Funnyguy Posted September 28, 2012 ID:602073 Share Posted September 28, 2012 RogueKiller and TDSSKiller says I still have the Zero Access Rootkit on my PC. Mbam free found other trojans and rootkits before but they have been removed and now Mbam can't find anything. I ran TDSSKiller, RogueKiller and Combofix. They all removed the rootkit and stated my comp is clean but when I restart my PC, these programs find the rootkit again. I have disabled any anti-malware software or firewalls before running these programs. All my important files were backed up before this incident so I'm not worried about data loss. I'll be waiting patiently for a reply..DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2Run by Andrew at 9:50:16 on 2012-09-28Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7897.5502 [GMT -4:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exeC:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exeC:\Program Files\NetLimiter 3\nlsvc.exeC:\Windows\SysWOW64\NMSAccessU.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exeC:\Users\Andrew\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files\Ditto\Ditto.exeC:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exeC:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Emit\Emit.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exeC:\Program Files (x86)\PdaNet for Android\PdaNetPC.exeC:\Users\Andrew\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Program Files (x86)\Evernote\Evernote\Evernote.exeC:\Program Files (x86)\SyncBackPro\SyncBackPro.exeC:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exeC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exeC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Emit\erlang\erts-5.8.4\bin\erl.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\Emit\erlang\erts-5.8.4\bin\inet_gethost.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Everything\Everything.exeC:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exeC:\Program Files (x86)\ControlCenter4\BrCcUxSys.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmDefault_Page_URL = about:blankmStart Page = about:blankuInternet Settings,ProxyOverride = <local>BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dllBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [Akamai NetSession Interface] "C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe"uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [spotify Web Helper] "C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [Ditto] C:\Program Files\Ditto\Ditto.exemRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startupmRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorunStartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Emit.lnk - C:\Program Files (x86)\Emit\Emit.exeStartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeStartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exeStartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exeStartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LockWorkStation.vbsmPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204LSP: mswsock.dllDPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{C01A4D9D-3B97-428D-BD79-18009D731C3A} : DhcpNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dllBHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FilemRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startupmRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorunIE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\dcexqchg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/igFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dllFF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dllFF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dllFF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\system32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll.============= SERVICES / DRIVERS ===============.P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-21 8704]R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?]R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-4-23 918448]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2012-4-23 947328]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-13 586880]R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe [2012-4-23 1464752]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-13 13592]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 2656280]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-4-23 160768]R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]R3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-2-7 245760]S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-9-23 274200]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-13 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-13 79360]S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2012-09-28 05:40:18 -------- d-sh--w- C:\$RECYCLE.BIN2012-09-28 04:33:18 98816 ----a-w- C:\Windows\sed.exe2012-09-28 04:33:18 518144 ----a-w- C:\Windows\SWREG.exe2012-09-28 04:33:18 256000 ----a-w- C:\Windows\PEV.exe2012-09-28 04:33:18 208896 ----a-w- C:\Windows\MBR.exe2012-09-28 04:29:48 -------- d-----w- C:\WINSSLog2012-09-28 04:26:52 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2012-09-28 04:26:49 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{590398D9-CB1F-4AE3-ADD2-C45ADDDE5C89}\mpengine.dll2012-09-28 03:38:43 49872 ----a-w- C:\Windows\System32\drivers\wjrxvvdu.sys2012-09-28 03:38:43 328704 ----a-w- C:\Windows\System32\services.exe.EC51095325FE00C82012-09-28 03:33:56 328704 ----a-w- C:\Windows\System32\services.exe.154EA98C0008C6182012-09-28 03:31:05 328704 ----a-w- C:\Windows\System32\services.exe.3FE04119758F870A2012-09-28 03:28:27 328704 ----a-w- C:\Windows\System32\services.exe.72E05CAD8F1CCDE92012-09-28 03:23:02 328704 ----a-w- C:\Windows\System32\services.exe.C7577C6C6E08B7B52012-09-28 03:11:26 1150 ----a-w- C:\FixitRegBackup.reg2012-09-28 00:11:14 -------- d-----w- C:\TDSSKiller_Quarantine2012-09-27 22:23:06 388096 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2012-09-27 22:23:06 -------- d-----w- C:\Program Files (x86)\Hi2012-09-27 16:34:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%2012-09-27 00:13:28 -------- d-----w- C:\Users\Andrew\AppData\Roaming\2BrightSparks2012-09-27 00:12:58 71096 ----a-w- C:\Windows\SysWow64\NMSAccessU.exe2012-09-27 00:12:58 20480 ----a-w- C:\Windows\SysWow64\SyncBackPro.dll2012-09-27 00:12:57 -------- d-----w- C:\Users\Andrew\AppData\Local\2BrightSparks2012-09-27 00:12:53 -------- d-----w- C:\Program Files (x86)\SyncBackPro2012-09-24 04:26:18 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys2012-09-24 04:25:47 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys2012-09-24 04:25:38 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys2012-09-24 04:25:32 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys2012-09-24 03:18:19 119808 ----a-r- C:\Users\Andrew\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe2012-09-24 00:06:22 120832 ----a-w- C:\Windows\System32\IntelOpenCL64.dll2012-09-24 00:06:14 86016 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll2012-09-23 