Mark\Documents\Electronic Arts
2012-03-11 06:19 - 2012-03-11 06:19 - 0000631 ____A C:\Users\Public\Desktop\The Sims™ 3.lnk
2012-03-11 06:19 - 2012-03-11 06:19 - 0000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-03-10 16:32 - 2012-03-09 03:32 - 90095768 ____N C:\Users\Mark\Desktop\IMG_2067.MOV
2012-03-10 06:11 - 2012-03-10 06:56 - 285437997 ____A C:\Users\Mark\Downloads\Kacey.Jordan-miad.wmv
2012-03-09 08:29 - 2012-03-09 08:29 - 0000000 ____D C:\Program Files\Adobe
2012-03-09 08:28 - 2012-03-09 08:29 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-03-09 08:28 - 2012-03-09 08:28 - 0000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-03-08 15:35 - 2012-03-08 15:08 - 3227125 ____N C:\Users\Mark\Desktop\IMG_2066.JPG
2012-03-08 15:35 - 2012-03-08 15:08 - 2730045 ____N C:\Users\Mark\Desktop\IMG_2065.JPG
2012-03-07 12:15 - 2012-03-07 12:15 - 0012321 ____A C:\Users\Mark\Desktop\711608.jpg


============ 3 Months Modified Files and Folders =============

2012-04-06 01:23 - 2012-04-06 01:23 - 0000000 ____D C:\FRST
2012-04-05 16:00 - 2011-08-12 12:35 - 0062028 ____A C:\Windows\System32\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
2012-04-05 16:00 - 2011-08-12 12:35 - 0062028 ____A C:\Windows\System32\BMXState-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
2012-04-05 16:00 - 2011-08-12 12:35 - 0000788 ____A C:\Windows\System32\DVCState-{00000008-00000000-00000001-00001102-00000005-00221102}.rfx
2012-04-05 16:00 - 2011-08-12 12:01 - 1065967616 __ASH C:\hiberfil.sys
2012-04-05 15:31 - 2011-08-12 12:10 - 0507862 ____A C:\Windows\ntbtlog.txt
2012-04-04 14:49 - 2011-08-12 12:13 - 1194623 ____A C:\Windows\WindowsUpdate.log
2012-04-04 11:41 - 2011-08-16 07:47 - 0000000 ____D C:\Users\Mark\AppData\Roaming\XBMC
2012-04-04 10:56 - 2011-08-12 12:37 - 0002010 ___AH C:\Users\Mark\Documents\Default.rdp
2012-04-04 09:35 - 2009-07-13 21:13 - 0783270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-04 07:10 - 2012-04-04 07:10 - 0001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-04 07:10 - 2012-04-04 07:10 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-04 07:09 - 2012-04-03 14:55 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-04 07:09 - 2012-04-03 14:55 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-04 07:09 - 2012-04-03 14:55 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-04 00:22 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-04 00:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-03 23:36 - 2009-07-13 20:45 - 0013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-03 23:36 - 2009-07-13 20:45 - 0013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-03 23:30 - 2011-08-12 12:21 - 0000000 ____D C:\users\UpdatusUser
2012-04-03 23:28 - 2012-04-02 14:39 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-03 23:27 - 2011-08-12 12:21 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-03 23:27 - 2011-08-12 12:21 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-03 23:27 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-03 23:27 - 2009-07-13 20:51 - 0038174 ____A C:\Windows\setupact.log
2012-04-03 15:25 - 2012-03-27 13:36 - 0000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent
2012-04-03 15:23 - 2011-08-12 12:13 - 0000000 ____D C:\users\Mark
2012-04-03 15:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-03 15:00 - 2012-04-03 15:00 - 0000000 ____D C:\Program Files (x86)\VS Revo Group
2012-04-03 14:54 - 2012-04-03 14:53 - 74761776 ____A C:\Users\Mark\Downloads\avast_free_antivirus_setup.exe
