anuraja

I have completed all that you have recommended as final cleanup steps and am very grateful to you for your help. I have also left the message on your profile. Thank you AR

Pasted below is the RK log fike - it just found a few registry entires that it did not like, but that is about it It looks like I am finaly in the clear. Thank you very much for your help. Please let me know if I need to do anything else. AR ========================================================================================= RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: anuraja [Admin rights] Mode: Scan -- Date: 08/12/2012 13:11:22 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] SMIKsSTI.exe -- C:\Windows\SMIKsSTI.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] HKLM\[...]\Run : SMI_SSE_V5 (C:\Windows\SMIKsSTI.EXE) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST320LT0 20-9YG142 SATA Disk Device +++++ --- User --- [MBR] 4ef7afb581c483ce4c886ff9a8eb6c8f [bSP] 58b15e30f86c6e599e811ff5b2cb33f2 : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 287743 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592371712 | Size: 16000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Thank you Mr C Below is the MBAM log - it is rebooting now after MBAM Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.24.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 anuraja :: LTOP-LENOVOX121 [administrator] Protection: Enabled 12/08/2012 12:55:12 mbam-log-2012-08-12 (12-55-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191816 Time elapsed: 6 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

And a third option in Norton is to rescan

I restarted the machine, ran norton antivirus (2011) again after updating it for latest defs and ran the quick scan. It still returns the same result on services.exe (Trojan.Zeroaccess!inf4) detected by Virus Scanner - manual removal required Only action options are 1. Get help or 2. Exclude

Mr C Combofix ran for a lot more than 45 minutes. In fact it has apparently run for 4hrs 20 minutes. I hoper this does not mean that there is still a problem. Attached is the combofix.txt file as requested AR ComboFix.txt

Since Combofix might run for another 45mins, and it is already early morning here 3am, I will post this in a few hours Thanks for your help so far Mr C. Much appreciated. R

Attached is the tdsskiller log I had three options on all 6 items found as threats 1. Copy to quarantine, delete and skip I chose skip - just to remove doubt I ran the scan twice; hence a large log file is attached TDSSKiller.2.7.48.0_12.08.2012_02.50.06_log.txt

MrC The fixlog is pasted below Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012 Ran by SYSTEM at 2012-08-12 02:15:09 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{600b3053-c009-b04c-7395-9bd962db05a7} moved successfully. C:\Users\anuraja\AppData\Local\{600b3053-c009-b04c-7395-9bd962db05a7} moved successfully. ==== End of Fixlog ====

Farbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 2012-08-12 01:58:00 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======

