Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

!Malware , Trojan horse. I cant get rid of them.Please Heelp!


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I really need to get my copy out and figure out where I am going wrong

Do you have a USB drive ?

If so copy frst to that
Then go back to the recovery console
Insert the USB with FRST

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

Advertisements


#17
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
yes this one worked.




Scan result of Farbar Recovery Scan Tool Version: 24-07-2012 01
Ran by SYSTEM at 24-07-2012 23:13:44
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-02-04] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-09] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-09] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-09] (Intel Corporation)
HKLM\...\Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S [24576 2009-08-22] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2012-05-03] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-24] (Google Inc.)
HKU\User\...\Run: [DAEMON Tools Lite] "D:\PRRRRROOOOGGG\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKU\User\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2011-01-24] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2011-01-24] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [991296 2011-01-24] (Intel Corporation)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-18] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-22] (Intel Corporation)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [311968 2012-06-25] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2012-04-25] (DT Soft Ltd)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-01-24] (Intel Corporation)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43168 2012-06-25] ()
3 RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-05-13] ()

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-24 11:43 - 2012-07-24 11:43 - 01438203 ____A (Farbar) C:\FRST64.exe
2012-07-24 10:50 - 2012-07-24 10:50 - 00000000 ___SD C:\32788R22FWJFW
2012-07-24 10:50 - 2012-07-24 10:50 - 00000000 ____D C:\Windows\erdnt
2012-07-24 10:50 - 2012-07-24 10:50 - 00000000 ____D C:\Qoobox
2012-07-24 10:42 - 2012-07-24 10:42 - 04584441 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2012-07-24 07:27 - 2012-07-24 07:27 - 00107004 ____A C:\Users\User\Desktop\OTL.Txt
2012-07-23 15:44 - 2012-07-23 15:43 - 00596480 ____A (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2012-07-23 11:08 - 2012-07-23 11:08 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 11:08 - 2012-07-23 11:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-07-23 11:08 - 2012-07-23 11:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-23 11:08 - 2012-07-23 11:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 11:08 - 2012-07-03 04:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-22 17:06 - 2012-07-22 17:08 - 00000000 ____D C:\Users\User\Desktop\Bulletstorm insall info
2012-07-22 16:38 - 2012-07-22 16:38 - 00034224 ____A C:\Users\User\Downloads\Crysis-Razor1911.3883528.TPB.torrent
2012-07-22 07:54 - 2012-07-22 11:07 - 00000000 ____D C:\Users\User\Downloads\E.Y.E.Divine.Cybermancy-KaOs
2012-07-22 07:52 - 2012-07-22 07:52 - 00014404 ____A C:\Users\User\Downloads\E.Y.E.Divine.Cybermancy-KaOs.6582153.TPB.torrent
2012-07-22 07:49 - 2012-07-22 07:57 - 628065016 ____A C:\Users\User\Downloads\Eternal Journey - New Atlantis Collector's Edition.rar
2012-07-22 07:08 - 2012-07-22 07:11 - 00000000 ____D C:\Users\User\Downloads\The Album Leaf
2012-07-22 06:04 - 2012-07-22 06:04 - 00332749 ____A C:\Users\User\Desktop\song5.wma
2012-07-22 05:47 - 2012-07-22 05:47 - 00355199 ____A C:\Users\User\Documents\song 4.wma
2012-07-21 15:02 - 2012-07-21 15:02 - 00001670 ____A C:\Users\User\Desktop\MOHA - Shortcut.lnk
2012-07-21 09:26 - 2012-07-21 09:26 - 00455532 ____A C:\Users\User\Downloads\SparkIV0.6.2.3forGTAIVv1.0.0.4.rar
2012-07-21 09:26 - 2012-07-21 09:26 - 00000000 ____D C:\Users\User\Downloads\SparkIV0.6.2.3forGTAIVv1.0.0.4
2012-07-21 09:07 - 2012-07-21 09:07 - 00000000 ____D C:\Users\User\Downloads\VIVA_New_York_Mod
2012-07-21 09:05 - 2012-07-21 09:06 - 85218034 ____A C:\Users\User\Downloads\VIVA_New_York_Mod.rar
2012-07-21 08:18 - 2012-07-21 08:24 - 00000076 ____A C:\Users\User\Desktop\Commandline.txt.txt
2012-07-21 07:19 - 2012-07-21 07:19 - 00085370 ____A C:\Users\User\Downloads\2.rar
2012-07-21 07:19 - 2012-07-21 07:19 - 00000000 ____D C:\Users\User\Downloads\2
2012-07-21 07:11 - 2012-07-21 07:11 - 00000000 ____D C:\Users\User\Downloads\GTA_IV_Patch_1.0.5.0_%2B_Crack_RAZOR_1911
2012-07-21 07:01 - 2012-07-21 07:01 - 00000000 __SHD C:\Users\All Users\SecuROM
2012-07-21 06:46 - 2012-07-21 07:09 - 102812059 ____A C:\Users\User\Downloads\GTA_IV_Patch_1.0.5.0_%2B_Crack_RAZOR_1911.rar
2012-07-20 18:51 - 2012-07-21 13:57 - 00000000 ____D C:\Users\User\Downloads\[PC] Medal of Honor Airborne [RIP] [dopeman]