2012-04-03 14:42 - 2012-04-03 14:42 - 1402880 ____A C:\Users\Mark\Downloads\HiJackThis.msi
2012-04-03 14:42 - 2012-04-03 14:42 - 0002971 ____A C:\Users\Mark\Desktop\HiJackThis.lnk
2012-04-03 14:42 - 2012-04-03 14:42 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-04-03 14:41 - 2011-08-12 12:13 - 0000000 ____D C:\Users\Mark\AppData\LocalLow
2012-04-02 14:39 - 2012-04-02 14:39 - 0000000 ____D C:\Users\Mark\AppData\Roaming\mkvtoolnix
2012-04-02 14:38 - 2012-04-02 14:38 - 5655241 ____A C:\Users\Mark\Downloads\mkvtoolnix-unicode-3.3.0-setup.exe
2012-04-02 14:38 - 2012-04-02 14:38 - 0001892 ____A C:\Users\Public\Desktop\mkvmerge GUI.lnk
2012-04-02 14:38 - 2012-04-02 14:38 - 0000000 ____D C:\Windows\system64
2012-04-02 14:38 - 2012-04-02 14:38 - 0000000 ____D C:\Program Files (x86)\MKVtoolnix
2012-04-02 14:37 - 2012-04-02 14:37 - 0000000 ____D C:\Users\Mark\Downloads\mkvtoolnix-0.4.2
2012-04-02 14:36 - 2012-04-02 14:36 - 2222932 ____A C:\Users\Mark\Downloads\mkvtoolnix-0.4.2.zip
2012-04-02 14:36 - 2012-04-02 14:36 - 0715796 ____A C:\Users\Mark\Downloads\MKVExtractGUI-2.2.2.8.zip
2012-04-02 14:15 - 2012-04-02 13:50 - 0000000 ____D C:\Users\Mark\AppData\Roaming\VideoReDo-TVSuite4
2012-04-02 13:51 - 2012-04-02 13:51 - 0001002 ____A C:\Users\Public\Desktop\VideoReDo TVSuite V4.lnk
2012-04-02 13:51 - 2012-04-02 13:51 - 0000000 ____D C:\Users\Mark\Documents\VideoReDo
2012-04-02 13:51 - 2012-04-02 13:50 - 0000000 ____D C:\Program Files (x86)\VideoReDoTVSuite4
2012-04-02 13:47 - 2012-04-02 13:47 - 27048584 ____A (DRD Systems, Inc. ) C:\Users\Mark\Downloads\VRDTVSH264-4-20-7-629d.exe
2012-04-02 10:02 - 2012-02-11 08:08 - 0000000 ____D C:\Users\Mark\AppData\Roaming\vlc
2012-04-02 09:33 - 2011-08-12 13:20 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 08:38 - 2012-04-01 07:44 - 302401030 ____A C:\Users\Mark\Downloads\btasab_0327.mp4
2012-04-01 08:15 - 2012-03-04 08:05 - 0000088 ____A C:\Users\Mark\Desktop\CCcam.cfg
2012-04-01 08:00 - 2012-04-01 08:00 - 0000000 ____D C:\Users\Mark\Downloads\SGTFlipFlop.SkyUK.Picon.Pack.28.03.12
2012-04-01 08:00 - 2012-04-01 08:00 - 0000000 ____D C:\Users\Mark\Downloads\SGTFlipFlop ENiGMA2 28.03.12
2012-04-01 08:00 - 2012-04-01 08:00 - 0000000 ____D C:\Users\Mark\Downloads\CCcam.channelinfo.28.2e.only.28.03.12
2012-04-01 07:59 - 2012-04-01 07:59 - 3099008 ____A C:\Users\Mark\Downloads\SGTFlipFlop.SkyUK.Picon.Pack.28.03.12.rar
2012-04-01 07:59 - 2012-04-01 07:59 - 0041043 ____A C:\Users\Mark\Downloads\SGTFlipFlop ENiGMA2 28.03.12.rar
2012-04-01 07:59 - 2012-04-01 07:59 - 0005769 ____A C:\Users\Mark\Downloads\CCcam.channelinfo.28.2e.only.28.03.12.rar
2012-03-28 13:44 - 2012-04-01 08:16 - 0034067 ____A C:\Users\Mark\Desktop\CCcam.channelinfo
2012-03-28 09:32 - 2011-08-12 12:36 - 0007752 ____A C:\Windows\PFRO.log
2012-03-27 13:38 - 2012-03-27 13:37 - 7068498 ____A C:\Users\Mark\Downloads\01 Drive By.m4a
2012-03-27 13:37 - 2012-03-27 13:37 - 0000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-03-27 13:37 - 2012-03-27 13:37 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-27 13:36 - 2012-03-27 13:36 - 0742264 ____A (BitTorrent, Inc.) C:\Users\Mark\Downloads\uTorrent(2).exe
2012-03-27 13:33 - 2012-03-27 13:33 - 0742264 ____A (BitTorrent, Inc.) C:\Users\Mark\Downloads\uTorrent(1).exe
2012-03-25 03:56 - 2012-03-25 08:23 - 168058540 ____N C:\Users\Mark\Desktop\IMG_2084.MOV
2012-03-24 16:27 - 2011-08-22 13:19 - 0001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-03-24 16:27 - 2011-08-22 13:19 - 0001080 ____A C:\Windows\System32\settings.sfm
2012-03-22 15:17 - 2012-03-22 15:16 - 144044409 ____A C:\Users\Mark\Downloads\Lionel Messi - ALL 234 Goals for Barcelona in 12 Minutes [HD].mp4
2012-03-17 16:39 - 2011-08-12 13:12 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-17 06:48 - 2012-03-17 06:48 - 76763504 ____A (Apple Inc.) C:\Users\Mark\Downloads\iTunes64Setup.exe
2012-03-16 17:41 - 2012-03-16 11:55 - 368563029 ____A C:\Users\Mark\Downloads\TM52+04.wmv
2012-03-15 16:02 - 2011-08-13 14:58 - 0768738 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-15 12:03 - 2011-08-22 13:09 - 0119344 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-03-14 10:08 - 2009-07-13 20:45 - 4847112 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 15:50 - 2011-08-13 09:30 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-13 15:50 - 2011-08-13 09:30 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-12 12:54 - 2012-03-12 12:54 - 0000000 ____D C:\Users\Mark\AppData\Local\Splashtop
2012-03-11 08:50 - 2012-03-11 08:42 - 27554344 ____A C:\Users\Mark\Downloads\prst_ma_22_02_12_555719733.avi
2012-03-11 06:21 - 2012-03-11 06:21 - 0000000 ____D C:\Users\Mark\Documents\Electronic Arts
2012-03-11 06:19 - 2012-03-11 06:19 - 0000631 ____A C:\Users\Public\Desktop\The Sims™ 3.lnk
2012-03-11 06:19 - 2012-03-11 06:19 - 0000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-03-11 06:16 - 2011-08-12 12:22 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-10 06:56 - 2012-03-10 06:11 - 285437997 ____A C:\Users\Mark\Downloads\Kacey.Jordan-miad.wmv
2012-03-09 16:58 - 2011-11-20 15:12 - 0000000 ____D C:\Users\Mark\AppData\Roaming\NVIDIA
2012-03-09 16:58 - 2011-09-06 10:37 - 0000000 ____D C:\Users\Mark\AppData\Local\Adobe
2012-03-09 16:58 - 2011-08-12 13:21 - 0000000 ____D C:\Users\Mark\AppData\Roaming\Adobe
2012-03-09 08:40 - 2011-08-12 15:44 - 0063288 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-09 08:29 - 2012-03-09 08:29 - 0000000 ____D C:\Program Files\Adobe
2012-03-09 08:29 - 2012-03-09 08:28 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-03-09 08:29 - 2011-11-23 08:40 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-09 08:29 - 2011-11-23 08:40 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-03-09 08:28 - 2012-03-09 08:28 - 0000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-03-09 08:28 - 2011-09-06 10:38 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-09 08:28 - 2011-09-06 10:38 - 0000000 ____D C:\ProgramData\Adobe
2012-03-09 08:28 - 2011-09-06 10:38 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-09 03:32 - 2012-03-10 16:32 - 90095768 ____N C:\Users\Mark\Desktop\IMG_2067.MOV
2012-03-08 15:08 - 2012-03-08 15:35 - 3227125 ____N C:\Users\Mark\Desktop\IMG_2066.JPG
2012-03-08 15:08 - 2012-03-08 15:35 - 2730045 ____N C:\Users\Mark\Desktop\IMG_2065.JPG
2012-03-07 15:50 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-03-07 12:15 - 2012-03-07 12:15 - 0012321 ____A C:\Users\Mark\Desktop\711608.jpg
2012-03-06 15:15 - 2012-04-04 07:10 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-04-04 07:09 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-04-04 07:09 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-04-04 07:10 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-04-04 07:10 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-04-04 07:10 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-04-04 07:10 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-04-04 07:10 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-04-04 07:10 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-04 05:23 - 2012-03-04 05:23 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-04 05:23 - 2011-09-24 15:09 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-02 10:07 - 2012-03-02 10:05 - 0293752 ____A C:\Users\Mark\Desktop\Cropped.jpg