18:51:45 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Ditto2012-09-23 18:51:41 -------- d-----w- C:\Program Files\Ditto2012-09-23 16:15:22 -------- d-----w- C:\Program Files (x86)\Heroes2012-09-23 16:02:14 -------- d-----w- C:\ProgramData\GFI Software2012-09-23 15:12:57 -------- d-----w- C:\Program Files (x86)\GOG.com2012-09-20 22:15:56 -------- d-----w- C:\ProgramData\RELOADED2012-09-19 17:00:37 -------- d-----w- C:\Users\Andrew\AppData\Local\Runic Games2012-09-19 16:33:55 -------- d-----w- C:\Users\Andrew\AppData\Roaming\runic games2012-09-19 16:30:30 -------- d-----w- C:\Program Files (x86)\Runic Games2012-09-17 21:21:25 -------- d-----w- C:\Program Files\HitmanPro2012-09-17 21:21:16 -------- d-----w- C:\ProgramData\HitmanPro2012-09-17 19:53:27 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2012-09-16 16:51:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-09-16 16:51:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-09-15 22:28:37 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Malwarebytes2012-09-15 22:28:26 -------- d-----w- C:\ProgramData\Malwarebytes2012-09-09 19:52:34 -------- d-----w- C:\ProgramData\Tarma Installer2012-09-07 00:35:22 -------- d-----w- C:\Users\Andrew\AppData\Local\Screencast-O-Matic.==================== Find3M ====================.2012-09-23 23:12:47 4088448 ----a-w- C:\Windows\PE_Rom.dll2012-09-17 19:53:22 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll2012-07-28 05:44:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-28 05:44:02 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-15 16:37:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2012-07-15 16:37:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2012-07-15 16:36:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-07-04 20:26:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys.============= FINISH: 9:50:26.12 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 10/13/2011 4:30:21 AMSystem Uptime: 9/28/2012 9:13:25 AM (0 hours ago).Motherboard: ASUSTeK Computer INC. | | P8Z68-V LXProcessor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 350 GiB total, 211.61 GiB free.D: is FIXED (NTFS) - 754 GiB total, 512.538 GiB free.E: is FIXED (NTFS) - 293 GiB total, 273.249 GiB free.F: is CDROM ()G: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: SBREDevice ID: ROOT\LEGACY_SBRE\0000Manufacturer:Name: SBREPNP Device ID: ROOT\LEGACY_SBRE\0000Service: SBRE.==== System Restore Points ===================.RP347: 9/27/2012 6:22:53 PM - Installed HiJackThisRP348: 9/27/2012 10:17:32 PM - before RK and comboRP349: 9/27/2012 11:11:12 PM - Installed Microsoft Fix it 50535RP350: 9/28/2012 12:03:25 AM - anotherRP351: 9/28/2012 12:15:17 AM - Installed Microsoft Fix it 50535RP352: 9/28/2012 3:00:12 AM - Windows Update.==== Installed Programs ======================.ABBYY FineReader 11Acronis True Image WD EditionAdobe AIRAdobe Help ManagerAdobe InDesign CS6Adobe Photoshop CS6Adobe Shockwave Player 11.6AI Suite IIAIDA64 Extreme Edition v1.85Akamai NetSession InterfaceAkamai NetSession Interface ServiceApple Application SupportApple Software UpdateApplication ProfilesArtMoney SE v7.38Asmedia ASM104x USB 3.0 Host Controller DriverASUS PC DiagnosticsAuslogics Disk DefragBatman - Arkham CityBatman: Arkham City™Battlefield 3™Brother Driver Deployment WizardBrother MFL-Pro Suite MFC-7360NCameraHelperMsiCapsuleCreative ALchemyCreative Audio Control PanelCreative Console LauncherCreative DiagnosticsCreative Software AutoUpdateCreative Sound Blaster Properties x64 EditionCrysisD3DX10DAEMON Tools LiteDolby Digital Live PackDriver Sweeper version 3.2.0DropboxDTS Connect PackDVD Decrypter (Remove Only)Emit version 1.9.1erLTESN SonarEvernote v. 4.5.1Everything 1.2.1.371FeedDemonfoobar2000 v1.1.8FrapsGoogle ChromeGrand Theft Auto: Episodes From Liberty CityGreed CorpHD Tune Pro 4.60Heroes of Might and Magic 4 CompleteHeroes of Might and Magic V - Collectors EditionHi-Rez Studios Authenticate and Update ServiceHiJackThisHTC BMP USB DriverHTC Driver InstallerHTC SyncImgBurnIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® Watchdog Timer Driver (Intel® WDT)IrfanView (remove only)Java 7 Update 7Java Auto UpdaterJava™ 6 Update 29JavaFX 2.1.1K-Lite Mega Codec Pack 7.9.0L.A. Noire: The Complete EditionLogitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMafia IIMalwarebytes Anti-Malware version 1.65.0.1400Metro 2033Microsoft .NET Framework 1.1Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Mozilla Firefox 15.0.1 (x86 en-US)MSVCRTMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB973685)Nuance PaperPort 12Nuance PDF Viewer PlusNVIDIA PhysXOpenALOriginPdaNet for Android 3.50PDF Settings CS6PidginPunkBuster ServicesQuake Live Mozilla PluginQuickTimeRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRevo Uninstaller 1.93Rockstar Games Social ClubScansoft PDF ProfessionalSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Sid Meier's Civilization V: Gods & Kings DemoSongbird 1.9.3 (Build 1959)SpotifySteamStreamTorrent 1.0SumatraPDFswMSMSyncBackProTribes AscendUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Windows 7 USB/DVD Download ToolWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Media Player Firefox PluginXnView 1.98.2.==== Event Viewer Messages From Past Week ========.9/28/2012 9:14:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE9/28/2012 9:06:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.9/28/2012 9:05:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.9/28/2012 3:06:40 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@010100049/28/2012 1:31:21 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.9/28/2012 1:31:05 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.9/28/2012 1:30:49 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 4 time(s).9/28/2012 1:23:07 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 3 time(s).9/28/2012 1:21:27 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 2 time(s).9/28/2012 1:20:36 AM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).9/28/2012 1:20:01 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.9/27/2012 11:38:38 PM, Error: Microsoft Antimalware [3002] -9/27/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}9/27/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}9/27/2012 11:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service ICCS with arguments "" in order to run the server: {7B33B0B5-F719-4B0B-B48A-0B8F20CA08A5}9/27/2012 10:58:05 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..9/27/2012 10:54:07 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248919/27/2012 10:54:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248919/27/2012 10:53:52 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.9/27/2012 10:53:50 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.9/27/2012 10:53:19 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.9/27/2012 10:53:19 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.9/27/2012 10:20:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.9/27/2012 10:20:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.9/27/2012 10:20:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.9/27/2012 10:20:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.9/26/2012 7:31:00 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.9/25/2012 9:41:18 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.9/24/2012 9:03:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.9/24/2012 8:16:24 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.9/21/2012 6:07:14 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRISSY-DESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C01A4D9D-3B97-428D-BD79-18009D731C3A}. The master browser is stopping or an election is being forced..