2012-07-20 17:19 - 2012-07-20 17:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Audacity
2012-07-20 17:19 - 2012-07-20 17:19 - 00000686 ____A C:\Users\User\Desktop\Audacity.lnk
2012-07-20 17:16 - 2012-07-20 17:18 - 20928200 ____A (Audacity Team ) C:\Users\User\Downloads\audacity-win-2.0.1.exe
2012-07-20 16:27 - 2012-07-21 06:49 - 00000000 ____D C:\Users\User\Downloads\Gta 4 CucCok
2012-07-20 16:25 - 2012-07-20 18:49 - 00000000 ____D C:\Users\User\Downloads\GTA IV PC Version
2012-07-19 15:03 - 2012-07-19 15:03 - 00018432 ____A C:\Users\User\Downloads\BulletstormINIeditor.exe
2012-07-19 09:09 - 2012-07-19 09:28 - 00000000 ____D C:\Users\User\Downloads\Battle.Los.Angeles.2011.x264.DTS-WAF
2012-07-19 07:17 - 2012-07-19 07:17 - 00000000 ____D C:\Users\User\AppData\Roaming\InstallShield Installation Information
2012-07-19 07:16 - 2012-07-19 07:16 - 00000000 ____D C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-07-19 07:13 - 2012-07-19 07:13 - 00001060 ____A C:\Users\Public\Desktop\Alien Breed 2 Assault.lnk
2012-07-18 18:04 - 2012-07-19 07:24 - 00000000 ____D C:\Users\User\Downloads\Alien Breed 3 Descent-SKIDROW
2012-07-18 18:02 - 2012-07-19 07:06 - 00000000 ____D C:\Users\User\Downloads\Alien.Breed.2.Assault-SKIDROW
2012-07-18 17:21 - 2012-07-18 17:21 - 00000000 ____D C:\Users\All Users\MumboJumbo
2012-07-18 17:20 - 2012-07-18 17:20 - 00000806 ____A C:\Users\Public\Desktop\Glowfish.lnk
2012-07-18 16:39 - 2012-07-18 16:42 - 00000000 ____D C:\Users\User\Downloads\zdoom
2012-07-18 15:39 - 2012-07-18 15:39 - 00000000 ____D C:\Users\Public\Documents\JustAdventure
2012-07-18 08:19 - 2012-07-18 08:19 - 00000738 ____A C:\Users\User\Desktop\BFP4f - Shortcut.lnk
2012-07-18 07:04 - 2012-07-18 08:19 - 00000000 ____D C:\Users\User\Documents\Battlefield Play4Free
2012-07-18 06:27 - 2012-07-18 06:27 - 00000000 ____D C:\Users\User\Downloads\Glowfish
2012-07-17 11:39 - 2012-07-17 11:40 - 00000000 ____D C:\Users\User\Downloads\blood sugar
2012-07-17 08:24 - 2012-07-17 08:24 - 00000717 ____A C:\Users\User\Desktop\ANB - Shortcut.lnk
2012-07-15 13:30 - 2012-07-15 13:30 - 00001095 ____A C:\Users\User\Desktop\deponia - Shortcut.lnk
2012-07-15 08:49 - 2012-07-15 10:45 - 00000000 ____D C:\Users\User\Downloads\Meeting Evil 2012 720p BluRay X264-NYDIC [EtHD]
2012-07-14 17:38 - 2012-07-17 11:17 - 00000000 ____D C:\Users\User\Downloads\Madness - The Lot (6 CD Boxset) - Remasters
2012-07-14 16:32 - 2012-07-15 13:57 - 00000000 ____D C:\Users\User\Downloads\The.Raven.2012.720p.BluRay.x264-iNFAMOUS
2012-07-14 12:39 - 2012-07-22 18:22 - 00000000 ____D C:\Users\All Users\Ubisoft
2012-07-14 12:36 - 2012-07-14 12:36 - 00000000 ____D C:\Users\User\AppData\Roaming\PunkBuster
2012-07-14 11:26 - 2012-07-14 11:26 - 00000000 ____D C:\Users\User\AppData\Local\THQ
2012-07-13 14:33 - 2012-07-13 14:33 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2012-07-13 14:33 - 2012-07-13 14:33 - 00000000 ____D C:\Users\All Users\Trymedia
2012-07-13 13:08 - 2012-07-13 13:08 - 00000945 ____A C:\Users\Public\Desktop\F.E.A.R. Extraction Point.lnk
2012-07-13 13:08 - 2012-07-13 13:08 - 00000931 ____A C:\Users\Public\Desktop\F.E.A.R. Perseus Mandate.lnk
2012-07-13 13:08 - 2012-07-13 13:08 - 00000836 ____A C:\Users\Public\Desktop\F.E.A.R..lnk
2012-07-13 09:56 - 2012-07-13 10:08 - 00000000 ____D C:\Users\User\AppData\Local\PAYDAY
2012-07-13 09:42 - 2012-07-13 09:42 - 00001153 ____A C:\Users\User\Desktop\Terraria - Shortcut.lnk
2012-07-13 06:40 - 2012-07-13 06:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Elephant Games
2012-07-13 06:40 - 2012-07-13 06:40 - 00000000 ____D C:\Users\All Users\Elephant Games
2012-07-13 06:39 - 2012-07-13 06:39 - 00000811 ____A C:\Users\User\Desktop\GrimTales3_TheWishes_CE - Shortcut.lnk
2012-07-12 13:40 - 2012-07-13 15:43 - 00000000 ____D C:\Users\User\Downloads\Thank You For Smoking (2005)
2012-07-12 13:39 - 2012-07-12 13:39 - 00000000 ____D C:\Users\User\Downloads\Midnight.in.Paris.720p.BluRay.x264-MHD
2012-07-12 13:36 - 2012-07-12 13:57 - 00000000 ____D C:\Users\User\Downloads\House of Sand and Fog (2003)
2012-07-12 07:23 - 2012-07-12 07:23 - 00001563 ____A C:\Users\User\Desktop\Bioshock2Launcher - Shortcut.lnk
2012-07-11 14:44 - 2012-03-29 06:08 - 21101536 ____A C:\Users\User\Desktop\10 Futureworld.m4a
