Jump to content

Zero Access Rootkit


Funnyguy
 Share

Recommended Posts

RogueKiller and TDSSKiller says I still have the Zero Access Rootkit on my PC. Mbam free found other trojans and rootkits before but they have been removed and now Mbam can't find anything. I ran TDSSKiller, RogueKiller and Combofix. They all removed the rootkit and stated my comp is clean but when I restart my PC, these programs find the rootkit again. I have disabled any anti-malware software or firewalls before running these programs. All my important files were backed up before this incident so I'm not worried about data loss. I'll be waiting patiently for a reply.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Andrew at 9:50:16 on 2012-09-28

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7897.5502 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\NetLimiter 3\nlsvc.exe

C:\Windows\SysWOW64\NMSAccessU.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Ditto\Ditto.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Emit\Emit.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Program Files (x86)\Evernote\Evernote\Evernote.exe

C:\Program Files (x86)\SyncBackPro\SyncBackPro.exe

C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Emit\erlang\erts-5.8.4\bin\erl.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Emit\erlang\erts-5.8.4\bin\inet_gethost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Everything\Everything.exe

C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mDefault_Page_URL = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Akamai NetSession Interface] "C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spotify Web Helper] "C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Ditto] C:\Program Files\Ditto\Ditto.exe

mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Emit.lnk - C:\Program Files (x86)\Emit\Emit.exe

StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LockWorkStation.vbs

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

LSP: mswsock.dll

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C01A4D9D-3B97-428D-BD79-18009D731C3A} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup

mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\dcexqchg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll

FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-21 8704]

R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]

R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?]

R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-4-23 918448]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-4-23 947328]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-13 586880]

R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe [2012-4-23 1464752]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-13 13592]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 2656280]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]

R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-4-23 160768]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-2-7 245760]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-9-23 274200]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-13 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-13 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-09-28 05:40:18 -------- d-sh--w- C:\$RECYCLE.BIN

2012-09-28 04:33:18 98816 ----a-w- C:\Windows\sed.exe

2012-09-28 04:33:18 518144 ----a-w- C:\Windows\SWREG.exe

2012-09-28 04:33:18 256000 ----a-w- C:\Windows\PEV.exe

2012-09-28 04:33:18 208896 ----a-w- C:\Windows\MBR.exe

2012-09-28 04:29:48 -------- d-----w- C:\WINSSLog

2012-09-28 04:26:52 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-09-28 04:26:49 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{590398D9-CB1F-4AE3-ADD2-C45ADDDE5C89}\mpengine.dll

2012-09-28 03:38:43 49872 ----a-w- C:\Windows\System32\drivers\wjrxvvdu.sys

2012-09-28 03:38:43 328704 ----a-w- C:\Windows\System32\services.exe.EC51095325FE00C8

2012-09-28 03:33:56 328704 ----a-w- C:\Windows\System32\services.exe.154EA98C0008C618

2012-09-28 03:31:05 328704 ----a-w- C:\Windows\System32\services.exe.3FE04119758F870A

2012-09-28 03:28:27 328704 ----a-w- C:\Windows\System32\services.exe.72E05CAD8F1CCDE9

2012-09-28 03:23:02 328704 ----a-w- C:\Windows\System32\services.exe.C7577C6C6E08B7B5

2012-09-28 03:11:26 1150 ----a-w- C:\FixitRegBackup.reg

2012-09-28 00:11:14 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-27 22:23:06 388096 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-09-27 22:23:06 -------- d-----w- C:\Program Files (x86)\Hi

2012-09-27 16:34:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-09-27 00:13:28 -------- d-----w- C:\Users\Andrew\AppData\Roaming\2BrightSparks

2012-09-27 00:12:58 71096 ----a-w- C:\Windows\SysWow64\NMSAccessU.exe

2012-09-27 00:12:58 20480 ----a-w- C:\Windows\SysWow64\SyncBackPro.dll

2012-09-27 00:12:57 -------- d-----w- C:\Users\Andrew\AppData\Local\2BrightSparks

2012-09-27 00:12:53 -------- d-----w- C:\Program Files (x86)\SyncBackPro

2012-09-24 04:26:18 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys

2012-09-24 04:25:47 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys

2012-09-24 04:25:38 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys

2012-09-24 04:25:32 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys

2012-09-24 03:18:19 119808 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2012-09-24 00:06:22 120832 ----a-w- C:\Windows\System32\IntelOpenCL64.dll

2012-09-24 00:06:14 86016 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll

2012-09-23 18:51:45 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Ditto

2012-09-23 18:51:41 -------- d-----w- C:\Program Files\Ditto

2012-09-23 16:15:22 -------- d-----w- C:\Program Files (x86)\Heroes

2012-09-23 16:02:14 -------- d-----w- C:\ProgramData\GFI Software

2012-09-23 15:12:57 -------- d-----w- C:\Program Files (x86)\GOG.com

2012-09-20 22:15:56 -------- d-----w- C:\ProgramData\RELOADED

2012-09-19 17:00:37 -------- d-----w- C:\Users\Andrew\AppData\Local\Runic Games

2012-09-19 16:33:55 -------- d-----w- C:\Users\Andrew\AppData\Roaming\runic games

2012-09-19 16:30:30 -------- d-----w- C:\Program Files (x86)\Runic Games

2012-09-17 21:21:25 -------- d-----w- C:\Program Files\HitmanPro

2012-09-17 21:21:16 -------- d-----w- C:\ProgramData\HitmanPro

2012-09-17 19:53:27 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-16 16:51:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-16 16:51:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-15 22:28:37 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes

2012-09-15 22:28:26 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-09 19:52:34 -------- d-----w- C:\ProgramData\Tarma Installer

2012-09-07 00:35:22 -------- d-----w- C:\Users\Andrew\AppData\Local\Screencast-O-Matic

.