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602076 Share Posted September 28, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.Quit all running programs.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602129 Share Posted September 28, 2012 RogueKiller V8.0.5 [09/23/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo...13-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Andrew [Admin rights]Mode : Scan -- Date : 09/28/2012 11:38:20¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Extern Hives: ¤¤¤-> E:\windows\system32\config\SOFTWARE-> E:\Users\Andrew\NTUSER.DAT-> E:\Users\Default\NTUSER.DAT-> E:\Users\Default User\NTUSER.DAT-> E:\Documents and Settings\Default\NTUSER.DAT-> E:\Documents and Settings\Default User\NTUSER.DAT¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD15EARS-00MVWB0 +++++--- User ---[MBR] 882ccc77feb85609fff458c7a28ca0d0[bSP] 2954fa5f9b14ed76c76cef960f9bef6f : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 358404 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 734218695 | Size: 1072291 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602138 Share Posted September 28, 2012 Here you go......Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please make sure system restore is running and create a new restore point before continuing!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]Now press the Search button[*]When the search is complete, search.txt will also be written to your USB[*]Type exit and reboot the computer normally[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)MrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602160 Share Posted September 28, 2012 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012Ran by SYSTEM at 28-09-2012 12:09:33Running from H:\Windows 7 Ultimate (X64) OS Language: English(US)The current controlset is ControlSet002==================== Registry (Whitelisted) ===================HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [395384 2012-04-27] (Acronis)HKLM-x32\...\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup [602624 2009-03-12] ()HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)HKU\Andrew\...\Run: [Akamai NetSession Interface] "C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)HKU\Andrew\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)HKU\Andrew\...\Run: [spotify Web Helper] "C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-08-13] ()HKU\Andrew\...\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe [1620480 2012-01-03] ()Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Startup: C:\Users\All Users\Start Menu\Programs\Startup\LockWorkStation.vbs ()Startup: C:\Users\Andrew\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)Startup: C:\Users\Andrew\Start Menu\Programs\Startup\Emit.lnkShortcutTarget: Emit.lnk -> C:\Program Files (x86)\Emit\Emit.exe ()Startup: C:\Users\Andrew\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)Startup: C:\Users\Andrew\Start Menu\Programs\Startup\EvernoteTray.lnkShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)Startup: C:\Users\Andrew\Start Menu\Programs\Startup\PdaNet Desktop.lnkShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()==================== Services (Whitelisted) ===================2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1191648 2012-04-27] (Acronis)2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] ()2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2011-12-09] (ASUSTeK Computer Inc.)2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()2 AsusFanControlService; "C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe" [1464752 2011-12-09] (ASUSTeK Computer Inc.)3 ICCS; "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe" [160768 2011-05-27] (Intel Corporation)2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [1845248 2011-03-21] (Locktime Software)2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-28] ()==================== Drivers (Whitelisted) =====================3 AiCharger; C:\Windows\SysWow64\Drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)0 AiChargerPlus; C:\Windows\System32\Drivers\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2011-01-27] (GEAR Software Inc.)1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-13] (Duplex Secure Ltd.)0 vididr; C:\Windows\System32\Drivers\vididr.sys [210016 2012-09-23] (Acronis)0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-09-23] (Acronis)3 catchme; \??\C:\ComboFix\catchme.sys [x]3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [x]1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2012-09-28 12:09 - 2012-09-28 12:09 - 00000000 ____D C:\FRST2012-09-28 07:38 - 2012-09-28 07:38 - 00001862 ____A C:\Users\Andrew\Desktop\RKreport[1].txt2012-09-28 07:37 - 2012-09-28 07:38 - 00000000 ____D C:\Users\Andrew\Desktop\RK_Quarantine2012-09-28 06:01 - 2012-09-28 06:02 - 00000525 ____A C:\Users\Andrew\Desktop\New Text Document.txt2012-09-28 05:50 - 2012-09-28 05:50 - 00025588 ____A C:\Users\Andrew\Desktop\DDS.txt2012-09-28 05:50 - 2012-09-28 05:50 - 00012279 ____A C:\Users\Andrew\Desktop\Attach.txt2012-09-28 05:34 - 2012-09-28 05:34 - 00607260 ____R (Swearware) C:\Users\Andrew\Desktop\dds.com2012-09-27 23:01 - 2012-09-27 23:01 - 00262096 ____A C:\Windows\msxml4-KB2721691-enu.LOG2012-09-27 23:00 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-09-27 23:00 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-09-27 23:00 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-09-27 23:00 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-09-27 23:00 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-09-27 23:00 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-09-27 23:00 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-09-27 23:00 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-09-27 23:00 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-09-27 23:00 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-09-27 23:00 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2012-09-27 23:00 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-09-27 23:00 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2012-09-27 23:00 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-09-27 23:00 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-09-27 23:00 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-09-27 23:00 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-09-27 23:00 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-09-27 