Thank you MrC. Appreciate your quick reply. Attached are are the two txt files as instructed by you. Scan result of Farbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 12-08-2012 01:55:44 Running from F:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated) HKLM\...\Run: [sMI_SSE_V5] C:\Windows\SMIKsSTI.EXE [212992 2011-04-11] (Silicon Motion) HKLM\...\Run: [TpShocks] TpShocks.exe [x] HKLM\...\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [310912 2011-04-26] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] () HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [1629544 2011-08-31] (Lenovo Group Limited) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [634880 2012-04-01] () HKU\anu\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\anuraja\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-09] (Google Inc.) HKU\anuraja\...\Run: [Outlook Sync] C:\Program Files (x86)\CodeTwo\CodeTwo Outlook Sync\C2OutlookSync.exe /silent [x] HKU\anuraja\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation) HKU\anuraja\...\Run: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov) HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x] Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 AppInit_DLLs: acaptuser64.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) ==================== Services (Whitelisted) ====== 2 btwdins; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [968480 2011-03-24] (Broadcom Corporation.) 2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-16] (Conexant Systems Inc.) 2 HyperW7Svc; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [144232 2011-07-08] (Lenovo Group Limited) 2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45928 2011-08-10] (Lenovo.) 2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [41320 2011-05-31] (Lenovo Group Limited) 2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-11] (Lenovo Group Limited) 2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [59240 2011-05-31] (Lenovo Group Limited) 2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited) 2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation) 2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () 3 Power Manager DBC Service; "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE" [87400 2011-08-31] (Lenovo) 3 PwmEWSvc; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [173416 2011-08-31] (Lenovo Group Limited) 2 SAService; C:\Windows\SysWow64\SAsrv.exe [446592 2011-01-06] (Conexant Systems, Inc.) 2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited) 2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [28672 2011-07-25] (Lenovo Group Limited) 2 ThinkVantage Registry Monitor Service; "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [1028096 2010-08-31] (Lenovo Group Limited) 3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47728 2011-01-13] (Lenovo.) 2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [145256 2011-07-11] (Lenovo Group Limited) 2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [142696 2011-07-11] (Lenovo Group Limited) 3 TVT Backup Service; "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe" [1492280 2011-08-18] (Lenovo Group Limited) ========================== Drivers (Whitelisted) ============= 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation) 3 e2eVAWdm; C:\Windows\System32\DRIVERS\VAud_WDM.sys [60128 2010-05-07] (e2eSoft) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120810.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120810.035\ENG64.SYS [120440 2012-07-24] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120810.035\EX64.SYS [2068600 2012-07-24] (Symantec Corporation) 1 PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [32104 2011-07-08] (Lenovo Group Limited) 0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [139888 2011-01-13] (Lenovo.) 0 SMR300; C:\Windows\System32\Drivers\SMR300.sys [96376 2012-08-11] (Symantec Corporation) 3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-06-16] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) 0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23664 2011-01-13] (Lenovo.) 3 TVTI2C; C:\Windows\System32\Drivers\TVTI2C.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.) 