==================== Find3M ====================

.

2012-09-23 23:12:47 4088448 ----a-w- C:\Windows\PE_Rom.dll

2012-09-17 19:53:22 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-07-28 05:44:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-28 05:44:02 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-15 16:37:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-15 16:37:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-15 16:36:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-04 20:26:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

.

============= FINISH: 9:50:26.12 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 10/13/2011 4:30:21 AM

System Uptime: 9/28/2012 9:13:25 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 350 GiB total, 211.61 GiB free.

D: is FIXED (NTFS) - 754 GiB total, 512.538 GiB free.

E: is FIXED (NTFS) - 293 GiB total, 273.249 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

==== System Restore Points ===================

.

RP347: 9/27/2012 6:22:53 PM - Installed HiJackThis

RP348: 9/27/2012 10:17:32 PM - before RK and combo

RP349: 9/27/2012 11:11:12 PM - Installed Microsoft Fix it 50535

RP350: 9/28/2012 12:03:25 AM - another

RP351: 9/28/2012 12:15:17 AM - Installed Microsoft Fix it 50535

RP352: 9/28/2012 3:00:12 AM - Windows Update

.

==== Installed Programs ======================

.

ABBYY FineReader 11

Acronis True Image WD Edition

Adobe AIR

Adobe Help Manager

Adobe InDesign CS6

Adobe Photoshop CS6

Adobe Shockwave Player 11.6

AI Suite II

AIDA64 Extreme Edition v1.85

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Software Update

Application Profiles

ArtMoney SE v7.38

Asmedia ASM104x USB 3.0 Host Controller Driver

ASUS PC Diagnostics

Auslogics Disk Defrag

Batman - Arkham City

Batman: Arkham City™

Battlefield 3™

Brother Driver Deployment Wizard

Brother MFL-Pro Suite MFC-7360N

CameraHelperMsi

Capsule

Creative ALchemy

Creative Audio Control Panel

Creative Console Launcher

Creative Diagnostics

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Crysis

D3DX10

DAEMON Tools Lite

Dolby Digital Live Pack

Driver Sweeper version 3.2.0

Dropbox

DTS Connect Pack

DVD Decrypter (Remove Only)

Emit version 1.9.1

erLT

ESN Sonar

Evernote v. 4.5.1

Everything 1.2.1.371

FeedDemon

foobar2000 v1.1.8

Fraps

Google Chrome

Grand Theft Auto: Episodes From Liberty City

Greed Corp

HD Tune Pro 4.60

Heroes of Might and Magic 4 Complete

Heroes of Might and Magic V - Collectors Edition

Hi-Rez Studios Authenticate and Update Service

HiJackThis

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

ImgBurn

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Watchdog Timer Driver (Intel® WDT)

IrfanView (remove only)

Java 7 Update 7

Java Auto Updater

Java™ 6 Update 29

JavaFX 2.1.1

K-Lite Mega Codec Pack 7.9.0

L.A. Noire: The Complete Edition

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Mafia II

Malwarebytes Anti-Malware version 1.65.0.1400

Metro 2033

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 15.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Nuance PaperPort 12

Nuance PDF Viewer Plus

NVIDIA PhysX

OpenAL

Origin

PdaNet for Android 3.50

PDF Settings CS6

Pidgin

PunkBuster Services

Quake Live Mozilla Plugin

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Revo Uninstaller 1.93

Rockstar Games Social Club

Scansoft PDF Professional

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sid Meier's Civilization V: Gods & Kings Demo

Songbird 1.9.3 (Build 1959)

Spotify

Steam

StreamTorrent 1.0

SumatraPDF

swMSM

SyncBackPro

Tribes Ascend

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

XnView 1.98.2

.

==== Event Viewer Messages From Past Week ========

.

9/28/2012 9:14:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

9/28/2012 9:06:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

9/28/2012 9:05:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

9/28/2012 3:06:40 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

9/28/2012 1:31:21 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/28/2012 1:31:05 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

9/28/2012 1:30:49 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 4 time(s).

9/28/2012 1:23:07 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 3 time(s).

9/28/2012 1:21:27 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 2 time(s).

9/28/2012 1:20:36 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).

9/28/2012 1:20:01 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

9/27/2012 11:38:38 PM, Error: Microsoft Antimalware [3002] -

9/27/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/27/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/27/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service ICCS with arguments "" in order to run the server: {7B33B0B5-F719-4B0B-B48A-0B8F20CA08A5}

9/27/2012 10:58:05 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

9/27/2012 10:54:07 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

9/27/2012 10:54:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

9/27/2012 10:53:52 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

9/27/2012 10:53:50 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

9/27/2012 10:53:19 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

9/27/2012 10:53:19 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

9/27/2012 10:20:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.