23:00 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-09-27 23:00 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-09-27 23:00 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-09-27 23:00 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-09-27 23:00 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-09-27 23:00 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-09-27 23:00 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-09-27 23:00 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2012-09-27 23:00 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-09-27 23:00 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2012-09-27 23:00 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-09-27 23:00 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-09-27 23:00 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-09-27 23:00 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-09-27 21:32 - 2012-09-27 21:32 - 00025185 ____A C:\ComboFix.txt2012-09-27 21:10 - 2012-09-28 05:13 - 00000168 ____A C:\Windows\setupact.log2012-09-27 21:10 - 2012-09-27 21:10 - 00000000 ____A C:\Windows\setuperr.log2012-09-27 21:09 - 2012-09-27 21:40 - 00001070 ____A C:\Windows\PFRO.log2012-09-27 21:04 - 2012-09-28 08:04 - 00065349 ____A C:\Windows\WindowsUpdate.log2012-09-27 20:33 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe2012-09-27 20:33 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe2012-09-27 20:33 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe2012-09-27 20:33 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe2012-09-27 20:33 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe2012-09-27 20:33 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe2012-09-27 20:33 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe2012-09-27 20:33 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe2012-09-27 20:29 - 2012-09-27 20:30 - 00000000 ____D C:\WINSSLog2012-09-27 20:10 - 2012-09-27 21:32 - 00000000 ___AD C:\Qoobox2012-09-27 20:09 - 2012-09-27 21:31 - 00000000 ____D C:\Windows\erdnt2012-09-27 19:38 - 2012-09-27 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC51095325FE00C82012-09-27 19:38 - 2012-09-27 19:38 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wjrxvvdu.sys2012-09-27 19:33 - 2012-09-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.154EA98C0008C6182012-09-27 19:31 - 2012-09-27 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FE04119758F870A2012-09-27 19:28 - 2012-09-27 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72E05CAD8F1CCDE92012-09-27 19:23 - 2012-09-27 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7577C6C6E08B7B52012-09-27 19:11 - 2012-09-27 20:15 - 00001150 ____A C:\FixitRegBackup.reg2012-09-27 17:35 - 2012-09-27 17:27 - 01391616 ____A C:\Users\Andrew\Desktop\RogueKiller.exe2012-09-27 16:11 - 2012-09-28 06:05 - 00000000 ____D C:\TDSSKiller_Quarantine2012-09-27 16:06 - 2012-09-27 16:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Andrew\Desktop\tdsskiller.exe2012-09-27 14:23 - 2012-09-27 14:23 - 00000000 ____D C:\Program Files (x86)\Hi2012-09-27 14:10 - 2012-08-30 20:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe2012-09-27 14:00 - 2012-09-27 14:00 - 00001508 ____A C:\Users\Andrew\Desktop\Virus and Spyware removers - Shortcut.lnk2012-09-27 12:11 - 2012-09-27 11:28 - 04757745 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe2012-09-27 08:34 - 2012-09-27 08:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%2012-09-26 16:13 - 2012-09-26 16:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\2BrightSparks2012-09-26 16:12 - 2012-09-28 05:14 - 00000000 ____D C:\Program Files (x86)\SyncBackPro2012-09-26 16:12 - 2012-09-26 16:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\2BrightSparks2012-09-26 16:12 - 2011-05-31 15:03 - 00020480 ____A C:\Windows\SysWOW64\SyncBackPro.dll2012-09-26 16:12 - 2009-01-12 04:15 - 00071096 ____A C:\Windows\SysWOW64\NMSAccessU.exe2012-09-25 03:07 - 2012-09-25 03:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2012-09-24 06:33 - 2012-09-24 06:33 - 00001294 ____A C:\Users\Andrew\Desktop\Computer Management.lnk2012-09-24 05:53 - 2012-09-24 05:53 - 00001866 ____A C:\Users\Andrew\Desktop\WinToFlash - Shortcut.lnk2012-09-23 20:56 - 2012-09-23 20:56 - 00000612 ____A C:\Users\Andrew\Desktop\Downloads - Shortcut.lnk2012-09-23 20:55 - 2012-09-23 20:55 - 00000805 ____A C:\Users\Andrew\Desktop\My Documents - Shortcut.lnk2012-09-23 20:54 - 2012-09-23 20:54 - 00001062 ____A C:\Users\Andrew\Desktop\Software - Shortcut.lnk2012-09-23 20:54 - 2012-09-23 20:54 - 00001017 ____A C:\Users\Andrew\Desktop\Fun - Shortcut.lnk2012-09-23 20:30 - 2012-09-23 20:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Acronis2012-09-23 20:26 - 2012-09-23 20:26 - 00971360 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys2012-09-23 20:26 - 2012-09-23 20:26 - 00000000 ____D C:\Users\All Users\Acronis2012-09-23 20:25 - 2012-09-23 20:25 - 00275552 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys2012-09-23 20:25 - 2012-09-23 20:25 - 00210016 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys2012-09-23 20:25 - 2012-09-23 20:25 - 00141920 ____A (Acronis) C:\Windows\System32\Drivers\vsflt53.sys2012-09-23 20:25 - 2012-09-23 20:25 - 00000000 ____D C:\Program Files (x86)\Acronis2012-09-23 19:18 - 2012-09-23 19:18 - 00002489 ____A C:\Users\Andrew\Desktop\Windows 7 USB DVD Download Tool.lnk2012-09-23 19:18 - 2012-09-23 19:18 - 00000000 ____D C:\Users\Andrew\AppData\Local\Apps\Windows 7 USB DVD Download Tool2012-09-23 16:06 - 2011-12-08 05:48 - 00086016 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll2012-09-23 16:06 - 2011-12-08 05:36 - 00120832 ____A (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll2012-09-23 15:44 - 2011-12-21 14:04 - 05885720 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe2012-09-23 15:44 - 2011-12-21 14:04 - 00511256 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe2012-09-23 15:44 - 2011-12-21 14:04 - 00440600 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe2012-09-23 15:44 - 2011-12-21 14:04 - 00398104 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe2012-09-23 15:44 - 2011-12-21 14:04 - 00274200 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe2012-09-23 15:44 - 2011-12-21 14:04 - 00248600 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe2012-09-23 15:44 - 2011-12-21 14:04 - 00184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe2012-09-23 15:44 - 2011-12-21 14:04 - 00170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe2012-09-23 15:44 - 2011-12-15 13:39 - 00018496 ____A C:\Windows\System32\iglhxs64.vp2012-09-23 15:44 - 2011-12-15 13:23 - 00090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2598.dll2012-09-23 15:44 - 2011-12-15 13:01 - 14646560 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys2012-09-23 15:44 - 2011-12-15 13:01 - 08018944 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll2012-09-23 15:44 - 2011-12-15 12:59 - 00963912 ____A C:\Windows\SysWOW64\igkrng600.bin2012-09-23 15:44 - 2011-12-15 12:59 - 00963912 ____A C:\Windows\System32\igkrng600.bin2012-09-23 15:44 - 2011-12-15 12:59 - 00261196 ____A C:\Windows\SysWOW64\igfcg600m.bin2012-09-23 15:44 - 2011-12-15 12:59 - 00261196 ____A C:\Windows\System32\igfcg600m.bin2012-09-23 15:44 - 2011-12-15 12:59 - 00079360 ____A C:\Windows\System32\igdde64.dll2012-09-23 15:44 - 2011-12-15 12:52 - 06067712 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll2012-09-23 15:44 - 2011-12-15 12:52 - 00058880 ____A C:\Windows\SysWOW64\igdde32.dll2012-09-23 15:44 - 2011-12-15 12:28 - 07732736 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll2012-09-23 15:44 - 2011-12-15 11:14 - 18079744 ____A C:\Windows\System32\ig4icd64.dll2012-09-23 15:44 - 2011-12-15 10:56 - 13168640 ____A C:\Windows\SysWOW64\ig4icd32.dll2012-09-23 15:44 - 2011-12-15 10:41 - 00440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc2012-09-23 15:44 - 2011-12-15 10:41 - 00221099 ____A C:\Windows\System32\Gfxres.th-TH.