3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [210048 2011-04-11] (SMI) 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-12 01:55 - 2012-08-12 01:55 - 00000000 ____D C:\FRST 2012-08-11 16:50 - 2012-08-11 16:50 - 00000146 ____A C:\Users\anuraja\Desktop\MBAMforum-mytopic.url 2012-08-11 16:48 - 2012-08-11 16:48 - 00002344 ____A C:\Users\anuraja\Desktop\instruc malremoval.txt 2012-08-11 16:10 - 2012-08-11 16:10 - 00000000 ____D C:\Users\anuraja\AppData\Local\SimpleSYN 2012-08-11 16:00 - 2012-08-11 16:00 - 00000000 ____A C:\Windows\setuperr.log 2012-08-11 16:00 - 2012-08-11 16:00 - 00000000 ____A C:\Windows\setupact.log 2012-08-11 15:56 - 2012-08-11 16:37 - 00000000 ____D C:\sh4ldr 2012-08-11 15:56 - 2012-08-11 15:56 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-08-11 15:55 - 2012-08-11 16:36 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-08-11 15:38 - 2012-08-11 15:38 - 00339347 ____A C:\Users\anuraja\Desktop\Please help! Trojan.Dropper.BCMiner and Rootkit.0Access - Malwarebytes Forum.htm 2012-08-11 15:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-11 15:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-11 15:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-11 15:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-11 15:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-11 15:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-11 15:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-11 15:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-11 15:23 - 2012-08-11 15:55 - 00000000 ___SD C:\ComboFix 2012-08-11 15:21 - 2012-08-11 15:23 - 00000000 ___SD C:\32788R22FWJFW 2012-08-11 15:21 - 2012-08-11 15:23 - 00000000 ____D C:\Qoobox 2012-08-11 15:21 - 2012-08-11 15:21 - 00000000 ____D C:\Windows\erdnt 2012-08-11 15:20 - 2012-08-11 15:20 - 04729547 ____R (Swearware) C:\Users\anuraja\Downloads\ComboFix.exe 2012-08-11 14:38 - 2012-08-11 14:38 - 00000902 ____A C:\Windows\System32\.crusader 2012-08-11 14:27 - 2012-08-11 14:38 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-08-11 14:26 - 2012-08-11 14:27 - 08864168 ____A (SurfRight B.V.) C:\Users\anuraja\Downloads\HitmanPro36_x64.exe 2012-08-11 14:01 - 2012-08-11 14:01 - 00000000 _RSHD C:\RRbackups 2012-08-11 13:46 - 2012-08-11 13:46 - 00000000 ____D C:\Users\anuraja\AppData\Roaming\SpeedyPC Software 2012-08-11 13:46 - 2012-08-11 13:46 - 00000000 ____D C:\Users\anuraja\AppData\Roaming\DriverCure 2012-08-11 13:45 - 2012-08-11 13:52 - 00000000 ____D C:\Users\All Users\SpeedyPC Software 2012-08-11 13:34 - 2012-08-11 13:30 - 01628920 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxsfs.dll 2012-08-11 13:34 - 2012-08-11 13:30 - 00547576 ____N (Sonic Solutions) C:\Windows\SysWOW64\px.dll 2012-08-11 13:34 - 2012-08-11 13:30 - 00510712 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxdrv.dll 2012-08-11 13:34 - 2012-08-11 13:30 - 00379640 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxwave.dll 2012-08-11 13:34 - 2012-08-11 13:30 - 00187128 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxmas.dll 2012-08-11 13:34 - 2012-08-11 13:30 - 00129784 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxafs.dll 2012-08-11 13:34 - 2012-08-11 13:30 - 00118520 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsi64.exe 2012-08-11 13:34 - 2012-08-11 13:30 - 00116472 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpyi64.exe 2012-08-11 13:34 - 2012-08-11 13:30 - 00072440 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxhpinst.exe 2012-08-11 13:34 - 2012-08-11 13:30 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsa64.exe 2012-08-11 13:34 - 2012-08-11 13:30 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpya64.exe 2012-08-11 13:34 - 2012-08-11 13:30 - 00039672 ____N (Sonic Solutions) C:\Windows\SysWOW64\vxblock.dll 2012-08-11 13:30 - 2012-08-11 13:30 - 00040760 ____A (Lenovo Information Product(ShenZhen China) Inc.) C:\Windows\System32\Drivers\psadd.sys 2012-08-11 12:47 - 2012-08-11 12:47 - 00096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR300.SYS 2012-08-11 12:34 - 2012-08-11 12:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-11 12:33 - 2012-08-11 12:33 - 00000000 ____D C:\Users\anuraja\AppData\Roaming\Malwarebytes 2012-08-11 12:32 - 2012-08-11 12:32 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\anuraja\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-11 12:32 - 2012-08-11 12:32 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-11 12:32 - 2012-08-11 12:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-11 12:32 - 2012-07-03 04:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-11 11:43 - 2012-08-11 13:03 - 00000000 ____D C:\Users\anuraja\AppData\Local\NPE 2012-08-11 11:43 - 2012-08-11 11:43 - 02841104 ____A (Symantec Corporation) C:\Users\anuraja\Downloads\NPE.exe 