9/27/2012 10:20:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

9/27/2012 10:20:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

9/27/2012 10:20:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

9/26/2012 7:31:00 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

9/25/2012 9:41:18 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

9/24/2012 9:03:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

9/24/2012 8:16:24 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

9/21/2012 6:07:14 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRISSY-DESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C01A4D9D-3B97-428D-BD79-18009D731C3A}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V8.0.5 [09/23/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Andrew [Admin rights]

Mode : Scan -- Date : 09/28/2012 11:38:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> E:\windows\system32\config\SOFTWARE

-> E:\Users\Andrew\NTUSER.DAT

-> E:\Users\Default\NTUSER.DAT

-> E:\Users\Default User\NTUSER.DAT

-> E:\Documents and Settings\Default\NTUSER.DAT

-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD15EARS-00MVWB0 +++++

--- User ---

[MBR] 882ccc77feb85609fff458c7a28ca0d0

[bSP] 2954fa5f9b14ed76c76cef960f9bef6f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 358404 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 734218695 | Size: 1072291 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Here you go......

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012

Ran by SYSTEM at 28-09-2012 12:09:33

Running from H:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [395384 2012-04-27] (Acronis)

HKLM-x32\...\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup [602624 2009-03-12] ()

HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)

HKU\Andrew\...\Run: [Akamai NetSession Interface] "C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)

HKU\Andrew\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)

HKU\Andrew\...\Run: [spotify Web Helper] "C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-08-13] ()

HKU\Andrew\...\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe [1620480 2012-01-03] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\LockWorkStation.vbs ()

Startup: C:\Users\Andrew\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\Andrew\Start Menu\Programs\Startup\Emit.lnk

ShortcutTarget: Emit.lnk -> C:\Program Files (x86)\Emit\Emit.exe ()

Startup: C:\Users\Andrew\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

Startup: C:\Users\Andrew\Start Menu\Programs\Startup\EvernoteTray.lnk

ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

Startup: C:\Users\Andrew\Start Menu\Programs\Startup\PdaNet Desktop.lnk

ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1191648 2012-04-27] (Acronis)

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)

2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] ()

2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2011-12-09] (ASUSTeK Computer Inc.)

2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

2 AsusFanControlService; "C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe" [1464752 2011-12-09] (ASUSTeK Computer Inc.)

3 ICCS; "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe" [160768 2011-05-27] (Intel Corporation)

2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [1845248 2011-03-21] (Locktime Software)

2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()

2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()

2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-28] ()

==================== Drivers (Whitelisted) =====================

3 AiCharger; C:\Windows\SysWow64\Drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)

0 AiChargerPlus; C:\Windows\System32\Drivers\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()

1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()

3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)

3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2011-01-27] (GEAR Software Inc.)

1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-13] (Duplex Secure Ltd.)

0 vididr; C:\Windows\System32\Drivers\vididr.sys [210016 2012-09-23] (Acronis)

0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-09-23] (Acronis)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [x]

1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-28 12:09 - 2012-09-28 12:09 - 00000000 ____D C:\FRST

2012-09-28 07:38 - 2012-09-28 07:38 - 00001862 ____A C:\Users\Andrew\Desktop\RKreport[1].txt

2012-09-28 07:37 - 2012-09-28 07:38 - 00000000 ____D C:\Users\Andrew\Desktop\RK_Quarantine

2012-09-28 06:01 - 2012-09-28 06:02 - 00000525 ____A C:\Users\Andrew\Desktop\New Text Document.txt

2012-09-28 05:50 - 2012-09-28 05:50 - 00025588 ____A C:\Users\Andrew\Desktop\DDS.txt

2012-09-28 05:50 - 2012-09-28 05:50 - 00012279 ____A C:\Users\Andrew\Desktop\Attach.txt

2012-09-28 05:34 - 2012-09-28 05:34 - 00607260 ____R (Swearware) C:\Users\Andrew\Desktop\dds.com

2012-09-27 23:01 - 2012-09-27 23:01 - 00262096 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-09-27 23:00 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-27 23:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-27 23:00 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-27 23:00 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-27 23:00 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-27 23:00 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-27 23:00 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-27 23:00 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-27 23:00 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-27 23:00 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-27 23:00 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-27 23:00 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-27 23:00 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-27 23:00 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-27 23:00 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-27 23:00 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-27 23:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-09-27 23:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-09-27 23:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-09-27 23:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-09-27 23:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-09-27 23:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-09-27 23:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-09-27 23:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-09-27 23:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-09-27 23:00 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-09-27 23:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-09-27 23:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-09-27 23:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-09-27 23:00 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-09-27 23:00 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-09-27 23:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-09-27 21:32 - 2012-09-27 21:32 - 00025185 ____A C:\ComboFix.txt

2012-09-27 21:10 - 2012-09-28 05:13 - 00000168 ____A C:\Windows\setupact.log

2012-09-27 21:10 - 2012-09-27 21:10 - 00000000 ____A C:\Windows\setuperr.log

2012-09-27 21:09 - 2012-09-27 21:40 - 00001070 ____A C:\Windows\PFRO.log

2012-09-27 21:04 - 2012-09-28 08:04 - 00065349 ____A C:\Windows\WindowsUpdate.log