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00207830 ____A C:\Windows\System32\Gfxres.el-GR.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00191775 ____A C:\Windows\System32\Gfxres.ru-RU.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00164334 ____A C:\Windows\System32\Gfxres.ar-SA.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00161613 ____A C:\Windows\System32\Gfxres.ja-JP.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00157226 ____A C:\Windows\System32\Gfxres.he-IL.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00148033 ____A C:\Windows\System32\Gfxres.it-IT.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00146675 ____A C:\Windows\System32\Gfxres.ko-KR.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00145687 ____A C:\Windows\System32\Gfxres.es-ES.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00145579 ____A C:\Windows\System32\Gfxres.de-DE.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00144338 ____A C:\Windows\System32\Gfxres.ro-RO.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00143805 ____A C:\Windows\System32\Gfxres.fr-FR.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00143155 ____A C:\Windows\System32\Gfxres.tr-TR.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00142664 ____A C:\Windows\System32\Gfxres.pt-BR.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00142335 ____A C:\Windows\System32\Gfxres.nl-NL.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00142189 ____A C:\Windows\System32\Gfxres.hu-HU.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00141644 ____A C:\Windows\System32\Gfxres.pt-PT.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00141435 ____A C:\Windows\System32\Gfxres.sv-SE.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00140923 ____A C:\Windows\System32\Gfxres.pl-PL.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00140885 ____A C:\Windows\System32\Gfxres.cs-CZ.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00140549 ____A C:\Windows\System32\Gfxres.fi-FI.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00140122 ____A C:\Windows\System32\Gfxres.sk-SK.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00139499 ____A C:\Windows\System32\Gfxres.hr-HR.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00136451 ____A C:\Windows\System32\Gfxres.sl-SI.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00136369 ____A C:\Windows\System32\Gfxres.nb-NO.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00135868 ____A C:\Windows\System32\Gfxres.da-DK.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00131317 ____A C:\Windows\System32\Gfxres.en-US.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl2012-09-23 15:44 - 2011-12-15 10:41 - 00124962 ____A C:\Windows\System32\Gfxres.zh-TW.resources2012-09-23 15:44 - 2011-12-15 10:41 - 00123467 ____A C:\Windows\System32\Gfxres.zh-CN.resources2012-09-23 15:44 - 2011-12-15 10:40 - 00410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll2012-09-23 15:44 - 2011-12-15 10:40 - 00028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll2012-09-23 15:44 - 2011-12-15 10:39 - 00430080 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll2012-09-23 15:44 - 2011-12-15 10:39 - 00286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc2012-09-23 15:44 - 2011-12-15 10:39 - 00172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll2012-09-23 15:44 - 2011-12-15 10:39 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll2012-09-23 15:44 - 2011-12-15 10:39 - 00009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll2012-09-23 15:44 - 2011-12-15 10:38 - 00025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll2012-09-23 15:44 - 2011-12-15 10:37 - 00321024 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll2012-09-23 15:44 - 2011-12-15 10:34 - 02780160 ____A (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll2012-09-23 15:44 - 2011-12-15 10:34 - 02191872 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll2012-09-23 15:44 - 2011-12-15 10:34 - 01981696 ____A C:\Windows\System32\iglhxa64.cpa2012-09-23 15:44 - 2011-12-15 10:34 - 00524800 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll2012-09-23 15:44 - 2011-12-15 10:34 - 00519680 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll2012-09-23 15:44 - 2011-12-15 10:34 - 00246784 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll2012-09-23 15:44 - 2011-12-15 10:34 - 00244224 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll2012-09-23 15:44 - 2011-12-15 10:34 - 00219136 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll2012-09-23 15:44 - 2011-12-15 10:34 - 00201728 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll2012-09-23 15:44 - 2011-12-15 10:34 - 00059425 ____A C:\Windows\System32\iglhxo64.vp2012-09-23 15:44 - 2011-12-15 10:34 - 00059398 ____A C:\Windows\System32\iglhxg64.vp2012-09-23 15:44 - 2011-12-15 10:34 - 00059230 ____A C:\Windows\System32\iglhxc64.vp2012-09-23 15:44 - 2011-12-15 10:34 - 00059104 ____A C:\Windows\System32\iglhxc64_dev.vp2012-09-23 15:44 - 2011-12-15 10:34 - 00058796 ____A C:\Windows\System32\iglhxg64_dev.vp2012-09-23 15:44 - 2011-12-15 10:34 - 00058109 ____A C:\Windows\System32\iglhxo64_dev.vp2012-09-23 15:44 - 2011-12-15 10:34 - 00001074 ____A C:\Windows\System32\iglhxa64.vp2012-09-23 15:44 - 2011-12-05 23:23 - 00331264 ____A (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys2012-09-23 15:44 - 2011-12-05 23:22 - 00014848 ____A (Intel® Corporation) C:\Windows\System32\IntcDAuC.dll2012-09-23 10:51 - 2012-09-28 08:03 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Ditto2012-09-23 10:51 - 2012-09-23 10:51 - 00000000 ____D C:\Program Files\Ditto2012-09-23 08:15 - 2012-09-23 08:15 - 00000000 ____D C:\Program Files (x86)\Heroes2012-09-23 08:02 - 2012-09-23 08:02 - 00000000 ____D C:\Users\All Users\GFI Software2012-09-23 07:12 - 2012-09-23 07:12 - 00000000 ____D C:\Program Files (x86)\GOG.com2012-09-20 14:15 - 2012-09-20 14:15 - 00000000 ____D C:\Users\All Users\RELOADED2012-09-19 09:00 - 2012-09-19 09:00 - 00000000 ____D C:\Users\Andrew\AppData\Local\Runic Games2012-09-19 08:33 - 2012-09-22 04:21 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\runic games2012-09-19 08:30 - 2012-09-22 04:21 - 00000000 ____D C:\Program Files (x86)\Runic Games2012-09-17 