2012-03-02 10:06 - 2012-03-02 10:05 - 0852211 ____A C:\Users\Mark\Desktop\Original.jpg
2012-02-29 11:00 - 2012-01-15 06:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-02-29 10:43 - 2012-02-29 10:43 - 0642712 ____A (Microsoft Corporation) C:\Users\Mark\Downloads\gfwlivesetup_4d5308d2e0000001_DIR.exe
2012-02-29 10:42 - 2012-02-29 10:42 - 5233720 ____A (Microsoft Corporation) C:\Users\Mark\Downloads\Windows8-ConsumerPreview-setup.exe
2012-02-28 10:37 - 2012-02-28 10:37 - 1615381 ____A C:\Users\Mark\Downloads\HideIPVPN-v1.0.0.2-install.exe
2012-02-27 10:24 - 2012-02-27 10:23 - 33323582 ____A C:\Users\Mark\Downloads\Archive2.zip
2012-02-25 12:05 - 2012-02-25 06:41 - 581499810 ____A C:\Users\Mark\Downloads\77809(1).rar
2012-02-25 09:54 - 2012-02-25 09:54 - 0468447 ____A C:\Users\Mark\Downloads\vpnauth.zip
2012-02-23 01:18 - 2011-08-12 12:29 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 14:53 - 2012-02-22 14:50 - 31737152 ____A C:\Users\Mark\Documents\VTS_02_1.mp3
2012-02-22 14:44 - 2012-02-22 14:44 - 1024592 ____A (Jodix Technologies Ltd. ) C:\Users\Mark\Downloads\free-dvd-mp3-ripper.exe
2012-02-22 14:42 - 2012-02-22 14:42 - 0000000 ____D C:\Users\Mark\AppData\Roaming\dBpoweramp
2012-02-21 17:37 - 2012-02-25 16:05 - 0258623 ____A C:\Users\Mark\Downloads\ToriBlack_s.jpg
2012-02-20 10:22 - 2012-02-19 14:15 - 0000487 ____A C:\Users\Mark\Desktop\CCcam.prio
2012-02-18 06:17 - 2012-02-18 06:17 - 0000000 ____D C:\Users\Mark\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2012-02-17 09:53 - 2011-08-12 12:13 - 0000174 ___SH C:\Users\Mark\Start Menu\Programs\Startup\desktop.ini
2012-02-17 09:53 - 2011-08-12 12:13 - 0000174 ___SH C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 15:21 - 2011-08-31 09:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 22:27 - 2012-03-13 09:44 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 09:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 09:44 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 09:44 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-11 08:08 - 2012-02-11 08:08 - 0001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-02-11 08:00 - 2012-02-11 07:59 - 18030130 ____A C:\Users\Mark\Downloads\vlc-1.0.3-win32.exe
2012-02-11 07:43 - 2012-02-11 07:42 - 8282187 ____A C:\Users\Mark\Downloads\vlc-0.8.5-win32.exe
2012-02-11 07:42 - 2012-02-11 07:41 - 0000000 ____D C:\Program Files (x86)\EPGcenter
2012-02-11 07:40 - 2012-02-11 07:40 - 7287147 ____A C:\Users\Mark\Downloads\EPGcenter_setup.zip
2012-02-11 06:45 - 2012-02-11 06:45 - 0000000 ____D C:\Users\Mark\Downloads\THFCCAMBS
2012-02-11 06:28 - 2012-02-11 06:28 - 0381186 ____A C:\Users\Mark\Downloads\THFCCAMBS.rar
2012-02-10 15:34 - 2012-02-10 15:34 - 21073936 ____A C:\Users\Mark\Downloads\vlc-1.1.11-win32.exe
2012-02-10 11:07 - 2012-02-10 11:07 - 0431972 ____A C:\Users\Mark\Downloads\photo.JPG
2012-02-10 00:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-02-09 22:18 - 2012-03-13 13:24 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 13:24 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 13:24 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 13:24 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 13:24 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 13:24 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 13:24 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 13:24 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 13:24 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 13:24 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-09 16:31 - 2012-02-09 16:31 - 0000000 ____D C:\Backup
2012-02-09 16:29 - 2012-02-09 16:29 - 0045298 ____A C:\Users\Mark\Downloads\SGTFlipFlop ENiGMA2 04.02.12.rar
2012-02-09 16:29 - 2012-02-09 16:29 - 0001953 ____A C:\Users\Mark\Desktop\dreamboxEDIT.lnk
2012-02-09 16:29 - 2012-02-09 16:29 - 0000000 ____D C:\Program Files (x86)\dreamboxEDIT
2012-02-09 16:25 - 2012-02-09 16:25 - 0034582 ____A C:\Users\Mark\Downloads\E2-satellites-xml.zip
2012-02-09 16:23 - 2012-02-09 16:23 - 0284264 ____A C:\Users\Mark\Downloads\Vhannibal E2 Motor 08 feb.zip
2012-02-09 15:54 - 2012-02-09 15:54 - 0000000 ____D C:\Users\Mark\Downloads\NabiloBlackHole_DM800_010
2012-02-09 15:13 - 2012-02-09 15:13 - 0919336 ____A C:\Users\Mark\Downloads\DreamUP.zip
2012-02-09 15:12 - 2012-02-09 15:10 - 39833009 ____A C:\Users\Mark\Downloads\NabiloBlackHole_DM800_010.zip
2012-02-09 10:52 - 2012-02-09 10:52 - 0000000 ____D C:\Program Files\Microsoft Games
2012-02-09 10:38 - 2012-02-09 10:37 - 0000000 ____D C:\Users\Mark\Desktop\Dreambox
2012-02-09 10:31 - 2012-02-09 10:31 - 0872630 ____A C:\Users\Mark\Downloads\DreamBoxEdit1.90.02.zip
2012-02-07 15:13 - 2012-02-07 15:13 - 0037728 ____A C:\Users\Mark\Desktop\skyrim-360-cover.jpg
2012-02-04 11:17 - 2012-02-04 11:17 - 0100240 ____A C:\Users\Mark\Desktop\Ak1PtKPCEAA8AlF.jpg large.jpg
2012-02-02 20:16 - 2012-03-13 13:24 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-24 22:27 - 2012-03-13 09:44 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 09:44 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 09:44 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-21 09:35 - 2012-01-21 09:35 - 2195737 ____A C:\Users\Mark\Downloads\Kelly Clarkson - Fix You (Albany 1_17_12).MP3
2012-01-18 15:25 - 2012-01-18 15:25 - 0000000 ____D C:\Users\Mark\AppData\Roaming\HD Tune Pro
2012-01-18 15:24 - 2012-01-18 15:24 - 1586610 ____A (EFD Software ) C:\Users\Mark\Downloads\hdtunepro_500_trial.exe
2012-01-18 15:24 - 2012-01-18 15:24 - 0001037 ____A C:\Users\Mark\Desktop\HD Tune Pro.lnk
2012-01-18 15:24 - 2012-01-18 15:24 - 0000000 ____D C:\Program Files (x86)\HD Tune Pro
2012-01-15 06:26 - 2012-01-15 06:25 - 8471261 ____A C:\Users\Mark\Downloads\1313683772_iCEnhancer13N.rar
2012-01-15 06:22 - 2012-01-15 06:22 - 0000000 ____D C:\Users\Mark\Documents\Rockstar Games
2012-01-15 06:12 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-15 06:09 - 2012-01-15 06:09 - 0000000 __SHD C:\Users\All Users\SecuROM
2012-01-15 06:09 - 2012-01-15 06:09 - 0000000 __SHD C:\ProgramData\SecuROM
2012-01-15 06:08 - 2012-01-15 06:08 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-01-15 06:08 - 2012-01-15 06:08 - 0000000 __RHD C:\Users\Mark\AppData\Roaming\SecuROM
2012-01-15 06:08 - 2012-01-15 06:08 - 0000000 ____D C:\Windows\SysWOW64\xlive
2012-01-15 06:08 - 2012-01-15 06:08 - 0000000 ____D C:\Users\Mark\AppData\Local\Rockstar Games
2012-01-15 06:07 - 2011-10-25 10:28 - 0044291 ____A C:\Windows\DirectX.log
2012-01-13 11:47 - 2012-01-13 11:41 - 0000000 ____D C:\Users\Mark\AppData\Roaming\NationRed
2012-01-10 15:24 - 2012-01-10 15:23 - 0944420 ____A C:\Users\Mark\Downloads\1401324304License.epub
2012-01-10 10:11 - 2011-08-12 13:21 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-01-09 15:10 - 2011-08-12 15:57 - 0000000 ____D C:\Users\Mark\AppData\Local\Last.fm