2012-09-27 20:33 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-27 20:33 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-27 20:33 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-27 20:33 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-27 20:33 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-27 20:33 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-27 20:33 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-27 20:33 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-27 20:29 - 2012-09-27 20:30 - 00000000 ____D C:\WINSSLog

2012-09-27 20:10 - 2012-09-27 21:32 - 00000000 ___AD C:\Qoobox

2012-09-27 20:09 - 2012-09-27 21:31 - 00000000 ____D C:\Windows\erdnt

2012-09-27 19:38 - 2012-09-27 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC51095325FE00C8

2012-09-27 19:38 - 2012-09-27 19:38 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wjrxvvdu.sys

2012-09-27 19:33 - 2012-09-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.154EA98C0008C618

2012-09-27 19:31 - 2012-09-27 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FE04119758F870A

2012-09-27 19:28 - 2012-09-27 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72E05CAD8F1CCDE9

2012-09-27 19:23 - 2012-09-27 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7577C6C6E08B7B5

2012-09-27 19:11 - 2012-09-27 20:15 - 00001150 ____A C:\FixitRegBackup.reg

2012-09-27 17:35 - 2012-09-27 17:27 - 01391616 ____A C:\Users\Andrew\Desktop\RogueKiller.exe

2012-09-27 16:11 - 2012-09-28 06:05 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-09-27 16:06 - 2012-09-27 16:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Andrew\Desktop\tdsskiller.exe

2012-09-27 14:23 - 2012-09-27 14:23 - 00000000 ____D C:\Program Files (x86)\Hi

2012-09-27 14:10 - 2012-08-30 20:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-09-27 14:00 - 2012-09-27 14:00 - 00001508 ____A C:\Users\Andrew\Desktop\Virus and Spyware removers - Shortcut.lnk

2012-09-27 12:11 - 2012-09-27 11:28 - 04757745 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe

2012-09-27 08:34 - 2012-09-27 08:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-09-26 16:13 - 2012-09-26 16:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\2BrightSparks

2012-09-26 16:12 - 2012-09-28 05:14 - 00000000 ____D C:\Program Files (x86)\SyncBackPro

2012-09-26 16:12 - 2012-09-26 16:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\2BrightSparks

2012-09-26 16:12 - 2011-05-31 15:03 - 00020480 ____A C:\Windows\SysWOW64\SyncBackPro.dll

2012-09-26 16:12 - 2009-01-12 04:15 - 00071096 ____A C:\Windows\SysWOW64\NMSAccessU.exe

2012-09-25 03:07 - 2012-09-25 03:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-09-24 06:33 - 2012-09-24 06:33 - 00001294 ____A C:\Users\Andrew\Desktop\Computer Management.lnk

2012-09-24 05:53 - 2012-09-24 05:53 - 00001866 ____A C:\Users\Andrew\Desktop\WinToFlash - Shortcut.lnk

2012-09-23 20:56 - 2012-09-23 20:56 - 00000612 ____A C:\Users\Andrew\Desktop\Downloads - Shortcut.lnk

2012-09-23 20:55 - 2012-09-23 20:55 - 00000805 ____A C:\Users\Andrew\Desktop\My Documents - Shortcut.lnk

2012-09-23 20:54 - 2012-09-23 20:54 - 00001062 ____A C:\Users\Andrew\Desktop\Software - Shortcut.lnk

2012-09-23 20:54 - 2012-09-23 20:54 - 00001017 ____A C:\Users\Andrew\Desktop\Fun - Shortcut.lnk

2012-09-23 20:30 - 2012-09-23 20:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Acronis

2012-09-23 20:26 - 2012-09-23 20:26 - 00971360 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys

2012-09-23 20:26 - 2012-09-23 20:26 - 00000000 ____D C:\Users\All Users\Acronis

2012-09-23 20:25 - 2012-09-23 20:25 - 00275552 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys

2012-09-23 20:25 - 2012-09-23 20:25 - 00210016 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys

2012-09-23 20:25 - 2012-09-23 20:25 - 00141920 ____A (Acronis) C:\Windows\System32\Drivers\vsflt53.sys

2012-09-23 20:25 - 2012-09-23 20:25 - 00000000 ____D C:\Program Files (x86)\Acronis

2012-09-23 19:18 - 2012-09-23 19:18 - 00002489 ____A C:\Users\Andrew\Desktop\Windows 7 USB DVD Download Tool.lnk

2012-09-23 19:18 - 2012-09-23 19:18 - 00000000 ____D C:\Users\Andrew\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2012-09-23 16:06 - 2011-12-08 05:48 - 00086016 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll

2012-09-23 16:06 - 2011-12-08 05:36 - 00120832 ____A (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll

2012-09-23 15:44 - 2011-12-21 14:04 - 05885720 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe

2012-09-23 15:44 - 2011-12-21 14:04 - 00511256 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

2012-09-23 15:44 - 2011-12-21 14:04 - 00440600 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe

2012-09-23 15:44 - 2011-12-21 14:04 - 00398104 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe

2012-09-23 15:44 - 2011-12-21 14:04 - 00274200 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe

2012-09-23 15:44 - 2011-12-21 14:04 - 00248600 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe

2012-09-23 15:44 - 2011-12-21 14:04 - 00184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe

2012-09-23 15:44 - 2011-12-21 14:04 - 00170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe

2012-09-23 15:44 - 2011-12-15 13:39 - 00018496 ____A C:\Windows\System32\iglhxs64.vp

2012-09-23 15:44 - 2011-12-15 13:23 - 00090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2598.dll

2012-09-23 15:44 - 2011-12-15 13:01 - 14646560 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys

2012-09-23 15:44 - 2011-12-15 13:01 - 08018944 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll

2012-09-23 15:44 - 2011-12-15 12:59 - 00963912 ____A C:\Windows\SysWOW64\igkrng600.bin

2012-09-23 15:44 - 2011-12-15 12:59 - 00963912 ____A C:\Windows\System32\igkrng600.bin

2012-09-23 15:44 - 2011-12-15 12:59 - 00261196 ____A C:\Windows\SysWOW64\igfcg600m.bin

2012-09-23 15:44 - 2011-12-15 12:59 - 00261196 ____A C:\Windows\System32\igfcg600m.bin

2012-09-23 15:44 - 2011-12-15 12:59 - 00079360 ____A C:\Windows\System32\igdde64.dll

2012-09-23 15:44 - 2011-12-15 12:52 - 06067712 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll

2012-09-23 15:44 - 2011-12-15 12:52 - 00058880 ____A C:\Windows\SysWOW64\igdde32.dll

2012-09-23 15:44 - 2011-12-15 12:28 - 07732736 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll

2012-09-23 15:44 - 2011-12-15 11:14 - 18079744 ____A C:\Windows\System32\ig4icd64.dll

2012-09-23 15:44 - 2011-12-15 10:56 - 13168640 ____A C:\Windows\SysWOW64\ig4icd32.dll

2012-09-23 15:44 - 2011-12-15 10:41 - 00440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc

2012-09-23 15:44 - 2011-12-15 10:41 - 00221099 ____A C:\Windows\System32\Gfxres.th-TH.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00207830 ____A C:\Windows\System32\Gfxres.el-GR.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00191775 ____A C:\Windows\System32\Gfxres.ru-RU.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00164334 ____A C:\Windows\System32\Gfxres.ar-SA.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00161613 ____A C:\Windows\System32\Gfxres.ja-JP.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00157226 ____A C:\Windows\System32\Gfxres.he-IL.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00148033 ____A C:\Windows\System32\Gfxres.it-IT.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00146675 ____A C:\Windows\System32\Gfxres.ko-KR.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00145687 ____A C:\Windows\System32\Gfxres.es-ES.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00145579 ____A C:\Windows\System32\Gfxres.de-DE.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00144338 ____A C:\Windows\System32\Gfxres.ro-RO.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00143805 ____A C:\Windows\System32\Gfxres.fr-FR.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00143155 ____A C:\Windows\System32\Gfxres.tr-TR.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00142664 ____A C:\Windows\System32\Gfxres.pt-BR.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00142335 ____A C:\Windows\System32\Gfxres.nl-NL.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00142189 ____A C:\Windows\System32\Gfxres.hu-HU.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00141644 ____A C:\Windows\System32\Gfxres.pt-PT.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00141435 ____A C:\Windows\System32\Gfxres.sv-SE.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00140923 ____A C:\Windows\System32\Gfxres.pl-PL.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00140885 ____A C:\Windows\System32\Gfxres.cs-CZ.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00140549 ____A C:\Windows\System32\Gfxres.fi-FI.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00140122 ____A C:\Windows\System32\Gfxres.sk-SK.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00139499 ____A C:\Windows\System32\Gfxres.hr-HR.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00136451 ____A C:\Windows\System32\Gfxres.sl-SI.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00136369 ____A C:\Windows\System32\Gfxres.nb-NO.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00135868 ____A C:\Windows\System32\Gfxres.da-DK.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00131317 ____A C:\Windows\System32\Gfxres.en-US.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl

2012-09-23 15:44 - 2011-12-15 10:41 - 00124962 ____A C:\Windows\System32\Gfxres.zh-TW.resources

2012-09-23 15:44 - 2011-12-15 10:41 - 00123467 ____A C:\Windows\System32\Gfxres.zh-CN.resources

2012-09-23 15:44 - 2011-12-15 10:40 - 00410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll

2012-09-23 15:44 - 2011-12-15 10:40 - 00028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll

2012-09-23 15:44 - 2011-12-15 10:39 - 00430080 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll

2012-09-23 15:44 - 2011-12-15 10:39 - 00286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc

2012-09-23 15:44 - 2011-12-15 10:39 - 00172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll

2012-09-23 15:44 - 2011-12-15 10:39 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll

2012-09-23 15:44 - 2011-12-15 10:39 - 00009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll

2012-09-23 15:44 - 2011-12-15 10:38 - 00025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll

2012-09-23 15:44 - 2011-12-15 10:37 - 00321024 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 02780160 ____A (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 02191872 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 01981696 ____A C:\Windows\System32\iglhxa64.cpa

2012-09-23 15:44 - 2011-12-15 10:34 - 00524800 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 00519680 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 00246784 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 00244224 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 00219136 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 00201728 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll

2012-09-23 15:44 - 2011-12-15 10:34 - 00059425 ____A C:\Windows\System32\iglhxo64.vp

2012-09-23 15:44 - 2011-12-15 10:34 - 00059398 ____A C:\Windows\System32\iglhxg64.vp

2012-09-23 15:44 - 2011-12-15 10:34 - 00059230 ____A C:\Windows\System32\iglhxc64.vp

2012-09-23 15:44 - 2011-12-15 10:34 - 00059104 ____A C:\Windows\System32\iglhxc64_dev.vp

2012-09-23 15:44 - 2011-12-15 10:34 - 00058796 ____A C:\Windows\System32\iglhxg64_dev.vp

2012-09-23 15:44 - 2011-12-15 10:34 - 00058109 ____A C:\Windows\System32\iglhxo64_dev.vp

2012-09-23 15:44 - 2011-12-15 10:34 - 00001074 ____A C:\Windows\System32\iglhxa64.vp

2012-09-23 15:44 - 2011-12-05 23:23 - 00331264 ____A (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys

2012-09-23 15:44 - 2011-12-05 23:22 - 00014848 ____A (Intel® Corporation) C:\Windows\System32\IntcDAuC.dll

2012-09-23 10:51 - 2012-09-28 08:03 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Ditto

2012-09-23 10:51 - 2012-09-23 10:51 - 00000000 ____D C:\Program Files\Ditto

2012-09-23 08:15 - 2012-09-23 08:15 - 00000000 ____D C:\Program Files (x86)\Heroes

2012-09-23 08:02 - 2012-09-23 08:02 - 00000000 ____D C:\Users\All Users\GFI Software

2012-09-23 07:12 - 2012-09-23 07:12 - 00000000 ____D C:\Program Files (x86)\GOG.com

2012-09-20 14:15 - 2012-09-20 14:15 - 00000000 ____D C:\Users\All Users\RELOADED

2012-09-19 09:00 - 2012-09-19 09:00 - 00000000 ____D C:\Users\Andrew\AppData\Local\Runic Games

2012-09-19 08:33 - 2012-09-22 04:21 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\runic games

2012-09-19 08:30 - 2012-09-22 04:21 - 00000000 ____D C:\Program Files (x86)\Runic Games

2012-09-17 13:21 - 2012-09-17 13:21 - 00000000 ____D C:\Users\All Users\HitmanPro

2012-09-17 13:21 - 2012-09-17 13:21 - 00000000 ____D C:\Program Files\HitmanPro

2012-09-17 11:53 - 2012-09-17 11:53 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-09-16 08:51 - 2012-09-16 08:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-16 08:51 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-15 14:28 - 2012-09-15 14:28 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Malwarebytes

2012-09-15 14:28 - 2012-09-15 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-09-15 14:16 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-09-15 14:16 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-09-15 14:16 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-09-15 14:16 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-09-15 14:16 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-09-15 14:16 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-09-15 14:16 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-09-15 14:16 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-09-15 14:16 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-09-15 14:16 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-09-15 14:16 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-09-15 14:16 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-09-15 14:16 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-09-15 14:16 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-09-15 14:16 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-09-15 14:16 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-09-15 14:16 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-09-15 14:16 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-09-15 14:16 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-09-15 14:16 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-09-15 14:16 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-09-15 14:16 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-09-15 14:16 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-09-15 14:16 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-09-15 14:16 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-09-15 14:16 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-09-15 14:16 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-09-15 14:16 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-09-15 14:16 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-09-15 14:16 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-09-15 14:16 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-09-15 14:16 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-09-15 14:16 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-09-15 14:16 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-09-15 14:16 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-09-15 14:16 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-09-15 14:16 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-09-15 14:16 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-09-15 14:16 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-09-06 16:35 - 2012-09-07 11:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\Screencast-O-Matic

==================== 3 Months Modified Files ==================

2012-09-28 08:04 - 2012-09-27 21:04 - 00065349 ____A C:\Windows\WindowsUpdate.log

2012-09-28 08:04 - 2012-02-04 06:10 - 00327680 ____A C:\Windows\System32\Ikeext.etl

2012-09-28 08:03 - 2009-07-13 21:13 - 00763582 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-28 07:46 - 2011-10-13 03:10 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180605515-1002178279-3013597921-1000UA.job

2012-09-28 07:38 - 2012-09-28 07:38 - 00001862 ____A C:\Users\Andrew\Desktop\RKreport[1].txt

2012-09-28 06:02 - 2012-09-28 06:01 - 00000525 ____A C:\Users\Andrew\Desktop\New Text Document.txt

2012-09-28 05:50 - 2012-09-28 05:50 - 00025588 ____A C:\Users\Andrew\Desktop\DDS.txt

2012-09-28 05:50 - 2012-09-28 05:50 - 00012279 ____A C:\Users\Andrew\Desktop\Attach.txt

2012-09-28 05:34 - 2012-09-28 05:34 - 00607260 ____R (Swearware) C:\Users\Andrew\Desktop\dds.com

2012-09-28 05:21 - 2009-07-13 20:45 - 00023824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-28 05:21 - 2009-07-13 20:45 - 00023824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-28 05:13 - 2012-09-27 21:10 - 00000168 ____A C:\Windows\setupact.log

2012-09-28 05:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-27 23:01 - 2012-09-27 23:01 - 00262096 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-09-27 21:40 - 2012-09-27 21:09 - 00001070 ____A C:\Windows\PFRO.log