13:21 - 2012-09-17 13:21 - 00000000 ____D C:\Users\All Users\HitmanPro2012-09-17 13:21 - 2012-09-17 13:21 - 00000000 ____D C:\Program Files\HitmanPro2012-09-17 11:53 - 2012-09-17 11:53 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2012-09-16 08:51 - 2012-09-16 08:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-09-16 08:51 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-09-15 14:28 - 2012-09-15 14:28 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Malwarebytes2012-09-15 14:28 - 2012-09-15 14:28 - 00000000 ____D C:\Users\All Users\Malwarebytes2012-09-15 14:16 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2012-09-15 14:16 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys2012-09-15 14:16 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2012-09-15 14:16 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2012-09-15 14:16 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2012-09-15 14:16 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2012-09-15 14:16 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-09-15 14:16 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll2012-09-15 14:16 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll2012-09-15 14:16 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll2012-09-15 14:16 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll2012-09-15 14:16 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll2012-09-15 14:16 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys2012-09-15 14:16 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2012-09-15 14:16 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2012-09-15 14:16 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2012-09-15 14:16 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll2012-09-15 14:16 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll2012-09-15 14:16 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2012-09-15 14:16 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2012-09-15 14:16 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll2012-09-15 14:16 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2012-09-15 14:16 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2012-09-15 14:16 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2012-09-15 14:16 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll2012-09-15 14:16 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2012-09-15 14:16 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2012-09-15 14:16 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2012-09-15 14:16 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2012-09-15 14:16 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2012-09-15 14:16 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll2012-09-15 14:16 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll2012-09-15 14:16 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2012-09-15 14:16 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2012-09-15 14:16 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe2012-09-15 14:16 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe2012-09-15 14:16 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll2012-09-15 14:16 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll2012-09-15 14:16 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2012-09-06 16:35 - 2012-09-07 11:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\Screencast-O-Matic==================== 3 Months Modified Files ==================2012-09-28 08:04 - 2012-09-27 21:04 - 00065349 ____A C:\Windows\WindowsUpdate.log2012-09-28 08:04 - 2012-02-04 06:10 - 00327680 ____A C:\Windows\System32\Ikeext.etl2012-09-28 08:03 - 2009-07-13 21:13 - 00763582 ____A C:\Windows\System32\PerfStringBackup.INI2012-09-28 07:46 - 2011-10-13 03:10 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180605515-1002178279-3013597921-1000UA.job2012-09-28 07:38 - 2012-09-28 07:38 - 00001862 ____A C:\Users\Andrew\Desktop\RKreport[1].txt2012-09-28 06:02 - 2012-09-28 06:01 - 00000525 ____A C:\Users\Andrew\Desktop\New Text Document.txt2012-09-28 05:50 - 2012-09-28 05:50 - 00025588 ____A C:\Users\Andrew\Desktop\DDS.txt2012-09-28 05:50 - 2012-09-28 05:50 - 00012279 ____A C:\Users\Andrew\Desktop\Attach.txt2012-09-28 05:34 - 2012-09-28 05:34 - 00607260 ____R (Swearware) C:\Users\Andrew\Desktop\dds.com2012-09-28 05:21 - 2009-07-13 20:45 - 00023824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-09-28 05:21 - 2009-07-13 20:45 - 00023824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-09-28 05:13 - 2012-09-27 21:10 - 00000168 ____A C:\Windows\setupact.log2012-09-28 05:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-09-27 23:01 - 2012-09-27 23:01 - 00262096 ____A C:\Windows\msxml4-KB2721691-enu.LOG2012-09-27 21:40 - 2012-09-27 21:09 - 00001070 ____A C:\Windows\PFRO.log2012-09-27 21:32 - 2012-09-27 21:32 - 00025185 ____A C:\ComboFix.txt2012-09-27 21:31 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini2012-09-27 21:10 - 2012-09-27 21:10 - 00000000 ____A C:\Windows\setuperr.log2012-09-27 20:15 - 2012-09-27 19:11 - 00001150 ____A C:\FixitRegBackup.reg2012-09-27 19:57 - 2011-10-13 03:14 - 00001945 ____A C:\Windows\epplauncher.mif2012-09-27 19:38 - 2012-09-27 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC51095325FE00C82012-09-27 19:38 - 2012-09-27 19:38 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wjrxvvdu.sys2012-09-27 19:33 - 2012-09-27 19:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.154EA98C0008C6182012-09-27 19:31 - 2012-09-27 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FE04119758F870A2012-09-27 19:28 - 2012-09-27 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.72E05CAD8F1CCDE92012-09-27 19:23 - 2012-09-27 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7577C6C6E08B7B52012-09-27 18:46 - 2011-10-13 03:10 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180605515-1002178279-3013597921-1000Core.job2012-09-27 17:27 - 2012-09-27 17:35 - 01391616 ____A C:\Users\Andrew\Desktop\RogueKiller.exe2012-09-27 16:06 - 2012-09-27 16:06 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Andrew\Desktop\tdsskiller.exe2012-09-27 14:00 - 2012-09-27 14:00 - 00001508 ____A C:\Users\Andrew\Desktop\Virus and Spyware removers - Shortcut.lnk2012-09-27 11:28 - 2012-09-27 12:11 - 04757745 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe2012-09-24 06:33 - 2012-09-24 06:33 - 00001294 ____A C:\Users\Andrew\Desktop\Computer Management.lnk2012-09-24 06:33 - 2012-05-20 10:00 - 00007619 ____A C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg2012-09-24 05:53 - 2012-09-24 05:53 - 00001866 ____A C:\Users\Andrew\Desktop\WinToFlash - Shortcut.lnk2012-09-23 20:56 - 2012-09-23 20:56 - 00000612 ____A C:\Users\Andrew\Desktop\Downloads - Shortcut.lnk2012-09-23 20:55 - 2012-09-23 20:55 - 00000805 ____A C:\Users\Andrew\Desktop\My Documents - Shortcut.lnk2012-09-23 20:54 - 2012-09-23 20:54 - 00001062 ____A C:\Users\Andrew\Desktop\Software - Shortcut.lnk2012-09-23 20:54 - 2012-09-23 20:54 - 00001017 ____A C:\Users\Andrew\Desktop\Fun - Shortcut.lnk2012-09-23 20:26 - 2012-09-23 20:26 - 00971360 