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 12278.12 MB
Available physical RAM: 11279.91 MB
Total Pagefile: 12276.27 MB
Available Pagefile: 11284.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:119.14 GB) (Free:4.46 GB) NTFS
3 Drive d: () (Fixed) (Total:931.51 GB) (Free:260.08 GB) NTFS
4 Drive e: () (Fixed) (Total:931.51 GB) (Free:49.72 GB) NTFS
5 Drive f: (EXT MEDIA 3) (Fixed) (Total:1397.26 GB) (Free:225.01 GB) NTFS
6 Drive h: (ML_R_LBC) (CDROM) (Total:1.25 GB) (Free:0 GB) UDF
7 Drive i: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 931 GB 0 B
Disk 3 Online 1397 GB 0 B
Disk 4 Online 953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 119 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 119 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F EXT MEDIA 3 NTFS Partition 1397 GB Healthy

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 64 KB

======================================================================================================

Disk: 4
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I KINGSTON FAT Removable 953 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-31 03:33

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:35 PM

Posted 06 April 2012 - 05:45 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 03 July 2012 - 09:37 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 intheshadows

intheshadows
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 06 April 2012 - 06:28 PM

CatByte you are an absolute genius!! I am now booting into Windows normally which I never through would be possible earlier today. Thank you so much I really appreciate it. I suspect I'm not out of the woods yet though...

Both logs below:-

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-07 06:09:40 R:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs https-admserv61 Deleted successfully.

========= bootrec /FixMbr =========

’žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

’žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====






ComboFix 12-04-06.03 - Mark 07/04/2012 6:14.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.12278.10249 [GMT 1:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\zip32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 05:29 . 2012-04-07 05:29 -------- d-----w- C:\_OTL
2012-04-07 05:19 . 2012-04-07 05:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-07 05:19 . 2012-04-07 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 09:23 . 2012-04-06 09:25 -------- d-----w- C:\FRST
2012-04-04 15:10 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-04 15:10 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-04 15:10 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-04 15:10 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-04 15:10 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-04 15:10 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-04 15:10 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-04 15:09 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-04 15:09 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-03 23:00 . 2012-04-03 23:00 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-04-03 22:55 . 2012-04-04 15:09 -------- d-----w- c:\programdata\AVAST Software
2012-04-03 22:55 . 2012-04-04 15:09 -------- d-----w- c:\program files\AVAST Software
2012-04-03 22:42 . 2012-04-03 22:42 388096 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-03 22:42 . 2012-04-03 22:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-02 22:39 . 2012-04-02 22:39 -------- d-----w- c:\users\Mark\AppData\Roaming\mkvtoolnix
2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----w- c:\program files (x86)\MKVtoolnix
2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----we c:\windows\system64
2012-04-02 21:50 . 2012-04-02 22:15 -------- d-----w- c:\users\Mark\AppData\Roaming\VideoReDo-TVSuite4
2012-04-02 21:50 . 2012-04-02 21:51 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
2012-03-31 08:19 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF090505-201D-4701-B972-18BD0356A18E}\mpengine.dll
2012-03-27 21:37 . 2012-03-27 21:37 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-27 21:36 . 2012-04-03 23:25 -------- d-----w- c:\users\Mark\AppData\Roaming\uTorrent
2012-03-18 00:39 . 2012-03-18 00:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 00:39 . 2012-03-18 00:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 23:50 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:50 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 23:50 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:24 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:24 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:24 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:24 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:24 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:24 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 21:24 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:24 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:24 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 21:24 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 21:24 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 17:44 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:44 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:44 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:44 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:44 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:44 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:44 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-12 20:54 . 2012-03-12 20:54 -------- d-----w- c:\users\Mark\AppData\Local\Splashtop
2012-03-11 14:19 . 2012-03-11 14:19 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-03-09 16:28 . 2012-03-09 16:29 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-09 16:28 . 2012-03-09 16:28 -------- d-----w- c:\program files (x86)\Adobe Media Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:18 . 2011-08-12 20:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-15 14:15 . 2009-08-18 12:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-15 14:14 . 2009-08-18 11:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-15 14:08 . 2012-01-15 14:08 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-01-10 18:11 . 2011-08-12 21:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-03-02 79744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-12 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/27 18:41];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-12 40832]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2011-03-02 111488]
S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]
S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tbiosdrv
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B3E8A5FA-D17F-4C7A-A906-AADD4911BE55}: NameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ix47cswi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe
AddRemove-dBpoweramp AIFF Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Nero AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Utilities - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1287033357-2172845371-1983850795-1000\Software\SecuROM\License information*]
"datasecu"=hex:8e,07,45,bd,19,43,04,6c,a7,2a,f1,54,df,5f,ae,7e,af,c2,5f,0a,06,
a6,39,0e,79,8e,7d,f4,e0,00,58,59,df,b0,01,54,33,63,79,a7,99,f1,32,e7,88,53,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
.
**************************************************************************
.
Completion time: 2012-04-07 06:22:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 05:22
.
Pre-Run: 11,754,102,784 bytes free
Post-Run: 12,868,579,328 bytes free
.
- - End Of File - - F5B40E2EE21BC2998439FF03A9CE5CE7

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:35 PM

Posted 06 April 2012 - 07:02 PM

Hi,

Good to hear you can now boot, farbar is the real genius as he is the creator of the incredible FRST tool :)

We have a little more work to do,

please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mLocal Page = c:\windows\SysWOW64\blank.htm

Firefox::
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ix47cswi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please advise how the computer is running and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 intheshadows

intheshadows
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 06 April 2012 - 08:18 PM

Here are the latest logs. The computer seems to be running like normal with search engines no longer redirecting! Both Malwarebytes and Eset are clean :thumbsup:


ComboFix 12-04-06.03 - Mark 07/04/2012 1:08.2.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.12278.9980 [GMT 1:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 05:29 . 2012-04-07 05:29 -------- d-----w- C:\_OTL
2012-04-07 00:12 . 2012-04-07 00:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-07 00:12 . 2012-04-07 00:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 09:23 . 2012-04-06 09:25 -------- d-----w- C:\FRST
2012-04-04 15:10 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-03 23:00 . 2012-04-03 23:00 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-04-03 22:55 . 2012-04-07 00:12 -------- d-----w- c:\programdata\AVAST Software
2012-04-03 22:55 . 2012-04-04 15:09 -------- d-----w- c:\program files\AVAST Software
2012-04-03 22:42 . 2012-04-03 22:42 388096 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-03 22:42 . 2012-04-03 22:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-02 22:39 . 2012-04-02 22:39 -------- d-----w- c:\users\Mark\AppData\Roaming\mkvtoolnix
2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----w- c:\program files (x86)\MKVtoolnix
2012-04-02 22:38 . 2012-04-02 22:38 -------- d-----we c:\windows\system64
2012-04-02 21:50 . 2012-04-02 22:15 -------- d-----w- c:\users\Mark\AppData\Roaming\VideoReDo-TVSuite4
2012-04-02 21:50 . 2012-04-02 21:51 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
2012-03-31 08:19 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF090505-201D-4701-B972-18BD0356A18E}\mpengine.dll
2012-03-27 21:37 . 2012-03-27 21:37 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-27 21:36 . 2012-04-07 00:03 -------- d-----w- c:\users\Mark\AppData\Roaming\uTorrent
2012-03-18 00:39 . 2012-03-18 00:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 00:39 . 2012-03-18 00:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 23:50 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:50 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 23:50 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:24 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:24 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:24 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:24 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:24 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:24 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 21:24 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:24 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:24 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 21:24 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 21:24 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 17:44 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:44 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:44 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:44 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:44 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:44 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:44 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-12 20:54 . 2012-03-12 20:54 -------- d-----w- c:\users\Mark\AppData\Local\Splashtop
2012-03-11 14:19 . 2012-03-11 14:19 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-03-09 16:28 . 2012-03-09 16:29 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-09 16:28 . 2012-03-09 16:28 -------- d-----w- c:\program files (x86)\Adobe Media Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:18 . 2011-08-12 20:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-15 14:15 . 2009-08-18 12:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-15 14:14 . 2009-08-18 11:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-15 14:08 . 2012-01-15 14:08 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-01-10 18:11 . 2011-08-12 21:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-07_05.20.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-12 20:38 . 2012-04-07 05:21 48978 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-08-12 20:04 . 2012-04-07 05:20 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-12 20:04 . 2012-04-07 05:10 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-12 20:04 . 2012-04-07 05:10 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-12 20:04 . 2012-04-07 05:20 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 05:10 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 05:20 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-12 20:38 . 2012-04-07 05:21 48978 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-08-12 20:04 . 2012-04-07 05:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-12 20:04 . 2012-04-07 05:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-12 20:04 . 2012-04-07 05:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-12 20:04 . 2012-04-07 05:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 05:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-07 05:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-07 05:27 83720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-04-07 05:20 . 2012-04-07 05:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-07 00:13 . 2012-04-07 00:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-07 05:16 667436 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 23:52 667436 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 23:52 126112 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-07 05:16 126112 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-07 05:16 667436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 23:52 667436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 23:52 126112 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-07 05:16 126112 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-07 00:12 345260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-07 05:19 345260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-04-07 05:35 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-07 04:27 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-07 04:27 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-07 05:35 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-13 17:34 . 2012-04-07 00:12 35719596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1287033357-2172845371-1983850795-1000-12288.dat
- 2011-08-13 17:34 . 2012-04-07 05:19 35719596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1287033357-2172845371-1983850795-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-03-02 79744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-12 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/27 18:41];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-12 40832]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2011-03-02 111488]
S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]
S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launchpad"="c:\program files (x86)\Windows Server\Bin\Launchpad.exe" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tbiosdrv
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B3E8A5FA-D17F-4C7A-A906-AADD4911BE55}: NameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ix47cswi.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1287033357-2172845371-1983850795-1000\Software\SecuROM\License information*]
"datasecu"=hex:8e,07,45,bd,19,43,04,6c,a7,2a,f1,54,df,5f,ae,7e,af,c2,5f,0a,06,
a6,39,0e,79,8e,7d,f4,e0,00,58,59,df,b0,01,54,33,63,79,a7,99,f1,32,e7,88,53,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
.
**************************************************************************
.
Completion time: 2012-04-07 01:14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 00:14
ComboFix2.txt 2012-04-07 05:22
.
Pre-Run: 13,112,098,816 bytes free
Post-Run: 12,946,198,528 bytes free
.
- - End Of File - - C5365E6921D76C86F7CFC6C4D600CE36

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:35 PM

Posted 06 April 2012 - 08:21 PM

I would like to see a list of installed programs, so please do this:
  • Press the Win key + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

    C:\Qoobox\Add-Remove Programs.txt

  • A text file should open.
  • Post the contents of that file in your next reply.

Edited by CatByte, 06 April 2012 - 08:22 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 intheshadows

intheshadows
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 07 April 2012 - 08:16 AM

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR
Adobe Audition CS5.5
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Software Update
µTorrent
AviSynth 2.5
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
CyberLink PowerDVD 10
DAEMON Tools Lite
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp AIFF Codec
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp m4a Nero AAC Encoder
dBpoweramp m4a Utilities
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dreamboxEDIT -- The one and only settings editor for your Dreambox
EA SPORTS Gameface Browser Plugin 1.3.1.0
EPGcenter version 1.3.044
Grand Theft Auto
Grand Theft Auto IV
Grand Theft Auto: San Andreas
HD Tune Pro 5.00
HiJackThis
Hitman 2: Silent Assassin
Java Auto Updater
Java™ 6 Update 29
K-Lite Codec Pack 7.6.0 (Full)
Last.fm 1.5.4.27091
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Flight
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MKVtoolnix 3.3.0
Mozilla Firefox 11.0 (x86 en-US)
Nation Red
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
PDF Settings CS5
Portal 2
QuickTime
Recover My Files
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SlingPlayer
Splashtop Streamer
Steam
The Sims™ 3
TreeSize Free V2.6
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Videora iPad Converter 6
VideoReDo TVSuite Version 4.20.7.629
VLC media player 1.0.3
VoiceOver Kit
WebSlingPlayer ActiveX
XBMC
Zinio Reader 4

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:35 PM

Posted 07 April 2012 - 10:08 AM

Hi,

Posted Image Your Java is out of date.
Java™ 6 Update 29 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


NEXT


P2P - I see you have P2P software utorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 intheshadows

intheshadows
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 07 April 2012 - 12:07 PM

Thanks Catbyte, I have updated Java and I will now seriouly consider whether to use Utorrent in the future. I appreciate this is no doubt one of the reasons I picked up the virus.

As far as I'm concerned my computer is back to normal, everything is working fine. Let me express the biggest gratitude for your excellent help and as far as I'm concerned you have worked a miracle on this machine. I'm eternally grateful and envious of your talents. Thank you very much

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:35 PM

Posted 07 April 2012 - 01:09 PM

Hi,

That's good to hear,

we just need to clean up our tools, please do the following:


You can delete the FRST logs and program from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 intheshadows

intheshadows
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 08 April 2012 - 08:40 AM

Thanks CatByte, everything is now working spot on. Please close this case.

Again many thanks for all of your hard work. You have been a life saver!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:35 PM

Posted 08 April 2012 - 08:42 AM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:35 PM

Posted 08 April 2012 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users