2012-09-27 21:32 - 2012-09-27 21:32 - 00025185 ____A C:\ComboFix.txt

2012-09-27 21:31 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-09-27 21:10 - 2012-09-27 21:10 - 00000000 ____A C:\Windows\setuperr.log

2012-09-27 20:15 - 2012-09-27 19:11 - 00001150 ____A C:\FixitRegBackup.reg

2012-09-27 19:57 - 2011-10-13 03:14 - 00001945 ____A C:\Windows\epplauncher.mif

2012-09-27 19:38 - 2012-09-27 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC51095325FE00C8

2012-09-27 19:38 - 2012-09-27 19:38 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wjrxvvdu.sys

2012-09-27 19:33 - 2012-09-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.154EA98C0008C618

2012-09-27 19:31 - 2012-09-27 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FE04119758F870A

2012-09-27 19:28 - 2012-09-27 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72E05CAD8F1CCDE9

2012-09-27 19:23 - 2012-09-27 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7577C6C6E08B7B5

2012-09-27 18:46 - 2011-10-13 03:10 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180605515-1002178279-3013597921-1000Core.job

2012-09-27 17:27 - 2012-09-27 17:35 - 01391616 ____A C:\Users\Andrew\Desktop\RogueKiller.exe

2012-09-27 16:06 - 2012-09-27 16:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Andrew\Desktop\tdsskiller.exe

2012-09-27 14:00 - 2012-09-27 14:00 - 00001508 ____A C:\Users\Andrew\Desktop\Virus and Spyware removers - Shortcut.lnk

2012-09-27 11:28 - 2012-09-27 12:11 - 04757745 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe

2012-09-24 06:33 - 2012-09-24 06:33 - 00001294 ____A C:\Users\Andrew\Desktop\Computer Management.lnk

2012-09-24 06:33 - 2012-05-20 10:00 - 00007619 ____A C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg

2012-09-24 05:53 - 2012-09-24 05:53 - 00001866 ____A C:\Users\Andrew\Desktop\WinToFlash - Shortcut.lnk

2012-09-23 20:56 - 2012-09-23 20:56 - 00000612 ____A C:\Users\Andrew\Desktop\Downloads - Shortcut.lnk

2012-09-23 20:55 - 2012-09-23 20:55 - 00000805 ____A C:\Users\Andrew\Desktop\My Documents - Shortcut.lnk

2012-09-23 20:54 - 2012-09-23 20:54 - 00001062 ____A C:\Users\Andrew\Desktop\Software - Shortcut.lnk

2012-09-23 20:54 - 2012-09-23 20:54 - 00001017 ____A C:\Users\Andrew\Desktop\Fun - Shortcut.lnk

2012-09-23 20:26 - 2012-09-23 20:26 - 00971360 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys

2012-09-23 20:25 - 2012-09-23 20:25 - 00275552 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys

2012-09-23 20:25 - 2012-09-23 20:25 - 00210016 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys

2012-09-23 20:25 - 2012-09-23 20:25 - 00141920 ____A (Acronis) C:\Windows\System32\Drivers\vsflt53.sys

2012-09-23 19:18 - 2012-09-23 19:18 - 00002489 ____A C:\Users\Andrew\Desktop\Windows 7 USB DVD Download Tool.lnk

2012-09-23 16:22 - 2012-01-11 13:50 - 00018714 ____A C:\Windows\System32\results.xml

2012-09-23 15:12 - 2011-10-13 04:20 - 04088448 ____A C:\Windows\PE_Rom.dll

2012-09-23 14:44 - 2011-10-13 06:31 - 00000000 ____A C:\Windows\Path.idx

2012-09-23 10:58 - 2012-02-06 10:13 - 00012837 ____A C:\Windows\System32\lvcoinst.log

2012-09-22 18:58 - 2011-10-28 21:01 - 00221696 ____A C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-09-17 11:53 - 2012-09-17 11:53 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-09-17 11:53 - 2011-10-13 03:10 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-09-17 11:53 - 2011-10-13 03:10 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-09-17 11:53 - 2011-10-13 03:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-09-17 11:53 - 2011-10-13 03:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-09-16 06:18 - 2011-10-13 03:14 - 00780786 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-09-15 14:25 - 2009-07-13 20:45 - 05036176 ____A C:\Windows\System32\FNTCACHE.DAT

2012-09-07 13:04 - 2012-09-16 08:51 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-30 20:43 - 2011-10-13 02:37 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-08-30 20:12 - 2012-09-27 14:10 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-08-25 05:15 - 2011-10-22 10:32 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm

2012-08-25 05:15 - 2011-10-22 10:32 - 00001080 ____A C:\Windows\System32\settings.sfm

2012-08-24 03:15 - 2012-09-27 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-24 02:39 - 2012-09-27 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-24 02:31 - 2012-09-27 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-24 02:22 - 2012-09-27 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-24 02:21 - 2012-09-27 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-24 02:20 - 2012-09-27 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-24 02:18 - 2012-09-27 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-24 02:17 - 2012-09-27 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-24 02:14 - 2012-09-27 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-24 02:14 - 2012-09-27 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-24 02:13 - 2012-09-27 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-24 02:12 - 2012-09-27 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-24 02:11 - 2012-09-27 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-24 02:10 - 2012-09-27 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-24 02:09 - 2012-09-27 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-24 02:04 - 2012-09-27 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-23 23:27 - 2012-09-27 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-23 23:03 - 2012-09-27 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-23 22:59 - 2012-09-27 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-23 22:51 - 2012-09-27 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-23 22:51 - 2012-09-27 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-23 22:51 - 2012-09-27 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-23 22:49 - 2012-09-27 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-23 22:48 - 2012-09-27 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-23 22:47 - 2012-09-27 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-23 22:47 - 2012-09-27 23:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-08-23 22:47 - 2012-09-27 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-23 22:45 - 2012-09-27 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-08-23 22:44 - 2012-09-27 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-23 22:44 - 2012-09-27 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-23 22:43 - 2012-09-27 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-23 22:40 - 2012-09-27 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-22 10:12 - 2012-09-15 14:16 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-15 14:16 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-15 14:16 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-15 14:16 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-02 09:58 - 2012-09-15 14:16 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-15 14:16 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-07-27 21:44 - 2012-04-14 05:07 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-27 21:44 - 2011-10-13 01:04 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-20 04:34 - 2012-07-20 04:34 - 00001653 ____A C:\Users\Andrew\Desktop\Complete HITS - Shortcut.lnk

2012-07-18 10:15 - 2012-09-15 14:16 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-15 08:37 - 2011-10-25 08:03 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-15 08:37 - 2011-10-14 12:15 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-15 08:36 - 2011-10-14 12:15 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-05 18:06 - 2012-07-18 18:45 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-07-04 14:16 - 2012-09-15 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-09-15 14:16 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-09-15 14:16 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-09-15 14:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-09-15 14:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-04 12:26 - 2012-09-15 14:16 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-27 14:23:02

Restore point made on: 2012-09-27 18:17:41

Restore point made on: 2012-09-27 19:11:21

Restore point made on: 2012-09-27 20:03:34

Restore point made on: 2012-09-27 20:15:27

Restore point made on: 2012-09-27 23:00:20

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 7897.13 MB

Available physical RAM: 7105.81 MB

Total Pagefile: 7895.28 MB

Available Pagefile: 7101.27 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:350 GB) (Free:210.95 GB) NTFS

2 Drive d: () (Fixed) (Total:754.19 GB) (Free:512.54 GB) NTFS

3 Drive e: () (Fixed) (Total:292.97 GB) (Free:273.25 GB) NTFS

5 Drive h: (MACROVAULT) (Removable) (Total:1.97 GB) (Free:1.97 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 1397 GB 0 B

Disk 1 Online 2025 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 350 GB 101 MB

Partition 0 Extended 1047 GB 350 GB

Partition 3 Logical 754 GB 350 GB

Partition 4 Logical 292 GB 1104 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 350 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D NTFS Partition 754 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 E NTFS Partition 292 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 2025 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H MACROVAULT FAT32 Removable 2025 MB Healthy

=========================================================

Last Boot: 2012-09-26 03:23

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 25-09-2012

Ran by SYSTEM at 2012-09-28 12:11:31

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Link to post
Share on other sites

We have to find a good copy of services.exe:

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefind
    services.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 12:27 on 28/09/2012 by Andrew

Administrator - Elevation successful

========== Filefind ==========

Searching for "services.exe"

C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC

-= EOF =-

Link to post
Share on other sites

OK....Drop it into C:\ so the path is:

C:\services.exe

Then.................

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012

Ran by SYSTEM at 2012-09-28 13:34:05 Run:1

Running from H:\

==============================================

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

RogueKiller V8.0.5 [09/23/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Andrew [Admin rights]

Mode : Scan -- Date : 09/28/2012 14:09:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> E:\windows\system32\config\SOFTWARE

-> E:\Users\Andrew\NTUSER.DAT

-> E:\Users\Default\NTUSER.DAT

-> E:\Users\Default User\NTUSER.DAT

-> E:\Documents and Settings\Default\NTUSER.DAT

-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD15EARS-00MVWB0 +++++

--- User ---

[MBR] 882ccc77feb85609fff458c7a28ca0d0

[bSP] 2954fa5f9b14ed76c76cef960f9bef6f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 358404 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 734218695 | Size: 1072291 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: MacroVault USB Device +++++

--- User ---

[MBR] 98b6c966790e0d2549bbf858d7b4e1ff

[bSP] 8e6d8ec58fc905a8fb280207a1e16366 : Standard MBR Code

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 2025 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Link to post
Share on other sites

Everything looks good. Thanks for your help. Windows Defender and Firewall now work. I haven't checked Microsoft Security Essentials yet. Forgot to mention I tried to re-install it when it wasn't working and I thought my computer was clean before the forum post. This caused my PC to shut down after a minute. I was able to use system restore and a One Care tool to remove what was left of MSE.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.28.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Andrew :: ANDREW-PC [administrator]

9/28/2012 2:37:03 PM

mbam-log-2012-09-28 (14-37-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203953

Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

You may have to reinstall MSE if there's a problem.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

JavaFX 2.1.1

Java 6 Update 29

Java 7 Update 7

Adobe Flash Player 11.2.202.235 Flash Player out of Date!

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 6 Update 29 <----please uninstall from add/remove programs

Java 7 Update 7

Adobe Flash Player 11.2.202.235 Flash Player out of date <---please update

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.