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys2012-09-23 20:25 - 2012-09-23 20:25 - 00275552 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys2012-09-23 20:25 - 2012-09-23 20:25 - 00210016 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys2012-09-23 20:25 - 2012-09-23 20:25 - 00141920 ____A (Acronis) C:\Windows\System32\Drivers\vsflt53.sys2012-09-23 19:18 - 2012-09-23 19:18 - 00002489 ____A C:\Users\Andrew\Desktop\Windows 7 USB DVD Download Tool.lnk2012-09-23 16:22 - 2012-01-11 13:50 - 00018714 ____A C:\Windows\System32\results.xml2012-09-23 15:12 - 2011-10-13 04:20 - 04088448 ____A C:\Windows\PE_Rom.dll2012-09-23 14:44 - 2011-10-13 06:31 - 00000000 ____A C:\Windows\Path.idx2012-09-23 10:58 - 2012-02-06 10:13 - 00012837 ____A C:\Windows\System32\lvcoinst.log2012-09-22 18:58 - 2011-10-28 21:01 - 00221696 ____A C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-09-17 11:53 - 2012-09-17 11:53 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2012-09-17 11:53 - 2011-10-13 03:10 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2012-09-17 11:53 - 2011-10-13 03:10 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2012-09-17 11:53 - 2011-10-13 03:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2012-09-17 11:53 - 2011-10-13 03:10 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe2012-09-16 06:18 - 2011-10-13 03:14 - 00780786 ____A C:\Windows\SysWOW64\PerfStringBackup.INI2012-09-15 14:25 - 2009-07-13 20:45 - 05036176 ____A C:\Windows\System32\FNTCACHE.DAT2012-09-07 13:04 - 2012-09-16 08:51 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-08-30 20:43 - 2011-10-13 02:37 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-08-30 20:12 - 2012-09-27 14:10 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe2012-08-25 05:15 - 2011-10-22 10:32 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm2012-08-25 05:15 - 2011-10-22 10:32 - 00001080 ____A C:\Windows\System32\settings.sfm2012-08-24 03:15 - 2012-09-27 23:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-08-24 02:39 - 2012-09-27 23:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-08-24 02:31 - 2012-09-27 23:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-08-24 02:22 - 2012-09-27 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-08-24 02:21 - 2012-09-27 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-08-24 02:20 - 2012-09-27 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-08-24 02:18 - 2012-09-27 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-08-24 02:17 - 2012-09-27 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-08-24 02:14 - 2012-09-27 23:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-08-24 02:14 - 2012-09-27 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-08-24 02:13 - 2012-09-27 23:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2012-08-24 02:12 - 2012-09-27 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-08-24 02:11 - 2012-09-27 23:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2012-08-24 02:10 - 2012-09-27 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-08-24 02:09 - 2012-09-27 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-08-24 02:04 - 2012-09-27 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-08-23 23:27 - 2012-09-27 23:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-08-23 23:03 - 2012-09-27 23:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-08-23 22:59 - 2012-09-27 23:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-08-23 22:51 - 2012-09-27 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-08-23 22:51 - 2012-09-27 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-08-23 22:51 - 2012-09-27 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-08-23 22:49 - 2012-09-27 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-08-23 22:48 - 2012-09-27 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-08-23 22:47 - 2012-09-27 23:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-08-23 22:47 - 2012-09-27 23:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2012-08-23 22:47 - 2012-09-27 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-08-23 22:45 - 2012-09-27 23:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2012-08-23 22:44 - 2012-09-27 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-08-23 22:44 - 2012-09-27 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-08-23 22:43 - 2012-09-27 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-08-23 22:40 - 2012-09-27 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-08-22 10:12 - 2012-09-15 14:16 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2012-08-22 10:12 - 2012-09-15 14:16 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys2012-08-22 10:12 - 2012-09-15 14:16 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2012-08-22 10:12 - 2012-09-15 14:16 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2012-08-02 09:58 - 2012-09-15 14:16 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2012-08-02 08:57 - 2012-09-15 14:16 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2012-07-27 21:44 - 2012-04-14 05:07 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-07-27 21:44 - 2011-10-13 01:04 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-07-20 04:34 - 2012-07-20 04:34 - 00001653 ____A C:\Users\Andrew\Desktop\Complete HITS - Shortcut.lnk2012-07-18 10:15 - 2012-09-15 14:16 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-07-15 08:37 - 2011-10-25 08:03 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.xtr2012-07-15 08:37 - 2011-10-14 12:15 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.exe2012-07-15 08:36 - 2011-10-14 12:15 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex02012-07-05 18:06 - 2012-07-18 18:45 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2012-07-04 14:16 - 2012-09-15 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll2012-07-04 14:13 - 2012-09-15 14:16 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll2012-07-04 14:13 - 2012-09-15 14:16 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll2012-07-04 13:16 - 2012-09-15 14:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll2012-07-04 13:14 - 2012-09-15 14:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll2012-07-04 12:26 - 2012-09-15 14:16 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sysZeroAccess:C:\Windows\assembly\GAC_32\Desktop.iniZeroAccess:C:\Windows\assembly\GAC_64\Desktop.ini==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.C:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2012-09-27 14:23:02Restore point made on: 2012-09-27 18:17:41Restore point made on: 2012-09-27 19:11:21Restore point made on: 2012-09-27 20:03:34Restore point made on: 2012-09-27 20:15:27Restore point made on: 2012-09-27 23:00:20==================== Memory info ===========================Percentage of memory in use: 10%Total physical RAM: 7897.13 MBAvailable physical RAM: 7105.81 MBTotal Pagefile: 7895.28 MBAvailable Pagefile: 7101.27 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB==================== Partitions =============================1 Drive c: () (Fixed) (Total:350 GB) (Free:210.95 GB) NTFS2 Drive d: () (Fixed) (Total:754.19 GB) (Free:512.54 GB) NTFS3 Drive e: () (Fixed) (Total:292.97 GB) (Free:273.25 GB) NTFS5 Drive h: (MACROVAULT) (Removable) (Total:1.97 GB) (Free:1.97 GB) FAT326 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 1397 GB 0 B Disk 1 Online 2025 MB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 350 GB 101 MB Partition 0 Extended 1047 GB 350 GB Partition 3 Logical 754 GB 350 GB Partition 4 Logical 292 GB 1104 GB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y System Rese NTFS Partition 100 MB Healthy =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C NTFS Partition 350 GB Healthy =========================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 D NTFS Partition 754 GB Healthy =========================================================Disk: 0Partition 4Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 E NTFS Partition 292 GB Healthy =========================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 2025 MB 16 KB==================================================================================Disk: 1Partition 1Type : 0BHidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 5 H MACROVAULT FAT32 Removable 2025 MB Healthy =========================================================Last Boot: 2012-09-26 03:23==================== End Of Log =============================Farbar Recovery Scan Tool (x64) Version: 25-09-2012Ran by SYSTEM at 2012-09-28 12:11:31Running from H:\================== Search: "services.exe" ===================C:\Windows\System32\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC====== End Of Search ====== Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602162 Share Posted September 28, 2012 We have to find a good copy of services.exe:Please download SystemLook from the link below and save it to your Desktop.http://jpshortstuff....temLook_x64.exeDouble-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::Filefindservices.exeClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txtMrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602165 Share Posted September 28, 2012 SystemLook 30.07.11 by jpshortstuffLog created at 12:27 on 28/09/2012 by AndrewAdministrator - Elevation successful========== Filefind ==========Searching for "services.exe"C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC-= EOF =- Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602168 Share Posted September 28, 2012 There's no good copies of services.exe on the computer.Do you have the W7 dvd so we can get a copy?C:\Windows\System32\services.exeMrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602177 Share Posted September 28, 2012 Yes, I have a Windows 7 DVD. So what now? Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602188 Share Posted September 28, 2012 Follow the instructions here: (it works I just tried it)http://blog.nirsoft.net/2009/09/17/how-to-extract-missing-system-files-from-the-dvd-of-windows-7vista/Let me know when you have the file, MrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602192 Share Posted September 28, 2012 I got the file now. Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602194 Share Posted September 28, 2012 OK....Drop it into C:\ so the path is:C:\services.exeThen.................OK, here you go......Please carefully carry out this procedure!!!!!!Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.MrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602198 Share Posted September 28, 2012 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012Ran by SYSTEM at 2012-09-28 13:34:05 Run:1Running from H:\==============================================C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.C:\Windows\System32\services.exe moved successfully.C:\services.exe copied successfully to C:\Windows\System32\services.exe==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602209 Share Posted September 28, 2012 Looks Good, run another RogueKiller scan and post the new log, MrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602212 Share Posted September 28, 2012 RogueKiller V8.0.5 [09/23/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Andrew [Admin rights]Mode : Scan -- Date : 09/28/2012 14:09:13¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Extern Hives: ¤¤¤-> E:\windows\system32\config\SOFTWARE-> E:\Users\Andrew\NTUSER.DAT-> E:\Users\Default\NTUSER.DAT-> E:\Users\Default User\NTUSER.DAT-> E:\Documents and Settings\Default\NTUSER.DAT-> E:\Documents and Settings\Default User\NTUSER.DAT¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD15EARS-00MVWB0 +++++--- User ---[MBR] 882ccc77feb85609fff458c7a28ca0d0[bSP] 2954fa5f9b14ed76c76cef960f9bef6f : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 358404 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 734218695 | Size: 1072291 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: MacroVault USB Device +++++--- User ---[MBR] 98b6c966790e0d2549bbf858d7b4e1ff[bSP] 8e6d8ec58fc905a8fb280207a1e16366 : Standard MBR CodePartition table:0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 2025 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[3].txt >>RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602227 Share Posted September 28, 2012 Looks Good.....Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602233 Share Posted September 28, 2012 Everything looks good. Thanks for your help. Windows Defender and Firewall now work. I haven't checked Microsoft Security Essentials yet. Forgot to mention I tried to re-install it when it wasn't working and I thought my computer was clean before the forum post. This caused my PC to shut down after a minute. I was able to use system restore and a One Care tool to remove what was left of MSE.Malwarebytes Anti-Malware 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.28.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Andrew :: ANDREW-PC [administrator]9/28/2012 2:37:03 PMmbam-log-2012-09-28 (14-37-03).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 203953Time elapsed: 1 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602245 Share Posted September 28, 2012 You may have to reinstall MSE if there's a problem.Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.MrC Link to post Share on other sites More sharing options...
Funnyguy Posted September 28, 2012 Author ID:602299 Share Posted September 28, 2012 Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 JavaFX 2.1.1 Java 6 Update 29 Java 7 Update 7 Adobe Flash Player 11.2.202.235 Flash Player out of Date! Mozilla Firefox (15.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted September 28, 2012 ID:602302 Share Posted September 28, 2012 Java™ 6 Update 29 <----please uninstall from add/remove programsJava 7 Update 7Adobe Flash Player 11.2.202.235 Flash Player out of date <---please updateYou have out dated programs on the system which are vulnerable to malware.Please update or delete themInfo on doing that can be found in my Preventive Maintenance~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 29, 2012 ID:602470 Share Posted September 29, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts