Chips

Members
  • Content count

    16
  • Joined

  • Last visited

About Chips

  • Rank
    New Member
  1. Update: computer seems to be running normally again, have been using the internet for the past day or so and nothing strange has happened.
  2. Well, I haven't really used it today but I left it on and nothing out of the ordinary has happened, so that's a relief. Is there anything else that we need to do?
  3. Well I tried to save the scan report from Kaspersky but the program stopped responding so I decided to shut down the computer. On restarting, a command prompot window came up with '_uninst_82750393'. I allowed the installer to launch again but then exited the application when the licence agreement window appeared. A couple of times a window saying 'Deleting files' has appeared, but I'm assuming that's to do with Kaspersky, like the uninstall command prompt window. Different things keep popping up and disappearing but again, I'm assuming they're attributed to how the computer should be running. Other than that, I'll keep an eye on how it's running and post again tomorrow evening, if that's alright.
  4. Correction: 'SmartRestarter_SEC'
  5. There isn't actually anything there on the Detected Threats page, the scan was all clear. Two other things which I thought worthy of mentioning though, a tiny dialogue box for something called 'SmartRestore_SEC' appeared in the top right corner of the screen after startup with only an 'OK' and 'Cancel' button. It seems to be something to do with Samsung but that hasn't come up before. The second is that while the Kaspersky scan was running, some of the the files weren't scanned because they were password protected, locked or there were read errors and such. Is this important? Some of the password protected files had names like rar.exe and stuff.
  6. I haven't been using the netbook at all, but it's been left switched on, and nothing out of the ordinary has happened yet. I did decide to run the ESET scan on the laptop though - it's found 5 threats so far, and I was wondering, will no further action be needed after they're quarantined? What should I do next?
  7. Okay, I ran the scanner. There were two logs available - here's the first, log.txt: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK But since it didn't have much information, I clicked 'Export to text file...' which seems to be the one you need. I renamed it to esetlog.txt: C:\Users\Us\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\Users\Us\Downloads\SoftonicDownloader_for_ms-gif-animator.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\Us\USB Drive\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined Do I delete the quarantined files?
  8. Okay, so first is the information from Norton. It says: Severity: High Activity: altshell.dat (Trojan.Gen.2) detected by Auto-Protect Status: Quarantined Date & Time: 13/04/2013, 16:35:01 File path: c:\users\us\appdata\roaming\altshell.dat Downloaded from: Unknown It says 'This threat has been removed. No further action is needed.' Here's JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.3 (04.05.2013:1) OS: Windows 7 Starter x86 Ran by Us on 14/04/2013 at 16:35:41.26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1060933 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072253 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} ~~~ Files Successfully deleted: [File] C:\windows\system32\sho6AEA.tmp Successfully deleted: [File] C:\windows\system32\sho8607.tmp Successfully deleted: [File] C:\windows\system32\shoC9AC.tmp Successfully deleted: [File] "C:\end" ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" Failed to delete: [Folder] "C:\ProgramData\application data\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Us\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Us\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Us\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files\conduit" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14/04/2013 at 17:00:22.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ And here's the Malwarebytes log: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.14.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Us :: WORKHORSE-BETA [administrator] Protection: Enabled 14/04/2013 17:06:07 mbam-log-2013-04-14 (17-06-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208619 Time elapsed: 15 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Us\Downloads\installer_ac3_dts_codec.exe (PUP.BundleInstaller.BT) -> Quarantined and deleted successfully. C:\Users\Us\Downloads\installer_gif_construction_set_pro.exe (PUP.BundleInstaller.PHP) -> Quarantined and deleted successfully. (end) Also, this time I took the precaution of disconnecting from the internet, except when I had to check for MBAM updates. When I was shutting down though, I noticed that the program which Windows needed to close before it could shut down was called 'explorer.exe' which I've seen mentioned in different virus removal guides. Is that meant to be there?
  9. What I'm also a little concerned about is that the Norton program window which I had open, suddenly closed, as did the My Computer window. That doesn't seem normal, any advice? I've shut down the computer for now.
  10. Here it is: ???? ??? Windows Live ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?????????? Windows Live ?????????? Windows Live ??????????? ?? Windows Live AC3Filter 1.63b Adobe Flash Player 11 ActiveX Adobe Photoshop 7.0 Adobe Reader X (10.1.6) Any Video Converter 3.2.0 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Client Installation Program µTorrent Auction Sentry „Windows Live Essentials“ „Windows Live Mail“ „Windows Live Messenger“ „Windows Live“ fotogalerija BatteryLifeExtender Bonjour Broadcom 802.11 Network Adapter BT Connection Manager ChargeableUSB CyberLink YouCam D3DX10 Easy Content Share Easy Display Manager Easy Network Manager Easy Resolution Manager Easy SpeedUp Manager EasyBatteryManager EasyFileShare Fast Start FLVPlayer4Free Free FLV Player 4.0.0.0 Fotogalerija Windows Live Foxreal YouTube FLV Downloader version: 1.0.1.1 Freecorder 5 Freecorder Toolbar Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live GIF Construction Set Professional 4 Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology iTunes Java 2 Runtime Environment, SE v1.4.1 Java Auto Updater Java Web Start Java 7 Update 5 JavaFX 2.1.1 Junk Mail filter update Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft GIF Animator Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Color Enhancer MSVCRT Norton 360 Norton Online Backup Orbit Downloader Paint XP version 1.1 PhoneShare Poczta uslugi Windows Live Podstawowe programy Windows Live Pošta Windows Live Raccolta foto di Windows Live RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RealUpgrade 1.1 S?????? f?t???af??? t?? Windows Live Samsung AnyWeb Print Samsung Printer Live Update Samsung Recovery Solution 5 Samsung Support Center 1.0 Samsung Universal Print Driver Samsung Universal Scan Driver Samsung Update Plus SamsungMovie Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) SISShortcut Skype™ 5.10 Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) User Guide uTorrentControl2 Toolbar VLC media player 2.0.5 Winamp (Remove Only) Windows Live Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Pošta Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima Wondershare Video Converter Ultimate(Build 6.0.3.2) ----------- By the way, I don't know if this is useful information to you, but since running ComboFix there was an attack by something called Trojan.Gen.2. Norton said it sorted it out but I thought I'd let you know in any case.
  11. So, I ran ComboFix and here's the log file: ComboFix 13-04-12.02 - Us 13/04/2013 15:10:27.1.4 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1013.152 [GMT 1:00] Running from: c:\users\Us\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\WinPCap c:\program files\WinPCap\LICENSE c:\programdata\boost_interprocess\20130412154530.109999 c:\programdata\boost_interprocess\20130412154530.109999\NobuAgentService c:\programdata\boost_interprocess\20130412154530.109999\NobuTrayIcon c:\programdata\FullRemove.exe c:\users\Us\AppData\Roaming\2XL c:\users\Us\AppData\Roaming\2XL\2XL Games Launcher\config.ini c:\users\Us\AppData\Roaming\2XL\Trophylite\config.ini c:\users\Us\AppData\Roaming\2XL\Trophylite\gamestats.bin c:\users\Us\AppData\Roaming\2XL\Trophylite\profile00.prf c:\users\Us\AppData\Roaming\2XL\Trophylite\profilenames.bin . . ((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 ))))))))))))))))))))))))))))))) . . 2013-04-13 14:30 . 2013-04-13 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-12 21:11 . 2013-04-12 21:11 -------- d-----w- C:\FRST 2013-04-12 14:48 . 2013-04-13 14:28 -------- d-----w- c:\programdata\boost_interprocess 2013-04-07 14:05 . 2013-04-07 14:05 -------- d-----w- C:\found.001 2013-03-31 20:16 . 2013-03-31 20:16 -------- d-----w- c:\users\Us\AppData\Roaming\Wondershare Video Converter Ultimate 2013-03-31 20:16 . 2013-03-31 20:16 -------- d-----w- c:\users\Us\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2013-03-31 20:14 . 2013-03-31 20:14 -------- d-----w- c:\users\Us\AppData\Local\Wondershare 2013-03-31 20:14 . 2013-03-31 20:14 -------- d-----w- c:\program files\Common Files\Wondershare 2013-03-31 20:13 . 2012-11-20 10:05 727952 ----a-w- c:\windows\system32\WSCM64.dll 2013-03-31 20:13 . 2012-11-20 10:05 153088 ----a-w- c:\windows\system32\WSCM32.dll 2013-03-31 20:13 . 2013-03-31 20:16 -------- d-----w- c:\programdata\Wondershare Video Converter Ultimate 2013-03-31 20:12 . 2013-03-31 20:12 -------- d-----w- c:\program files\Wondershare 2013-03-23 23:49 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-23 08:46 . 2013-03-23 08:46 -------- d-----w- c:\program files\RealNetworks 2013-03-23 08:42 . 2013-03-23 08:42 -------- d-----w- c:\program files\Common Files\xing shared . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-23 08:37 . 2012-12-19 08:43 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-03-23 08:37 . 2012-08-01 20:46 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-03-13 13:19 . 2012-05-01 09:59 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 13:19 . 2012-05-01 09:59 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-12 04:48 . 2013-03-13 10:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 10:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-02 03:38 . 2013-03-14 03:09 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-02 03:30 . 2013-03-14 03:09 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-02 03:30 . 2013-03-14 03:09 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-02 03:26 . 2013-03-14 03:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-02 03:26 . 2013-03-14 03:09 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-02 03:23 . 2013-03-14 03:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-31 03:18 . 2013-02-27 01:48 338592 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symnets.sys 2013-01-31 03:18 . 2013-02-27 01:48 934488 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symefa.sys 2013-01-29 01:45 . 2013-02-27 01:48 602712 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtsp.sys 2013-01-29 01:45 . 2013-02-27 01:48 32344 ----a-w- c:\windows\system32\drivers\N360\1403000.024\srtspx.sys 2013-01-22 02:15 . 2013-02-27 01:48 367704 ----a-w- c:\windows\system32\drivers\N360\1403000.024\symds.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Freecorder\prxtbFree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-25 10119784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-21 1770792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2013-03-01 24576] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-03-23 295512] "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-05-31 1691136] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-9-18 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1403000.024\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1403000.024\SYMEFA.SYS [x] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [x] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1403000.024\ccSetx86.sys [x] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130412.001\IDSvix86.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1403000.024\Ironx86.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1403000.024\SYMNETS.SYS [x] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [x] S2 BT Connection Manager;BT Connection Manager;c:\program files\BT Connection Manager\btomosrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BTWSp50.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 N360;Norton 360;c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [x] S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - EraserUtilDrv11220 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc GPSvcGroup REG_MULTI_SZ GPSvc . Contents of the 'Scheduled Tasks' folder . 2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 13:19] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA609D72-8482-4076-8991-8CDAE5B93BCB}"=hex:51,66,7a,6c,4c,1d,38,12,1c,9e,73, ae,b0,ca,18,05,f6,87,cf,9a,e0,e7,7f,df "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{E99987AC-6311-4686-B095-EB30B69F9258}"=hex:51,66,7a,6c,4c,1d,38,12,c2,84,8a, ed,23,2d,e8,03,cf,83,a8,70,b3,c1,d6,4c . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c8,97,52,da,d5,2a,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,0c,42,c3,9c,f7,82,4e,a3,de,e1,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,0c,42,c3,9c,f7,82,4e,a3,de,e1,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-13 15:35:40 ComboFix-quarantined-files.txt 2013-04-13 14:35 . Pre-Run: 32,209,686,528 bytes free Post-Run: 32,127,152,128 bytes free . - - End Of File - - 305ACA378ECC809939A70F8483619715
  12. Is it safe to back up all my important files to an external hard drive before I do that? Just wanted to make sure.
  13. Hi, here's Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2013 Ran by SYSTEM at 2013-04-12 15:41:39 Run:1 Running from G:\ ============================================== HKEY_USERS\Us\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully. C:\Users\Us\AppData\Roaming\AltShell.ini moved successfully. C:\ProgramData\boost_interprocess moved successfully. ==== End of Fixlog ==== Rebooted as normal, everything running normally by the looks of things.
  14. All steps followed, managed to start up FRST, here's the log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 30 days old) Ran by SYSTEM at 12-04-2013 13:11:45 Running from G:\ Windows 7 Starter Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10119784 2011-06-24] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1770792 2010-05-20] (Synaptics Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" [24576 2013-03-01] () HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [295512 2013-03-23] (RealNetworks, Inc.) HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1691136 2012-05-31] (Wondershare) HKU\Us\...\Winlogon: [shell] explorer.exe,C:\Users\Us\AppData\Roaming\AltShell.dat [31232 2011-11-16] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Services (Whitelisted) =================== 2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [923136 2011-04-21] (Intel Corporation) 2 Bluetooth Device Monitor; "C:\Program Files\Intel\Bluetooth\devmonsrv.exe" [923984 2011-03-30] (Intel Corporation) 3 Bluetooth Media Service; "C:\Program Files\Intel\Bluetooth\mediasrv.exe" [1321296 2011-03-30] (Intel Corporation) 2 Bluetooth OBEX Service; "C:\Program Files\Intel\Bluetooth\obexsrv.exe" [1001808 2011-03-30] (Intel Corporation) 2 BT Connection Manager; "C:\Program Files\BT Connection Manager\btomosrv.exe" [28747 2009-10-02] (British Telecommunications Plc.) 2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [102672 2011-04-20] (Intel® Corporation) 2 N360; "C:\Program Files\Norton 360\Engine\20.3.0.36\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\20.3.0.36\diMaster.dll" /prefetch:1 [551728 2013-02-06] (Symantec Corporation) 2 NOBU; "C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [3235200 2013-02-08] (Symantec Corporation) 2 RealNetworks Downloader Resolver Service; "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [39056 2013-03-05] () 3 Samsung UPD Service; "C:\windows\System32\SUPDSvc.exe" [131888 2010-08-09] (Samsung Electronics CO., LTD.) ==================== Drivers (Whitelisted) ==================== 3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [240640 2011-04-21] (Windows ® Win 7 DDK provider) 3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [240640 2011-04-21] (Windows ® Win 7 DDK provider) 1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [997464 2013-03-21] (Symantec Corporation) 3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [40960 2011-03-08] (Intel Corporation) 3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [263680 2011-11-14] (Intel Corporation) 2 BTWSp50; C:\Windows\System32\Drivers\BTWSp50.sys [24560 2007-04-20] (Printing Communications Assoc., Inc. (PCAUSA)) 1 ccSet_N360; C:\Windows\system32\drivers\N360\1403000.024\ccSetx86.sys [134304 2012-11-15] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation) 3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47616 2011-12-09] (Intel Corporation) 1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130403.001\IDSvix86.sys [386720 2012-11-23] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130404.003\NAVENG.SYS [93296 2013-03-07] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130404.003\NAVEX15.SYS [1603824 2013-03-07] (Symantec Corporation) 3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7513088 2011-04-30] (Intel Corporation) 3 rtport; \??\C:\windows\system32\drivers\rtport.sys [15656 2011-11-25] (Windows ® 2003 DDK 3790 provider) 3 SRTSP; C:\Windows\System32\Drivers\N360\1403000.024\SRTSP.SYS [602712 2013-01-28] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\N360\1403000.024\SRTSPX.SYS [32344 2013-01-28] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\N360\1403000.024\SYMDS.SYS [367704 2013-01-21] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\N360\1403000.024\SYMEFA.SYS [934488 2013-01-30] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2012-11-22] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\N360\1403000.024\Ironx86.SYS [175264 2012-11-15] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\N360\1403000.024\SYMNETS.SYS [338592 2013-01-30] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-12 13:11 - 2013-04-12 13:11 - 00000000 ____D C:\FRST 2013-04-07 06:07 - 2013-04-07 06:07 - 00003288 ____N C:\bootsqm.dat 2013-04-07 06:05 - 2013-04-07 06:05 - 00000000 __SHD C:\found.001 2013-04-03 23:55 - 2013-04-12 04:04 - 00000004 ____A C:\Users\Us\AppData\Roaming\AltShell.ini 2013-03-31 12:16 - 2013-03-31 12:16 - 00000000 ____D C:\Users\Us\Documents\Wondershare Video Converter Ultimate 2013-03-31 12:16 - 2013-03-31 12:16 - 00000000 ____D C:\Users\Us\AppData\Roaming\Wondershare Video Converter Ultimate 2013-03-31 12:16 - 2013-03-31 12:16 - 00000000 ____D C:\Users\Us\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2013-03-31 12:14 - 2013-03-31 12:14 - 00001410 ____A C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk 2013-03-31 12:14 - 2013-03-31 12:14 - 00000000 ____D C:\Users\Us\AppData\Local\Wondershare 2013-03-31 12:14 - 2013-03-31 12:14 - 00000000 ____D C:\Program Files\Common Files\Wondershare 2013-03-31 12:13 - 2013-03-31 12:16 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2013-03-31 12:13 - 2012-11-20 02:05 - 00727952 ____A () C:\Windows\System32\WSCM64.dll 2013-03-31 12:13 - 2012-11-20 02:05 - 00153088 ____A () C:\Windows\System32\WSCM32.dll 2013-03-31 12:12 - 2013-03-31 12:12 - 00000000 ____D C:\Program Files\Wondershare 2013-03-31 12:09 - 2013-03-31 12:09 - 34602936 ____A (Wondershare Software ) C:\Users\Us\Downloads\video-converter-ultimate_full495.exe 2013-03-28 10:01 - 2013-03-28 10:01 - 00042733 ____A C:\Users\Us\Downloads\Majisuka Gakuen Season 1 And 2 HD (Eng Subs) + PV Music Videos.torrent 2013-03-23 15:49 - 2013-02-11 19:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 2013-03-23 00:47 - 2013-03-23 00:47 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2013-03-23 00:46 - 2013-03-23 00:46 - 00000000 ____D C:\Program Files\RealNetworks 2013-03-23 00:42 - 2013-03-23 00:42 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-03-13 19:09 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-03-13 19:09 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-03-13 19:09 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-03-13 19:09 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-03-13 19:09 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-03-13 19:09 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-03-13 19:09 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-03-13 19:09 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-03-13 19:09 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-03-13 19:09 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-03-13 19:09 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-03-13 19:09 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-03-13 19:09 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-03-13 19:09 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-03-13 19:08 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-03-13 19:08 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-03-13 18:58 - 2013-03-14 15:01 - 00000536 ____A C:\Users\Us\Documents\l.a.names.txt ==================== One Month Modified Files and Folders ======== 2013-04-12 04:04 - 2013-04-03 23:55 - 00000004 ____A C:\Users\Us\AppData\Roaming\AltShell.ini 2013-04-12 04:03 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-12 04:03 - 2009-07-13 20:39 - 00069032 ____A C:\Windows\setupact.log 2013-04-07 06:15 - 2011-07-14 09:45 - 01203452 ____A C:\Windows\WindowsUpdate.log 2013-04-07 06:13 - 2012-06-15 10:17 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-04-07 06:07 - 2013-04-07 06:07 - 00003288 ____N C:\bootsqm.dat 2013-04-07 06:05 - 2013-04-07 06:05 - 00000000 __SHD C:\found.001 2013-04-06 04:37 - 2012-05-01 02:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-04 13:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles 2013-04-04 04:40 - 2009-07-13 20:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-04 04:40 - 2009-07-13 20:34 - 00016160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-04 04:33 - 2012-04-21 13:48 - 00000000 ____D C:\Users\Us\AppData\Local\CrashDumps 2013-04-04 04:05 - 2010-11-20 13:48 - 00714864 ____A C:\Windows\PFRO.log 2013-04-04 00:02 - 2010-11-20 13:01 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-03 23:53 - 2012-08-01 12:42 - 00000000 ____D C:\Users\Us\AppData\Local\FLVService 2013-03-31 13:27 - 2012-09-12 05:18 - 00004159 ____A C:\Users\Us\Documents\posts.txt 2013-03-31 12:16 - 2013-03-31 12:16 - 00000000 ____D C:\Users\Us\Documents\Wondershare Video Converter Ultimate 2013-03-31 12:16 - 2013-03-31 12:16 - 00000000 ____D C:\Users\Us\AppData\Roaming\Wondershare Video Converter Ultimate 2013-03-31 12:16 - 2013-03-31 12:16 - 00000000 ____D C:\Users\Us\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2013-03-31 12:16 - 2013-03-31 12:13 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2013-03-31 12:14 - 2013-03-31 12:14 - 00001410 ____A C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk 2013-03-31 12:14 - 2013-03-31 12:14 - 00000000 ____D C:\Users\Us\AppData\Local\Wondershare 2013-03-31 12:14 - 2013-03-31 12:14 - 00000000 ____D C:\Program Files\Common Files\Wondershare 2013-03-31 12:12 - 2013-03-31 12:12 - 00000000 ____D C:\Program Files\Wondershare 2013-03-31 12:09 - 2013-03-31 12:09 - 34602936 ____A (Wondershare Software ) C:\Users\Us\Downloads\video-converter-ultimate_full495.exe 2013-03-31 12:07 - 2012-10-04 11:46 - 00000000 ____D C:\Users\Us\AppData\Roaming\Orbit 2013-03-30 10:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore 2013-03-28 10:01 - 2013-03-28 10:01 - 00042733 ____A C:\Users\Us\Downloads\Majisuka Gakuen Season 1 And 2 HD (Eng Subs) + PV Music Videos.torrent 2013-03-23 00:47 - 2013-03-23 00:47 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2013-03-23 00:46 - 2013-03-23 00:46 - 00000000 ____D C:\Program Files\RealNetworks 2013-03-23 00:42 - 2013-03-23 00:42 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-03-23 00:42 - 2012-08-01 12:42 - 00000000 ____D C:\ProgramData\Real 2013-03-23 00:40 - 2012-12-19 00:45 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll 2013-03-23 00:38 - 2012-12-19 00:43 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll 2013-03-23 00:38 - 2012-12-19 00:43 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll 2013-03-23 00:38 - 2012-12-19 00:43 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll 2013-03-23 00:37 - 2012-12-19 00:43 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll 2013-03-23 00:37 - 2012-08-01 12:46 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll 2013-03-22 06:55 - 2012-04-11 11:54 - 00000000 ____D C:\Users\Us\AppData\Local\VirtualStore 2013-03-18 10:28 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2013-03-16 17:57 - 2012-08-16 11:51 - 00000000 ____D C:\Users\Us\R+V 2013-03-14 15:01 - 2013-03-13 18:58 - 00000536 ____A C:\Users\Us\Documents\l.a.names.txt 2013-03-14 13:36 - 2011-07-13 18:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-03-13 19:21 - 2012-04-27 05:46 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-03-13 05:19 - 2012-05-01 01:59 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-03-13 05:19 - 2012-05-01 01:59 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 1013.3 MB Available physical RAM: 598.91 MB Total Pagefile: 1013.3 MB Available Pagefile: 619.21 MB Total Virtual: 2047.88 MB Available Virtual: 1960.68 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:113 GB) (Free:30.26 GB) NTFS 2 Drive d: (Local Disk) (Fixed) (Total:166.32 GB) (Free:10.95 GB) NTFS 3 Drive f: (SAMSUNG_REC) (Fixed) (Total:18.67 GB) (Free:0.96 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive g: (FLASH DRIVE) (Removable) (Total:3.72 GB) (Free:3.67 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 1024 KB Disk 1 Online 3812 MB 0 B Partitions of Disk 0: =============== Disk ID: 58C6802B Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 113 GB 101 MB Partition 0 Extended 166 GB 113 GB Partition 4 Logical 166 GB 113 GB Partition 3 Recovery 18 GB 279 GB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 Y SYSTEM NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 113 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Local Disk NTFS Partition 166 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F SAMSUNG_REC NTFS Partition 18 GB Healthy Hidden ========================================================= Partitions of Disk 1: =============== Disk ID: C3072E18 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3808 MB 4032 KB ========================================================= Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FLASH DRIVE FAT32 Removable 3808 MB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 58C6802B Partition 1: ========= Hex: 8020210007DF130C0008000000200300 Active: YES Type: 07 (NTFS) Size: 100 MB Partition 2: ========= Hex: 00DF140C07FEFFFF002803000000200E Active: NO Type: 07 (NTFS) Size: 113 GB Partition 3: ========= Hex: 00FEFFFF0FFEFFFF0028230E0028CA14 Active: NO Type: OF (Extended) Size: 166 GB Partition 4: ========= Hex: 00FEFFFF27FEFFFF0050ED2200985502 Active: NO Type: 27 Size: 19 GB ============================== Partitions of Disk 1: =============== Disk ID: C3072E18 Partition 1: ========= Hex: 000001010C10D1C7801F000080007700 Active: NO Type: 0C Size: 4 GB Last Boot: 2013-04-04 01:22 ==================== End Of Log ============================ How bad's the damage? Will it need reformatting or can we get around it?
  15. Hi Maniac, thanks for replying! Sorry, I forgot to mention which operating system the netbook has - it's Windows 7 Home Starter. By the way, unfortunately I don't have an external disk drive to load a recovery CD from, just a USB drive at present. Took notice of all your pointers though, no probs.