2012-08-11 11:35 - 2012-08-11 12:43 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-08-11 11:35 - 2012-08-11 11:35 - 01805736 ____A (Symantec Corporation) C:\Users\anuraja\Downloads\FixZeroAccess.exe 2012-08-11 11:24 - 2012-08-11 12:46 - 00000000 ____D C:\Users\anuraja\AppData\Local\CrashDumps 2012-08-11 11:22 - 2012-08-11 11:22 - 00000000 ____D C:\Program Files (x86)\SimpleSYN 2.1 2012-08-11 11:15 - 2012-08-11 11:15 - 05482352 ____A (creativbox.net - Internet Solutions) C:\Users\anuraja\Downloads\SimpleSYN_21_en_US_x86.exe 2012-08-09 08:55 - 2012-08-10 01:18 - 00014848 __ASH C:\Users\anuraja\Downloads\Thumbs.db 2012-08-05 14:19 - 2012-08-11 16:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-05 14:14 - 2012-08-05 14:14 - 00000430 _RASH C:\Users\anuraja\ntuser.pol 2012-08-05 14:09 - 2012-08-05 14:09 - 00000000 ____D C:\Users\anuraja\AppData\Local\Conexant 2012-08-05 14:09 - 2012-08-05 14:09 - 00000000 ____D C:\Users\All Users\Conexant 2012-08-05 10:04 - 2012-08-06 00:14 - 00015360 ____A C:\Users\anuraja\Desktop\Grade6 exam-the plan.xls 2012-07-29 08:15 - 2012-07-29 08:15 - 00000000 ____D C:\Users\anuraja\AppData\Local\{5DCC5B3B-2DB9-404B-A93A-B80F0DEC051D} 2012-07-27 23:57 - 2012-07-27 23:57 - 00000000 ____D C:\Users\anuraja\AppData\Roaming\HP 2012-07-27 23:51 - 2012-07-27 23:51 - 00000000 ____D C:\Program Files (x86)\HP 2012-07-27 23:51 - 2008-08-07 04:14 - 00131072 ____A (Hewlett-Packard Company) C:\Windows\System32\hpz3l64w.dll 2012-07-27 23:51 - 2008-08-07 04:04 - 00233472 ____A (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpzc364w.dll 2012-07-27 23:51 - 2006-11-30 02:14 - 00671816 ____A (HP) C:\Windows\SysWOW64\hpcdmc32.dll 2012-07-27 23:50 - 2012-07-30 22:23 - 00001450 ____A C:\Users\All Users\hpzinstall.log 2012-07-27 23:49 - 2012-07-28 00:27 - 00000000 ____D C:\Users\All Users\HP 2012-07-27 23:49 - 2009-12-21 23:31 - 00359256 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll 2012-07-27 23:49 - 2009-10-04 23:20 - 01420288 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpwtiop3.dll 2012-07-27 23:49 - 2009-10-04 23:20 - 00944128 ____A (Hewlett-Packard) C:\Windows\System32\hpwwiax3.dll 2012-07-27 23:49 - 2009-10-04 23:20 - 00540672 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll 2012-07-27 23:49 - 2009-10-04 23:20 - 00488960 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpovst11.dll 2012-07-26 09:01 - 2012-07-26 09:01 - 00000000 ____D C:\Users\All Users\Hewlett-Packard 2012-07-23 03:47 - 2012-07-23 03:47 - 00000000 ____D C:\Users\anuraja\AppData\Local\{286987F0-0C97-4FA7-BE7E-48BE330DE8A5} 2012-07-23 03:33 - 2012-07-23 03:33 - 00000000 ____D C:\Users\anuraja\AppData\Local\{FD22715A-55CB-4F8E-904B-C48B1FE0C8A0} 2012-07-23 03:31 - 2012-08-07 01:51 - 00000000 ____D C:\Users\anuraja\AppData\Local\Windows Live 2012-07-23 03:31 - 2012-07-23 03:31 - 00000000 ____D C:\Users\anuraja\AppData\Local\{091CD4E8-384D-40A3-9BE5-B80DE64A2640} ============ 3 Months Modified Files ======================== 2012-08-11 16:50 - 2012-08-11 16:50 - 00000146 ____A C:\Users\anuraja\Desktop\MBAMforum-mytopic.url 2012-08-11 16:49 - 2012-08-05 14:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-11 16:48 - 2012-08-11 16:48 - 00002344 ____A C:\Users\anuraja\Desktop\instruc malremoval.txt 2012-08-11 16:48 - 2012-02-09 06:26 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-11 16:42 - 2009-07-13 20:45 - 00031296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-11 16:42 - 2009-07-13 20:45 - 00031296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-11 16:00 - 2012-08-11 16:00 - 00000000 ____A C:\Windows\setuperr.log 2012-08-11 16:00 - 2012-08-11 16:00 - 00000000 ____A C:\Windows\setupact.log 2012-08-11 15:38 - 2012-08-11 15:38 - 00339347 ____A C:\Users\anuraja\Desktop\Please help! Trojan.Dropper.BCMiner and Rootkit.0Access - Malwarebytes Forum.htm 2012-08-11 15:20 - 2012-08-11 15:20 - 04729547 ____R (Swearware) C:\Users\anuraja\Downloads\ComboFix.exe 2012-08-11 14:54 - 2009-07-13 21:13 - 00782664 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-11 14:49 - 2012-02-22 11:42 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ccf19a1de3f5f1.job 2012-08-11 14:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-11 14:38 - 2012-08-11 14:38 - 00000902 ____A C:\Windows\System32\.crusader 2012-08-11 14:27 - 2012-08-11 14:26 - 08864168 ____A (SurfRight B.V.) C:\Users\anuraja\Downloads\HitmanPro36_x64.exe 2012-08-11 13:30 - 2012-08-11 13:34 - 01628920 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxsfs.dll 2012-08-11 13:30 - 2012-08-11 13:34 - 00547576 ____N (Sonic Solutions) C:\Windows\SysWOW64\px.dll 2012-08-11 13:30 - 2012-08-11 13:34 - 00510712 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxdrv.dll 2012-08-11 13:30 - 2012-08-11 13:34 - 00379640 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxwave.dll 2012-08-11 13:30 - 2012-08-11 13:34 - 00187128 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxmas.dll 2012-08-11 13:30 - 2012-08-11 13:34 - 00129784 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxafs.dll 2012-08-11 13:30 - 2012-08-11 13:34 - 00118520 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsi64.exe 2012-08-11 13:30 - 2012-08-11 13:34 - 00116472 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpyi64.exe 2012-08-11 13:30 - 2012-08-11 13:34 - 00072440 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxhpinst.exe 2012-08-11 13:30 - 2012-08-11 13:34 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsa64.exe 2012-08-11 13:30 - 2012-08-11 13:34 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpya64.exe 2012-08-11 13:30 - 2012-08-11 13:34 - 00039672 ____N (Sonic Solutions) C:\Windows\SysWOW64\vxblock.dll 2012-08-11 13:30 - 2012-08-11 13:30 - 00040760 ____A (Lenovo Information Product(ShenZhen China) Inc.) C:\Windows\System32\Drivers\psadd.sys 2012-08-11 12:47 - 2012-08-11 12:47 - 00096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR300.SYS 2012-08-11 12:43 - 2012-08-11 11:35 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-08-11 12:32 - 2012-08-11 12:32 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\anuraja\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-11 11:43 - 2012-08-11 11:43 - 02841104 ____A (Symantec Corporation) C:\Users\anuraja\Downloads\NPE.exe 2012-08-11 11:35 - 2012-08-11 11:35 - 01805736 ____A (Symantec Corporation) C:\Users\anuraja\Downloads\FixZeroAccess.exe 2012-08-11 11:15 - 2012-08-11 11:15 - 05482352 ____A (creativbox.net - Internet Solutions) C:\Users\anuraja\Downloads\SimpleSYN_21_en_US_x86.exe 2012-08-10 01:18 - 2012-08-09 08:55 - 00014848 __ASH C:\Users\anuraja\Downloads\Thumbs.db 2012-08-06 00:14 - 2012-08-05 10:04 - 00015360 ____A C:\Users\anuraja\Desktop\Grade6 exam-the plan.xls 2012-08-05 14:19 - 2012-04-10 22:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-05 14:19 - 2012-02-23 14:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-05 14:14 - 2012-08-05 14:14 - 00000430 _RASH C:\Users\anuraja\ntuser.pol 2012-07-30 22:23 - 2012-07-27 23:50 - 00001450 ____A C:\Users\All Users\hpzinstall.log 2012-07-10 18:34 - 2009-07-13 20:45 - 00422024 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 18:06 - 2012-02-25 12:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 04:46 - 2012-08-11 12:32 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-30 05:25 - 2012-06-29 01:23 - 00054784 ___AH C:\Users\anuraja\Desktop\~WRL0003.tmp 2012-06-30 04:19 - 2012-02-22 11:46 - 00111368 ____A C:\Users\anuraja\AppData\Local\GDIPFONTCACHEV1.DAT 2012-06-25 07:04 - 2012-06-25 07:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll 2012-06-21 10:41 - 2012-06-16 23:28 - 00002446 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk 2012-06-16 23:41 - 2012-06-16 23:29 - 00174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2012-06-16 23:41 - 2012-06-16 23:29 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2012-06-11 19:08 - 2012-07-10 18:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-10 13:28 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 13:28 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-10 13:28 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-10 13:28 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-10 13:28 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-10 13:28 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-10 13:28 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-10 13:28 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-23 13:26 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-23 13:26 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-23 13:26 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-23 13:26 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-23 13:26 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-23 13:26 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-23 13:26 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 06:19 - 2012-06-23 13:25 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 06:15 - 2012-06-23 13:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-10 18:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-10 18:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-10 18:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-10 18:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-10 18:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-10 18:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-10 18:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-10 18:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-10 18:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-10 18:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-10 18:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-10 18:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-10 18:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-10 18:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-10 18:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-10 18:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-10 18:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-10 18:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-10 18:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-10 18:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-10 18:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-10 18:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-10 18:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-10 18:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-10 18:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-10 18:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-10 18:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-10 18:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-10 13:28 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-10 13:28 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-10 13:28 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-10 13:28 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-10 13:28 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-10 13:28 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-10 13:28 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-10 13:28 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-10 13:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-28 11:32 - 2012-05-28 11:32 - 00014020 ____A C:\Users\anuraja\Desktop\Sound and Audio Settings.lnk ZeroAccess: C:\Windows\Installer\{600b3053-c009-b04c-7395-9bd962db05a7} C:\Windows\Installer\{600b3053-c009-b04c-7395-9bd962db05a7}\@ C:\Windows\Installer\{600b3053-c009-b04c-7395-9bd962db05a7}\L C:\Windows\Installer\{600b3053-c009-b04c-7395-9bd962db05a7}\U C:\Windows\Installer\{600b3053-c009-b04c-7395-9bd962db05a7}\L\00000004.@ C:\Windows\Installer\{600b3053-c009-b04c-7395-9bd962db05a7}\L\201d3dde ZeroAccess: C:\Users\anuraja\AppData\Local\{600b3053-c009-b04c-7395-9bd962db05a7} C:\Users\anuraja\AppData\Local\{600b3053-c009-b04c-7395-9bd962db05a7}\@ C:\Users\anuraja\AppData\Local\{600b3053-c009-b04c-7395-9bd962db05a7}\L C:\Users\anuraja\AppData\Local\{600b3053-c009-b04c-7395-9bd962db05a7}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 22% Total physical RAM: 3686.67 MB Available physical RAM: 2853.84 MB Total Pagefile: 3684.87 MB Available Pagefile: 2839.79 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (Windows7_OS) (Fixed) (Total:281 GB) (Free:234.15 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.53 GB) NTFS 3 Drive f: (IOMEGA_HDD) (Fixed) (Total:76.67 GB) (Free:37.83 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 76 GB 3072 KB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1500 MB 1024 KB Partition 2 Primary 280 GB 1501 MB Partition 3 Primary 15 GB 282 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 Y SYSTEM_DRV NTFS Partition 1500 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C Windows7_OS NTFS Partition 280 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E Lenovo_Reco NTFS Partition 15 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 76 GB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F IOMEGA_HDD FAT32 Partition 76 GB Healthy ================================================================================== Last Boot: 2012-08-06 15:42 ======================= End Of Log ========================== search.txt to follow in next post

Sorry, should have mentioned that earlier Windows 7 Pro x64

I was affected by this trojan and guess it is a rootkit infection. Can you please help. I tried running roguekiller to post a log but that gets deleted automatically Experts, Please help AR