2012-07-11 05:52 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 05:50 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 05:50 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 05:50 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 05:50 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 05:50 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 05:50 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 05:50 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 05:50 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 05:50 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 05:50 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 05:50 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 05:50 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 05:50 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 05:50 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 05:50 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 05:50 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 05:50 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 05:50 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 05:50 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 05:29 - 2012-07-10 08:01 - 00000000 ____D C:\Users\User\Downloads\A.Dangerous.Method.2011.720p.BluRay.x264-KALIBER
2012-07-09 16:09 - 2012-07-09 16:09 - 00001335 ____A C:\Users\User\Desktop\witn - Shortcut.lnk
2012-07-09 16:07 - 2012-07-09 16:07 - 00000000 ____D C:\Users\User\AppData\Local\WB Games
2012-07-08 09:15 - 2012-07-08 09:15 - 00000850 ____A C:\Users\Public\Desktop\1953 - KGB Unleashed.lnk
2012-07-07 16:06 - 2012-07-07 16:14 - 00000000 ____D C:\Users\User\Downloads\Captain.America.The.First.Avenger.720p.Bluray.x264-MHD
2012-07-07 07:39 - 2012-07-07 14:41 - 00000000 ____D C:\Users\User\AppData\Local\My Games
2012-07-06 12:15 - 2012-07-06 12:15 - 00000000 ____D C:\Users\User\Documents\Endless Space
2012-07-06 12:08 - 2012-07-06 12:08 - 00001066 ____A C:\Users\User\Desktop\DOOM3 - Shortcut.lnk
2012-07-06 12:08 - 2012-07-06 12:08 - 00000000 ____D C:\Users\All Users\REVOLT
2012-07-05 10:55 - 2012-07-05 10:55 - 00001486 ____A C:\Users\User\Desktop\BmLauncher - Shortcut.lnk
2012-07-05 10:38 - 2012-07-05 10:38 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-05 10:38 - 2012-05-04 10:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 10:37 - 2012-07-05 10:37 - 00002925 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-07-05 10:37 - 2012-05-15 10:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-05 10:37 - 2012-05-15 10:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-05 09:28 - 2012-07-05 09:28 - 00000000 ____D C:\Users\User\Documents\WB Games
2012-07-05 06:38 - 2012-07-05 06:38 - 00001213 ____A C:\Users\User\Desktop\FarCry2 - Shortcut.lnk
2012-07-04 13:17 - 2012-07-04 13:17 - 00001131 ____A C:\Users\User\Desktop\Resonance - Shortcut.lnk
2012-07-04 05:59 - 2012-07-04 05:59 - 00000774 ____A C:\Users\User\Desktop\Thomas Was Alone.lnk
2012-07-03 08:16 - 2012-07-03 08:16 - 00001158 ____A C:\Users\User\Desktop\Slender - Shortcut.lnk
2012-07-02 17:40 - 2012-07-03 08:00 - 00000000 ____D C:\Users\User\Downloads\ADOBE.CREATIVE.SUITE.6.0.MASTER.COLLECTION.LS16.ESD-ISO
2012-07-02 12:05 - 2012-07-02 12:05 - 00000704 ____A C:\Users\User\Desktop\Cubemen.lnk
2012-07-02 07:18 - 2012-07-02 07:28 - 00000000 ____D C:\Users\User\Downloads\The.Walking.Dead.Episode.2.Starved.for.Help-TiNYiSO [PublicHD]
2012-07-01 17:11 - 2012-07-01 17:11 - 00000825 ____A C:\Users\User\Desktop\dearesther - Shortcut.lnk
2012-07-01 16:00 - 2012-07-01 16:00 - 00001136 ____A C:\Users\Public\Desktop\Spec Ops The Line.lnk
2012-06-29 16:40 - 2012-06-29 18:09 - 00000000 ____D C:\Users\User\Downloads\Soldier 1998 BluRay 720p DTS x264-3Li
2012-06-29 09:41 - 2012-06-29 09:41 - 00000000 ____D C:\Users\User\AppData\Local\2012
2012-06-29 07:03 - 2012-06-29 07:03 - 00000000 ____D C:\Users\User\AppData\Roaming\BlamGames
2012-06-29 07:02 - 2012-06-29 07:02 - 00001556 ____A C:\Users\User\Desktop\Fierce Tales The Dogs Heart Collectors.lnk
2012-06-28 14:49 - 2012-06-28 14:49 - 00000000 ____D C:\Users\User\Documents\DeadIsland
2012-06-27 06:27 - 2012-06-27 06:50 - 00000000 ____D C:\Users\User\Documents\Salvation Prophecy
2012-06-27 06:27 - 2012-06-27 06:28 - 00000000 ____D C:\Users\User\AppData\Local\Salvation Prophecy
2012-06-27 06:25 - 2012-06-27 06:25 - 00001126 ____A C:\Users\Public\Desktop\Salvation Prophecy.lnk
2012-06-26 17:54 - 2012-06-26 17:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Rainbow
2012-06-26 17:33 - 2012-06-26 17:33 - 00000975 ____A C:\Users\User\Desktop\Containment The Zombie Puzzler.lnk
2012-06-26 16:51 - 2012-06-26 16:51 - 00000000 ____D C:\Users\User\AppData\Local\Activision
2012-06-26 16:36 - 2012-06-26 16:36 - 00000747 ____A C:\Users\Public\Desktop\Call of Duty - World at War.lnk
2012-06-26 06:15 - 2012-06-26 06:15 - 00000798 ____A C:\Users\Public\Desktop\Defraggler.lnk
2012-06-25 17:02 - 2012-06-25 17:02 - 00001360 ____A C:\Users\User\Desktop\deadislandgame - Shortcut.lnk
2012-06-25 09:34 - 2012-06-25 09:34 - 00000000 ____D C:\Users\All Users\Tages
2012-06-25 09:09 - 2012-06-25 09:39 - 00311968 ____A C:\Windows\System32\Drivers\atksgt.sys
2012-06-25 09:09 - 2012-06-25 09:09 - 00043168 ____A C:\Windows\System32\Drivers\lirsgt.sys
2012-06-24 17:52 - 2012-06-25 05:19 - 00000000 ____D C:\Users\User\Downloads\Ramsay's Kitchen Nightmares Season 1
2012-06-24 14:17 - 2012-06-24 14:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Warner Bros. Interactive Entertainment


============ 3 Months Modified Files ========================

2012-07-24 14:07 - 2012-04-24 11:18 - 01789775 ____A C:\Windows\WindowsUpdate.log
2012-07-24 14:07 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-24 14:07 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-24 14:07 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-24 14:05 - 2012-06-13 06:14 - 00004556 ____A C:\Windows\setupact.log
2012-07-24 14:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-24 11:43 - 2012-07-24 11:43 - 01438203 ____A (Farbar) C:\FRST64.exe
2012-07-24 10:48 - 2012-04-24 06:38 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-782919554-1672995099-123328311-1000UA.job
2012-07-24 10:42 - 2012-07-24 10:42 - 04584441 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2012-07-24 07:48 - 2012-04-24 06:38 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-782919554-1672995099-123328311-1000Core.job
2012-07-24 07:27 - 2012-07-24 07:27 - 00107004 ____A C:\Users\User\Desktop\OTL.Txt
2012-07-23 15:43 - 2012-07-23 15:44 - 00596480 ____A (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2012-07-23 14:45 - 2010-11-20 19:47 - 00016618 ____A C:\Windows\PFRO.log
2012-07-23 11:08 - 2012-07-23 11:08 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-22 16:38 - 2012-07-22 16:38 - 00034224 ____A C:\Users\User\Downloads\Crysis-Razor1911.3883528.TPB.torrent
2012-07-22 07:57 - 2012-07-22 07:49 - 628065016 ____A C:\Users\User\Downloads\Eternal Journey - New Atlantis Collector's Edition.rar
2012-07-22 07:52 - 2012-07-22 07:52 - 00014404 ____A C:\Users\User\Downloads\E.Y.E.Divine.Cybermancy-KaOs.6582153.TPB.torrent
2012-07-22 06:04 - 2012-07-22 06:04 - 00332749 ____A C:\Users\User\Desktop\song5.wma
2012-07-22 05:47 - 2012-07-22 05:47 - 00355199 ____A C:\Users\User\Documents\song 4.wma
2012-07-21 15:02 - 2012-07-21 15:02 - 00001670 ____A C:\Users\User\Desktop\MOHA - Shortcut.lnk
2012-07-21 14:14 - 2012-04-25 10:38 - 01017088 ____A C:\Windows\DirectX.log
2012-07-21 09:26 - 2012-07-21 09:26 - 00455532 ____A C:\Users\User\Downloads\SparkIV0.6.2.3forGTAIVv1.0.0.4.rar
2012-07-21 09:06 - 2012-07-21 09:05 - 85218034 ____A C:\Users\User\Downloads\VIVA_New_York_Mod.rar
2012-07-21 08:24 - 2012-07-21 08:18 - 00000076 ____A C:\Users\User\Desktop\Commandline.txt.txt
2012-07-21 07:19 - 2012-07-21 07:19 - 00085370 ____A C:\Users\User\Downloads\2.rar
2012-07-21 07:09 - 2012-07-21 06:46 - 102812059 ____A C:\Users\User\Downloads\GTA_IV_Patch_1.0.5.0_%2B_Crack_RAZOR_1911.rar
2012-07-20 17:19 - 2012-07-20 17:19 - 00000686 ____A C:\Users\User\Desktop\Audacity.lnk
2012-07-20 17:18 - 2012-07-20 17:16 - 20928200 ____A (Audacity Team ) C:\Users\User\Downloads\audacity-win-2.0.1.exe
2012-07-19 15:03 - 2012-07-19 15:03 - 00018432 ____A C:\Users\User\Downloads\BulletstormINIeditor.exe
2012-07-19 08:05 - 2012-06-22 10:35 - 00111928 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-19 08:05 - 2012-06-22 10:35 - 00111928 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-19 07:13 - 2012-07-19 07:13 - 00001060 ____A C:\Users\Public\Desktop\Alien Breed 2 Assault.lnk
2012-07-19 05:38 - 2012-06-22 10:43 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-19 05:02 - 2012-05-03 09:58 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForUser.job
2012-07-18 17:20 - 2012-07-18 17:20 - 00000806 ____A C:\Users\Public\Desktop\Glowfish.lnk
2012-07-18 08:19 - 2012-07-18 08:19 - 00000738 ____A C:\Users\User\Desktop\BFP4f - Shortcut.lnk
2012-07-18 08:11 - 2012-05-03 12:22 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-18 08:11 - 2012-04-24 08:27 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-18 07:13 - 2012-06-22 10:35 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-17 08:24 - 2012-07-17 08:24 - 00000717 ____A C:\Users\User\Desktop\ANB - Shortcut.lnk
2012-07-17 03:19 - 2012-04-29 07:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-17 03:19 - 2012-04-29 07:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-15 13:30 - 2012-07-15 13:30 - 00001095 ____A C:\Users\User\Desktop\deponia - Shortcut.lnk
2012-07-13 13:08 - 2012-07-13 13:08 - 00000945 ____A C:\Users\Public\Desktop\F.E.A.R. Extraction Point.lnk
2012-07-13 13:08 - 2012-07-13 13:08 - 00000931 ____A C:\Users\Public\Desktop\F.E.A.R. Perseus Mandate.lnk
2012-07-13 13:08 - 2012-07-13 13:08 - 00000836 ____A C:\Users\Public\Desktop\F.E.A.R..lnk
2012-07-13 09:42 - 2012-07-13 09:42 - 00001153 ____A C:\Users\User\Desktop\Terraria - Shortcut.lnk
2012-07-13 06:39 - 2012-07-13 06:39 - 00000811 ____A C:\Users\User\Desktop\GrimTales3_TheWishes_CE - Shortcut.lnk
2012-07-12 10:46 - 2012-04-24 06:40 - 00002395 ____A C:\Users\User\Desktop\Google Chrome.lnk
2012-07-12 07:23 - 2012-07-12 07:23 - 00001563 ____A C:\Users\User\Desktop\Bioshock2Launcher - Shortcut.lnk
2012-07-11 05:54 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-09 16:09 - 2012-07-09 16:09 - 00001335 ____A C:\Users\User\Desktop\witn - Shortcut.lnk
2012-07-08 09:15 - 2012-07-08 09:15 - 00000850 ____A C:\Users\Public\Desktop\1953 - KGB Unleashed.lnk
2012-07-06 12:08 - 2012-07-06 12:08 - 00001066 ____A C:\Users\User\Desktop\DOOM3 - Shortcut.lnk
2012-07-05 10:55 - 2012-07-05 10:55 - 00001486 ____A C:\Users\User\Desktop\BmLauncher - Shortcut.lnk
2012-07-05 10:37 - 2012-07-05 10:37 - 00002925 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-07-05 06:38 - 2012-07-05 06:38 - 00001213 ____A C:\Users\User\Desktop\FarCry2 - Shortcut.lnk
2012-07-04 13:17 - 2012-07-04 13:17 - 00001131 ____A C:\Users\User\Desktop\Resonance - Shortcut.lnk
2012-07-04 05:59 - 2012-07-04 05:59 - 00000774 ____A C:\Users\User\Desktop\Thomas Was Alone.lnk
2012-07-03 08:16 - 2012-07-03 08:16 - 00001158 ____A C:\Users\User\Desktop\Slender - Shortcut.lnk
2012-07-03 04:46 - 2012-07-23 11:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 12:05 - 2012-07-02 12:05 - 00000704 ____A C:\Users\User\Desktop\Cubemen.lnk
2012-07-01 17:11 - 2012-07-01 17:11 - 00000825 ____A C:\Users\User\Desktop\dearesther - Shortcut.lnk
2012-07-01 16:00 - 2012-07-01 16:00 - 00001136 ____A C:\Users\Public\Desktop\Spec Ops The Line.lnk
2012-06-29 07:02 - 2012-06-29 07:02 - 00001556 ____A C:\Users\User\Desktop\Fierce Tales The Dogs Heart Collectors.lnk
2012-06-28 16:41 - 2012-06-07 08:24 - 00000482 ____A C:\Users\User\Desktop\New Text Document.txt
2012-06-27 06:25 - 2012-06-27 06:25 - 00001126 ____A C:\Users\Public\Desktop\Salvation Prophecy.lnk
2012-06-26 17:33 - 2012-06-26 17:33 - 00000975 ____A C:\Users\User\Desktop\Containment The Zombie Puzzler.lnk
2012-06-26 16:36 - 2012-06-26 16:36 - 00000747 ____A C:\Users\Public\Desktop\Call of Duty - World at War.lnk
2012-06-26 09:54 - 2012-04-24 14:27 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-26 06:15 - 2012-06-26 06:15 - 00000798 ____A C:\Users\Public\Desktop\Defraggler.lnk
2012-06-25 17:02 - 2012-06-25 17:02 - 00001360 ____A C:\Users\User\Desktop\deadislandgame - Shortcut.lnk
2012-06-25 09:39 - 2012-06-25 09:09 - 00311968 ____A C:\Windows\System32\Drivers\atksgt.sys
2012-06-25 09:09 - 2012-06-25 09:09 - 00043168 ____A C:\Windows\System32\Drivers\lirsgt.sys
2012-06-25 05:21 - 2012-05-07 13:38 - 00001228 ____A C:\Windows\KB942288-v3.log
2012-06-21 10:58 - 2012-06-10 06:06 - 00000888 ____A C:\Users\User\Desktop\left4dead2 - Shortcut.lnk
2012-06-21 10:42 - 2012-06-21 10:42 - 00000799 ____A C:\Users\User\Desktop\GCFScape.lnk
2012-06-21 00:37 - 2012-06-21 00:37 - 03166792 ____N C:\Windows\SysWOW64\pbsvc.exe
2012-06-20 16:19 - 2012-06-20 16:19 - 00000815 ____A C:\Users\User\Desktop\Resonance.lnk
2012-06-20 05:33 - 2012-06-20 05:33 - 00001084 ____A C:\Users\Public\Desktop\Magicka The Other Side of the Coin.lnk
2012-06-19 08:41 - 2012-06-19 08:41 - 00000779 ____A C:\Users\Public\Desktop\Play DOTZ.lnk
2012-06-17 14:54 - 2012-06-17 14:54 - 00000912 ____A C:\Users\Public\Desktop\Bastion.lnk
2012-06-16 06:49 - 2012-06-16 06:49 - 00000722 ____A C:\Users\User\Desktop\SuperMeatBoy - Shortcut.lnk
2012-06-15 04:52 - 2012-06-15 04:52 - 00001638 ____A C:\Users\User\Desktop\MassEffect3 - Shortcut.lnk
2012-06-14 15:35 - 2012-04-24 14:44 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 10:43 - 2012-06-13 10:43 - 00000951 ____A C:\Users\Public\Desktop\Sins of a Solar Empire Rebellion.lnk
2012-06-13 06:14 - 2012-06-13 06:14 - 00000000 ____A C:\Windows\setuperr.log
2012-06-12 04:15 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:08 - 2012-07-11 05:52 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 09:58 - 2012-06-11 09:58 - 00001165 ____A C:\Users\User\Desktop\deadspace2 - Shortcut.lnk
2012-06-10 07:25 - 2012-06-10 07:25 - 00000862 ____A C:\Users\User\Desktop\left4dead - Shortcut.lnk
2012-06-09 13:00 - 2012-06-09 13:00 - 00000748 ____A C:\Users\User\Desktop\FreeArc.lnk
2012-06-08 21:43 - 2012-07-11 05:50 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 05:50 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 05:54 - 2012-06-08 05:54 - 00000946 ____A C:\Users\User\Desktop\Serious Sam HD - The Second Encounter.lnk
2012-06-06 17:47 - 2012-06-06 08:51 - 00000109 ____A C:\Windows\disney.ini
2012-06-05 22:06 - 2012-07-11 05:50 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 05:50 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 05:50 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 05:50 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 05:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 05:50 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 17:56 - 2012-06-04 17:56 - 00001376 ____A C:\Users\User\Desktop\PlayMaxPayne3 - Shortcut.lnk
2012-06-02 14:19 - 2012-06-21 06:39 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 06:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:39 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 06:39 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 06:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 06:39 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 06:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 06:39 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 06:39 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-11 05:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 05:50 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 05:50 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 05:50 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 05:50 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 05:50 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 05:50 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 05:50 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 05:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 11:21 - 2012-06-01 11:21 - 00000950 ____A C:\Users\User\Desktop\MinecraftLauncher - Shortcut.lnk
2012-05-31 11:57 - 2012-05-31 11:57 - 00001522 ____A C:\Users\User\Desktop\2GB Minecraft launcher - Shortcut.lnk
2012-05-31 11:13 - 2012-05-31 11:13 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-31 11:13 - 2012-05-31 11:13 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-31 11:13 - 2012-05-31 11:13 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-31 11:13 - 2012-05-31 11:13 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-31 11:13 - 2012-05-31 11:13 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-31 03:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-27 18:52 - 2012-05-27 18:52 - 00002357 ____A C:\Users\User\Desktop\HPThermalAssistant - Shortcut.lnk
2012-05-26 06:27 - 2012-05-26 06:27 - 00001238 ____A C:\Users\User\Desktop\MB - Shortcut.lnk
2012-05-25 12:50 - 2012-04-26 14:35 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-25 12:50 - 2012-04-26 14:35 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-25 12:50 - 2012-04-26 14:35 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-25 12:50 - 2012-04-26 14:35 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-23 07:05 - 2012-05-23 07:05 - 00001995 ____A C:\Users\User\Desktop\RivaTuner - Shortcut.lnk
2012-05-22 14:57 - 2012-05-22 14:57 - 00001649 ____A C:\Users\User\Desktop\hardreset - Shortcut.lnk
2012-05-22 13:22 - 2012-05-22 13:22 - 00001282 ____A C:\Users\Public\Desktop\Alan Wake American Nightmare.lnk
2012-05-21 05:00 - 2012-05-21 05:00 - 00007597 ____A C:\Users\User\AppData\Local\Resmon.ResmonCfg
2012-05-20 16:06 - 2012-05-20 16:06 - 00000696 ____A C:\Users\User\Desktop\braid - Shortcut.lnk
2012-05-20 07:22 - 2012-05-20 07:22 - 00000975 ____A C:\Users\Public\Desktop\DeathSpank.lnk
2012-05-17 18:47 - 2012-06-14 15:25 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 15:25 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 15:26 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 15:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 15:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 15:26 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 15:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 15:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 15:26 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 15:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 15:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 15:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 15:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 15:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 15:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 15:25 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 15:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 15:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 15:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 15:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 15:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 15:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 15:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 15:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 15:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 15:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 15:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 15:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 10:06 - 2012-07-05 10:37 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-15 10:06 - 2012-07-05 10:37 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-15 09:50 - 2012-05-15 09:50 - 00000684 ____A C:\Users\User\Desktop\Scoregasm - Shortcut.lnk
2012-05-14 06:14 - 2012-05-14 06:14 - 00000950 ____A C:\Users\User\Desktop\Orcs Must Die!.lnk
2012-05-13 05:28 - 2012-05-13 05:28 - 00001254 ____A C:\Users\User\Desktop\PlantsVsZombies - Shortcut.lnk
2012-05-10 17:19 - 2012-05-10 17:19 - 00001660 ____A C:\Users\User\Desktop\Counter Strike Source 2010 - Shortcut.lnk
2012-05-09 17:50 - 2012-05-09 17:50 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-05-09 15:32 - 2012-05-09 15:32 - 00002015 ____A C:\Users\Public\Desktop\Duty Calls.lnk
2012-05-09 12:03 - 2012-05-09 12:03 - 00001429 ____A C:\Users\Public\Desktop\Zombie Driver Summer of Slaughter.lnk
2012-05-09 08:49 - 2012-05-09 08:49 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2012-05-09 08:49 - 2012-04-24 11:24 - 00338536 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsPStor.sys
2012-05-08 13:04 - 2012-05-08 13:04 - 00001482 ____A C:\Users\User\Desktop\GatlingGears - Shortcut.lnk
2012-05-07 12:47 - 2012-05-07 12:47 - 00000796 ____A C:\Users\Public\Desktop\Play The Next BIG Thing.lnk
2012-05-07 04:12 - 2012-05-24 13:47 - 02049705 ____A C:\Users\User\Documents\Dark Alleys - Soundtrack #3.wma
2012-05-07 04:12 - 2012-05-24 13:47 - 01952699 ____A C:\Users\User\Documents\Dark Alleys - Soundtrack #1.wma
2012-05-07 04:12 - 2012-05-24 13:47 - 01863155 ____A C:\Users\User\Documents\Dark Alleys - Soundtrack #4.wma
2012-05-07 04:12 - 2012-05-24 13:47 - 01579599 ____A C:\Users\User\Documents\Dark Alleys - Soundtrack #2.wma
2012-05-05 15:36 - 2012-05-05 15:36 - 00004096 ____A C:\Windows\d3dx.dat
2012-05-05 12:51 - 2012-05-05 12:51 - 00000000 ____A C:\Windows\Tomb.INI
2012-05-04 17:06 - 2012-05-04 17:06 - 00004285 ____A C:\STFC719.tmp
2012-05-04 16:17 - 2012-05-04 16:17 - 00004289 ____A C:\STFE908.tmp
2012-05-04 15:48 - 2012-05-04 15:48 - 00004289 ____A C:\STFEA4E.tmp
2012-05-04 15:47 - 2012-05-04 15:47 - 00000652 ____A C:\Users\User\Desktop\portal2 - Shortcut.lnk
2012-05-04 11:57 - 2012-05-04 11:57 - 00001551 ____A C:\Users\User\Desktop\AvastUI - Shortcut.lnk
2012-05-04 10:30 - 2012-05-04 10:30 - 00000999 ____A C:\Users\User\Desktop\DukeForever - Shortcut.lnk
2012-05-04 10:29 - 2012-07-05 10:38 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 10:29 - 2012-05-31 11:15 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 10:29 - 2012-05-31 11:15 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:06 - 2012-06-14 04:58 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-14 15:48 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-14 04:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 04:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-14 15:48 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-03 12:57 - 2012-04-24 11:35 - 00505128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-03 12:57 - 2012-04-24 11:35 - 00353576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-05-03 12:49 - 2012-05-03 12:49 - 00208896 ____A (Renesas Electronics Corporation) C:\Windows\System32\Drivers\nusb3xhc.sys
2012-05-03 12:49 - 2012-05-03 12:49 - 00091648 ____A (Renesas Electronics Corporation) C:\Windows\System32\Drivers\nusb3hub.sys
2012-05-03 12:49 - 2012-05-03 12:49 - 00081920 ____A (Renesas Electronics Corporation) C:\Windows\System32\nusb3co2.dll
2012-05-03 10:24 - 2012-05-03 10:24 - 00001747 ____A C:\Users\User\Desktop\RevoUninPro - Shortcut.lnk
2012-05-03 08:57 - 2012-04-24 15:42 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-03 04:46 - 2012-05-03 04:46 - 00001543 ____A C:\Users\User\AppData\Local\PDLSetup.20120503.134625.txt
2012-05-02 07:31 - 2012-05-02 07:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-30 21:40 - 2012-06-14 04:58 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 14:20 - 2012-04-30 14:20 - 00000969 ____A C:\Users\User\Desktop\Toy Soldiers.lnk
2012-04-27 19:55 - 2012-06-14 04:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 09:24 - 2012-04-27 09:24 - 00001832 ____A C:\Users\User\Desktop\ShootManyRobots - Shortcut.lnk
2012-04-26 13:46 - 2012-04-26 13:46 - 00001211 ____A C:\Users\User\Desktop\Rayman Origins - Shortcut.lnk

ZeroAccess:
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\L
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\L\[email protected]
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
C:\Windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8139.86 MB
Available physical RAM: 7265.43 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7266.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.41 GB) (Free:283.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (RECOVERY) (Fixed) (Total:14.06 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
6 Drive i: (SECURE II) (Removable) (Total:1.89 GB) (Free:1.26 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 465 GB 0 B
Disk 2 Online 1935 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 451 GB 200 MB
Partition 3 Primary 14 GB 451 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D Partition 465 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1935 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I SECURE II FAT Removable 1935 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-20 08:12

======================= End Of Log ==========================
  • 0

#18
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!. is that it?
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it is the bad boy. We will need to find a replacement. Then I will zap the lot in one fell swoop

Posted Image

Re-run FRST64 and this time in the search box type :

Services.exe

Then press search

This will produce another log which I will then use to replace the file and remove the rest of the zero access infection
  • 0

#20
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
log file :



Farbar Recovery Scan Tool Version: 24-07-2012 01
Ran by SYSTEM at 2012-07-25 15:48:29
Running from I:\

================== Search: "Services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now retry combofix from normal windows please
  • 0

#22
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I disabled my avast and ran combofix.exe ,when it finished my laptop rebooted itself.now a administrator:auto scan window appeared on the desktop and it is now scanning for infected files.It says this typically doesnt take more than 10 minutes , but i've been waiting for a half an hour or so.It is now at 'completed stage 10'.
  • 0

#23
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It created a log file in C drive, combofix folder:



ComboFix 12-07-26.03 - User 25/07/2012 16:20:22.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8140.6336 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\@
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\L\[email protected]
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
c:\windows\Installer\{137b3a62-4b9a-bd9d-fce2-fbaac8c326b4}\U\[email protected]
D:\install.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
Infected copy of c:\windows\SysWow64\wshtcpip.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 16:05 . 2012-07-25 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 07:13 . 2012-07-25 07:13 -------- d-----w- C:\FRST
2012-07-23 19:08 . 2012-07-23 19:08 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-07-23 19:08 . 2012-07-23 19:08 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 19:08 . 2012-07-23 19:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-23 19:08 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 15:01 . 2012-07-21 15:01 -------- d-sh--w- c:\programdata\SecuROM
2012-07-21 13:07 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0234F36-64AA-4E9C-A2DC-D9230573E7B4}\mpengine.dll
2012-07-21 01:19 . 2012-07-21 01:57 -------- d-----w- c:\users\User\AppData\Roaming\Audacity
2012-07-19 15:17 . 2012-07-19 15:17 -------- d-----w- c:\users\User\AppData\Roaming\InstallShield Installation Information
2012-07-19 15:16 . 2012-07-19 15:16 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-07-19 01:21 . 2012-07-19 01:21 -------- d-----w- c:\programdata\MumboJumbo
2012-07-14 20:39 . 2012-07-23 02:22 -------- d-----w- c:\programdata\Ubisoft
2012-07-14 20:36 . 2012-07-14 20:36 -------- d-----w- c:\users\User\AppData\Roaming\PunkBuster
2012-07-14 19:26 . 2012-07-14 19:26 -------- d-----w- c:\users\User\AppData\Local\THQ
2012-07-13 22:33 . 2012-07-13 22:33 -------- d-----w- c:\programdata\Trymedia
2012-07-13 17:56 . 2012-07-13 18:08 -------- d-----w- c:\users\User\AppData\Local\PAYDAY
2012-07-13 14:40 . 2012-07-13 14:40 -------- d-----w- c:\users\User\AppData\Roaming\Elephant Games
2012-07-13 14:40 . 2012-07-13 14:40 -------- d-----w- c:\programdata\Elephant Games
2012-07-11 13:52 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 00:07 . 2012-07-10 00:07 -------- d-----w- c:\users\User\AppData\Local\WB Games
2012-07-07 15:39 . 2012-07-07 22:41 -------- d-----w- c:\users\User\AppData\Local\My Games
2012-07-06 20:08 . 2012-07-06 20:08 -------- d-----w- c:\programdata\REVOLT
2012-07-05 18:38 . 2012-07-05 18:38 -------- d-----w- c:\program files (x86)\Oracle
2012-06-29 17:41 . 2012-06-29 17:41 -------- d-----w- c:\users\User\AppData\Local\2012
2012-06-29 15:03 . 2012-06-29 15:03 -------- d-----w- c:\users\User\AppData\Roaming\BlamGames
2012-06-28 14:52 . 2012-06-28 14:52 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics
2012-06-27 14:27 . 2012-06-27 14:28 -------- d-----w- c:\users\User\AppData\Local\Salvation Prophecy
2012-06-27 01:54 . 2012-06-27 01:54 -------- d-----w- c:\users\User\AppData\Roaming\Rainbow
2012-06-27 00:51 . 2012-06-27 00:51 -------- d-----w- c:\users\User\AppData\Local\Activision
2012-06-25 17:34 . 2012-06-25 17:34 -------- d-----w- c:\programdata\Tages
2012-06-25 17:09 . 2012-06-25 17:39 311968 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-25 17:09 . 2012-06-25 17:09 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 16:05 . 2012-06-22 18:35 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-19 16:05 . 2012-06-22 18:35 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-19 13:38 . 2012-06-22 18:43 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-18 15:13 . 2012-06-22 18:35 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-17 11:19 . 2012-04-29 15:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 11:19 . 2012-04-29 15:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
2012-06-14 23:35 . 2012-04-24 22:44 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 14:39 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:39 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:39 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:39 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:39 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:39 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 14:39 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 14:39 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 19:13 . 2012-05-31 19:13 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-31 19:13 . 2012-05-31 19:13 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 19:13 . 2012-05-31 19:13 268744 ----a-w- c:\windows\system32\javaws.exe
2012-05-31 19:13 . 2012-05-31 19:13 189384 ----a-w- c:\windows\system32\javaw.exe
2012-05-31 19:13 . 2012-05-31 19:13 188872 ----a-w- c:\windows\system32\java.exe
2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 20:50 . 2012-04-26 22:35 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-25 20:50 . 2012-04-26 22:35 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-25 20:50 . 2012-04-26 22:35 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-25 20:50 . 2012-04-26 22:35 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-18 02:47 . 2012-06-14 23:25 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-14 23:25 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-14 23:26 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-14 23:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-14 23:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-14 23:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-14 23:26 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-14 23:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-14 23:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-14 23:26 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-14 23:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-14 23:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-14 23:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-14 23:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-14 23:26 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-14 23:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-14 23:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 23:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 23:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-10 01:50 . 2012-05-10 01:50 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-09 16:49 . 2012-05-09 16:49 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-05-09 16:49 . 2012-04-24 19:24 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-05-05 01:06 . 2012-05-05 01:06 4285 ----a-w- C:\STFC719.tmp
2012-05-05 00:17 . 2012-05-05 00:17 4289 ----a-w- C:\STFE908.tmp
2012-05-04 23:48 . 2012-05-04 23:48 4289 ----a-w- C:\STFEA4E.tmp
2012-05-04 18:29 . 2012-05-31 19:15 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 18:29 . 2012-05-31 19:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 12:58 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-14 23:48 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 12:58 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 12:58 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-14 23:48 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-03 20:57 . 2012-04-24 19:35 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-03 20:57 . 2012-04-24 19:35 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-03 20:49 . 2012-05-03 20:49 91648 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-05-03 20:49 . 2012-05-03 20:49 81920 ----a-w- c:\windows\system32\nusb3co2.dll
2012-05-03 20:49 . 2012-05-03 20:49 208896 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-05-01 05:40 . 2012-06-14 12:58 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-30 22:30 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-30 22:30 . 2009-08-18 10:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-28 03:55 . 2012-06-14 12:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\prrrrrooooggg\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-05-03 113288]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-24 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-25 270912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-05-09 2413056]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-30 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-30 310272]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-02-24 8591872]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-05-03 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-05-03 208896]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-05-13 19952]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-05-09 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-782919554-1672995099-123328311-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 14:38]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-782919554-1672995099-123328311-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 14:38]
.
2012-07-19 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-782919554-1672995099-123328311-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a5,8b,d9,94,f7,1f,eb,14,3d,9b,4e,43,7b,f8,e5,90,74,90,f9,c2,f8,34,40,
0a,e2,f6,23,2e,b0,d2,2f,db,df,4b,36,9e,e3,e6,1e,59,1c,4c,3a,5d,4b,6b,73,10,\
"??"=hex:4f,c7,b4,a2,a9,4f,97,c3,25,80,5b,b7,c8,57,d4,93
.
[HKEY_USERS\S-1-5-21-782919554-1672995099-123328311-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,1e,ec,b3,39,a0,75,4b,29,9f,c8,27,4d,59,d4,d2,c5,ee,af,af,d9,
3b,2c,67,46,bc,9a,45,11,c9,74,05,12,5f,4b,01,a6,3a,6a,0d,9c,49,78,ba,bc,6b,\
"rkeysecu"=hex:a1,d0,21,3f,9e,88,28,e0,dd,a9,6b,61,bd,23,ed,4a
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-25 17:14:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 16:14
.
Pre-Run: 303,802,925,056 bytes free
Post-Run: 303,281,799,168 bytes free
.
- - End Of File - - 31C5FEF3AFDEE0DE0366633144C65459
  • 0

#24
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It looks okey , right?
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
More to the point.. How is the computer behaving any problems at all ?
  • 0

Advertisements


#26
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
no problems at all.I haven't seen any avast pop ups since yesterday evening. I feel peace now. GREAT SUCCESS :D
Is there anything I should do before you close this topic? Should I uninstall combofix and Otl.exe now and let avast do a full system scan?

My avast expiration date is 19/01/2038 and everything else is up to date except the program version 7.0.1426 should I update it ? I don't have the paid version
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes update to the latest version as the heuristics and behaviour routines have been improved

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#28
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thank you so much Essexbooy.i am very grateful now.i am glad i found this forum. Keep up the good work :thumbsup:
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure :cool:
  • 0

#30
Havocc

Havocc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi just one more thing.When I try to update Definition Update for Windows Defender - KB915597 (Definition 1.131.548.0) in windows update section I get an error.It just doesn't let me install it.What should I do? :help:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP