Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Helping Removing An Infection [Closed]

Started by bigchris , Jul 25 2012 09:59 AM

  • This topic is locked This topic is locked

#31
dxfan1010101
Posted 30 July 2012 - 04:56 PM

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts

After I do this should i try tu run ComboFix again or just wait for further instructions ? I will do this when I get home tonight and as soon post the logs here


Please DO NOT run combofix. The tools i am using wont make any changes untill I create the script,
  • 0

Advertisements

#32
bigchris
Posted 30 July 2012 - 07:26 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I have a problem it didn't work :(. I followed everything you said & till I reached the part of the Command Prompt I typed f:\frst.exe and I got this message The system cannot execute the specified program. So then I typed f:\frst64.exe and I got this message is not recognized as an internal or external command, operable program or batch file. Now what ? :/

Edited by bigchris, 30 July 2012 - 07:33 PM.

  • 0

#33
dxfan1010101
Posted 30 July 2012 - 08:53 PM

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
There is another way to do it. DO you happen to have a 4gig or bigger flash drive.
  • 0

#34
dxfan1010101
Posted 30 July 2012 - 09:02 PM

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
If this doesnt work I will have to talk to my Advisor before I can post again, and we might need to use the flash drive

Try this link instead. FRST64 Then follow the directions using the f:\frst64.exe option.
  • 0

#35
bigchris
Posted 30 July 2012 - 09:03 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
The one I have is a 5gig flash drive and its empty just what you told me to download is there. And bigger flash drive I dont have I just have 8gbmircosd and my 80gb ipod
  • 0

#36
bigchris
Posted 30 July 2012 - 09:04 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay I download the FRST64 now its on my flashdrive will try again with this one right now and see how this goes
  • 0

#37
bigchris
Posted 30 July 2012 - 09:27 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
FRST.txt


Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 23:09:17
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [246784 2008-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [153624 2008-10-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [225816 2008-10-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [200216 2008-10-28] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2314120 2009-06-01] (Microsoft Corporation)
HKLM\...\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe" [2658128 2011-07-01] (CA, Inc.)
HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [206120 2009-04-22] (CyberLink Corp.)
HKLM-x32\...\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-03-11] (CyberLink Corp.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-26] (Hewlett-Packard)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-26] (Hewlett-Packard)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Owner\...\Run: [ViGlance] C:\Program Files (x86)\ViGlance\ViGlance.exe [446464 2011-10-21] (Lee-Soft.com, Lee Matthew Chantrey)
HKU\Owner\...\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background [306688 2012-03-25] (FileHippo.com)
HKU\Owner\...\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [1091872 2012-03-12] ()
HKU\Owner\...\Policies\system: [LogonHoursAction] 2
HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Rosario\...\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [x]
HKU\Rosario\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Rosario\...\Policies\system: [LogonHoursAction] 2
HKU\Rosario\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\PFW:
Winlogon\Notify\WB:
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\UmxSbxExA64.dll
Tcpip\..\Interfaces\{D95BBDBE-0930-4FDD-9DD2-1D31084F09AF}: [NameServer]208.67.222.222,208.67.220.220

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-11] (Akamai Technologies, Inc)
2 CAAMSvc; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [291656 2012-01-13] (CA)
3 CaCCProvSP; "C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe" [359248 2011-07-01] (CA, Inc.)
2 CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [312656 2011-05-30] (Computer Associates International, Inc.)
2 ccSchedulerSVC; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [286032 2011-07-01] (Computer Associates International, Inc.)
2 FreemakeUtilsService; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [80704 2011-07-20] (Freemake)
2 lxct_device; C:\Windows\system32\lxctcoms.exe -service [566192 2006-11-22] ( )
2 lxct_device; C:\Windows\SysWow64\lxctcoms.exe -service [537520 2006-11-22] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [1370400 2012-03-06] (NETGEAR)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2009-04-22] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116104 2009-04-22] ()
2 UmxEngine; "C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe" [920656 2011-04-04] (CA)
2 Viewpoint Manager Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 WinSvchostManagerSrv; C:\Windows\SysWOW64\cfgmig32.exe [263504 2011-07-01] ()
2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-17] (Sony Corporation)
3 KeyScrambler; C:\Windows\System32\Drivers\KeyScrambler.sys [222904 2011-12-14] (QFX Software Corporation)
1 KmxAgent; C:\Windows\System32\Drivers\KmxAgent.sys [113744 2011-03-23] (CA)
0 KmxAMRT; C:\Windows\System32\Drivers\KmxAMRT.sys [178768 2011-05-10] (CA)
2 KmxCF; C:\Windows\System32\Drivers\KmxCF.sys [202320 2012-01-13] (CA)
1 KmxCfg; C:\Windows\System32\Drivers\KmxCfg.sys [364624 2011-05-12] (CA)
1 KmxFile; C:\Windows\System32\Drivers\KmxFile.sys [87120 2011-03-23] (CA)
1 KmxFilter; C:\Windows\System32\Drivers\KmxFilter.sys [99024 2012-01-13] (CA)
0 KmxFw; C:\Windows\System32\Drivers\KmxFw.sys [143824 2012-01-13] (CA)
2 KmxSbx; C:\Windows\System32\Drivers\KmxSbx.sys [81488 2011-02-24] (CA)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2012-06-23] (CACE Technologies, Inc.)
3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [82048 2009-12-31] (VSO Software)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [11376 2003-09-08] ()
1 Beep; [x]
3 cpuz132; \??\C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
4 eabfiltr; [x]
1 fofegqot; \??\C:\Windows\system32\drivers\fofegqot.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
1 kuufyfud; \??\C:\Windows\system32\drivers\kuufyfud.sys [x]
1 mbngfrcg; \??\C:\Windows\system32\drivers\mbngfrcg.sys [x]
2 MCSTRM; [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
2 TMAgent; [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-30 23:09 - 2012-07-30 23:09 - 00000000 ___DC C:\FRST
2012-07-29 09:11 - 2012-07-29 09:11 - 04721417 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-07-29 08:29 - 2012-07-29 08:29 - 00000000 ____D C:\Users\Owner\Local Settings\Macromedia
2012-07-29 08:29 - 2012-07-29 08:29 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\Macromedia
2012-07-29 08:29 - 2012-07-29 08:29 - 00000000 ____D C:\Users\Owner\AppData\Local\Macromedia
2012-07-27 18:19 - 2012-07-27 18:19 - 04719842 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-07-27 18:16 - 2012-07-29 12:47 - 00000000 __SDC C:\32788R22FWJFW
2012-07-27 18:16 - 2012-07-24 09:22 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\TDSSKiller.exe
2012-07-27 18:16 - 2010-12-31 21:14 - 00002254 ___RA C:\Users\Owner\Desktop\eula.txt
2012-07-27 18:12 - 2012-07-27 18:12 - 00000000 ___DC C:\_OTL
2012-07-27 18:11 - 2012-07-27 18:11 - 02117108 ____A C:\Users\Owner\Desktop\tdsskiller.zip
2012-07-27 09:09 - 2012-07-27 09:09 - 00002512 ____A C:\Users\Owner\Desktop\RKreport[2].txt
2012-07-27 09:08 - 2012-07-27 09:09 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2012-07-27 09:08 - 2012-07-27 09:08 - 00002207 ____A C:\Users\Owner\Desktop\RKreport[1].txt
2012-07-27 07:53 - 2012-07-27 07:53 - 01552384 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2012-07-26 19:47 - 2012-07-26 19:47 - 00001942 ____A C:\Users\Owner\Desktop\aswMBR.txt
2012-07-26 19:47 - 2012-07-26 19:47 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
2012-07-26 18:23 - 2012-07-26 18:23 - 00082562 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-07-26 18:20 - 2012-07-27 08:57 - 00109910 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-07-26 17:39 - 2012-07-26 17:39 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-07-26 17:38 - 2012-07-26 17:40 - 00597504 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-07-25 09:09 - 2012-07-25 09:10 - 00000000 ___DC C:\Program Files\Microsoft Security Client
2012-07-25 09:09 - 2012-07-25 09:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-24 17:30 - 2012-07-24 17:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01007.Wdf
2012-07-24 17:26 - 2012-07-26 17:49 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2012-07-24 17:26 - 2011-11-24 20:25 - 00015360 ____A (June Fabrics Technology Inc.) C:\Windows\System32\Drivers\pneteth.sys
2012-07-24 17:26 - 2009-11-13 19:05 - 00036256 ____A (Google Inc) C:\Windows\System32\Drivers\androidusb.sys
2012-07-20 19:15 - 2012-07-24 07:15 - 00000000 ____D C:\Users\Owner\Desktop\My Favs
2012-07-20 19:14 - 2012-07-24 07:55 - 00000000 ____D C:\Users\Owner\Desktop\GIF
2012-07-11 09:18 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 09:18 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 09:18 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 09:18 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 09:18 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 09:18 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 09:18 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 09:18 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 09:18 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 09:18 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 09:18 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 09:18 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 09:18 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 09:18 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 09:18 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 09:18 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 09:18 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 09:18 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 09:18 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 09:18 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 09:18 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 09:18 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 09:18 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 09:18 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 09:18 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 09:18 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 09:18 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 09:18 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 09:18 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 08:05 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 08:05 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 08:05 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 08:05 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 08:05 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 08:05 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 08:05 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 08:05 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 08:05 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 08:05 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 08:05 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 08:05 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 07:53 - 2012-07-11 07:53 - 00000000 ____D C:\Users\All Users\InstallMate
2012-07-11 07:53 - 2012-07-11 07:53 - 00000000 ____D C:\Users\All Users\Application Data\InstallMate

============ 3 Months Modified Files ========================

2012-07-30 19:05 - 2012-06-14 17:21 - 02995531 ____A C:\Windows\System32\Drivers\kmxcfg.u2k0
2012-07-30 19:05 - 2012-06-14 17:21 - 00240420 ____A C:\Windows\System32\Drivers\KmxAgent.asc
2012-07-30 19:05 - 2012-06-14 17:21 - 00000605 ____A C:\Windows\System32\Drivers\kmxzone.u2k0
2012-07-30 19:05 - 2012-06-14 17:21 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k7
2012-07-30 19:05 - 2012-06-14 17:21 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k6
2012-07-30 19:05 - 2012-06-14 17:21 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k5
2012-07-30 19:05 - 2012-06-14 17:21 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k4
2012-07-30 19:05 - 2012-06-14 17:21 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k3
2012-07-30 19:05 - 2012-06-14 17:21 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k2
2012-07-30 19:05 - 2012-06-14 17:21 - 00000085 ____A C:\Windows\System32\Drivers\kmxcfg.u2k1
2012-07-30 19:05 - 2012-06-14 17:21 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k7
2012-07-30 19:05 - 2012-06-14 17:21 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k6
2012-07-30 19:05 - 2012-06-14 17:21 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k5
2012-07-30 19:05 - 2012-06-14 17:21 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k4
2012-07-30 19:05 - 2012-06-14 17:21 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k3
2012-07-30 19:05 - 2012-06-14 17:21 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k2
2012-07-30 19:05 - 2012-06-14 17:21 - 00000049 ____A C:\Windows\System32\Drivers\kmxzone.u2k1
2012-07-30 19:05 - 2009-05-25 15:09 - 01882040 ____A C:\Windows\WindowsUpdate.log
2012-07-30 19:05 - 2009-02-22 20:22 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-07-30 19:05 - 2006-11-02 07:42 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-30 19:05 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 19:05 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 19:05 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 18:06 - 2012-04-04 14:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-30 17:11 - 2012-06-16 05:32 - 00000432 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-07-30 09:27 - 2006-11-02 04:46 - 00711040 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 14:00 - 2011-02-16 19:09 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2012-07-29 09:11 - 2012-07-29 09:11 - 04721417 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-07-27 18:19 - 2012-07-27 18:19 - 04719842 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-07-27 18:11 - 2012-07-27 18:11 - 02117108 ____A C:\Users\Owner\Desktop\tdsskiller.zip
2012-07-27 09:09 - 2012-07-27 09:09 - 00002512 ____A C:\Users\Owner\Desktop\RKreport[2].txt
2012-07-27 09:08 - 2012-07-27 09:08 - 00002207 ____A C:\Users\Owner\Desktop\RKreport[1].txt
2012-07-27 08:57 - 2012-07-26 18:20 - 00109910 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-07-27 07:53 - 2012-07-27 07:53 - 01552384 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2012-07-26 19:47 - 2012-07-26 19:47 - 00001942 ____A C:\Users\Owner\Desktop\aswMBR.txt
2012-07-26 19:47 - 2012-07-26 19:47 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
2012-07-26 18:23 - 2012-07-26 18:23 - 00082562 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-07-26 17:40 - 2012-07-26 17:38 - 00597504 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-07-26 17:39 - 2012-07-26 17:39 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-07-25 09:11 - 2011-01-25 17:21 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-25 09:10 - 2011-01-25 17:21 - 00726380 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-25 07:32 - 2008-01-20 19:26 - 00344820 ____A C:\Windows\PFRO.log
2012-07-24 17:30 - 2012-07-24 17:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01007.Wdf
2012-07-24 17:30 - 2012-03-26 06:21 - 00005107 ____A C:\Windows\setupact.log
2012-07-24 17:20 - 2009-06-27 19:22 - 00000334 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2012-07-24 09:22 - 2012-07-27 18:16 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\TDSSKiller.exe
2012-07-20 18:25 - 2012-04-04 14:40 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-20 18:25 - 2012-01-17 11:42 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-20 18:17 - 2009-06-28 09:57 - 00000680 ____A C:\Users\Owner\Local Settings\d3d9caps.dat
2012-07-20 18:17 - 2009-06-28 09:57 - 00000680 ____A C:\Users\Owner\Local Settings\Application Data\d3d9caps.dat
2012-07-20 18:17 - 2009-06-28 09:57 - 00000680 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2012-07-18 16:24 - 2009-07-20 07:43 - 00000000 ____A C:\Users\Owner\Local Settings\FnF4.txt
2012-07-18 16:24 - 2009-07-20 07:43 - 00000000 ____A C:\Users\Owner\Local Settings\Application Data\FnF4.txt
2012-07-18 16:24 - 2009-07-20 07:43 - 00000000 ____A C:\Users\Owner\AppData\Local\FnF4.txt
2012-07-11 14:36 - 2006-11-02 07:21 - 05086696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 09:27 - 2006-11-02 04:34 - 00000219 ____A C:\Windows\win.ini
2012-07-11 09:22 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-23 18:32 - 2012-06-23 18:32 - 00369168 ____A (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll
2012-06-23 18:32 - 2012-06-23 18:32 - 00281104 ____A (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2012-06-23 18:32 - 2012-06-23 18:32 - 00106000 ____A (CACE Technologies, Inc.) C:\Windows\System32\packet.dll
2012-06-23 18:32 - 2012-06-23 18:32 - 00096784 ____A (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2012-06-23 18:32 - 2012-06-23 18:32 - 00035344 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2012-06-23 08:18 - 2009-07-12 17:26 - 00161424 ____A C:\Users\Rosario\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-23 08:18 - 2009-07-12 17:26 - 00161424 ____A C:\Users\Rosario\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-23 08:18 - 2009-07-12 17:26 - 00161424 ____A C:\Users\Rosario\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 08:29 - 2009-06-28 12:45 - 00031744 ____A C:\Users\Owner\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-18 08:29 - 2009-06-28 12:45 - 00031744 ____A C:\Users\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-18 08:29 - 2009-06-28 12:45 - 00031744 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-17 11:17 - 2012-06-17 11:17 - 01656459 ____A C:\Users\Owner\Downloads\winrar-x64-420.exe
2012-06-17 11:07 - 2012-06-17 11:06 - 11741664 ____A (Symantec Corporation) C:\Users\Owner\Downloads\nortonsafeweblite.exe
2012-06-17 10:06 - 2012-06-17 10:07 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-17 10:06 - 2012-06-17 10:07 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-17 10:06 - 2012-06-17 10:07 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-17 10:06 - 2012-06-17 10:07 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-17 10:06 - 2012-01-17 12:09 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-17 10:03 - 2011-11-14 14:49 - 00000860 ____A C:\Users\Rosario\Desktop\Mozilla Firefox.lnk
2012-06-17 09:26 - 2009-06-27 19:22 - 00161424 ____A C:\Users\Owner\Local Settings\GDIPFONTCACHEV1.DAT
2012-06-17 09:26 - 2009-06-27 19:22 - 00161424 ____A C:\Users\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-06-17 09:26 - 2009-06-27 19:22 - 00161424 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-15 13:00 - 2006-11-02 04:34 - 00000215 ___AC C:\Windows\system.ini
2012-06-15 06:42 - 2011-12-16 07:17 - 00004242 ____A C:\Windows\System32\HealthCheckAC.xml
2012-06-15 06:42 - 2009-07-10 06:48 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-15 06:39 - 2011-12-16 07:15 - 00000166 ____A C:\Windows\System32\HealthCheckBC.xml
2012-06-15 04:54 - 2012-06-15 04:54 - 00000282 __ASH C:\Windows\7454255drv.spi
2012-06-13 05:58 - 2012-07-11 09:18 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 15:10 - 2009-08-26 16:16 - 00001460 ____A C:\Users\Owner\Local Settings\d3d9caps64.dat
2012-06-10 15:10 - 2009-08-26 16:16 - 00001460 ____A C:\Users\Owner\Local Settings\Application Data\d3d9caps64.dat
2012-06-10 15:10 - 2009-08-26 16:16 - 00001460 ____A C:\Users\Owner\AppData\Local\d3d9caps64.dat
2012-06-08 09:59 - 2012-07-11 08:05 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-11 08:05 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 08:47 - 2012-07-11 08:05 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-11 08:05 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-11 08:05 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-11 08:05 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-07-11 08:05 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-25 05:08 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-25 05:08 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-25 05:08 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-25 05:08 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-25 05:08 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-25 05:08 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-25 05:08 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-25 05:08 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-25 05:08 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-25 05:08 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 11:19 - 2012-06-25 05:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:19 - 2012-06-25 05:07 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 11:15 - 2012-06-25 05:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 11:12 - 2012-06-25 05:07 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-11 09:18 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 09:18 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 09:18 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 09:18 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 09:18 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 09:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 09:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 09:18 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 09:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 09:18 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 09:18 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 09:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 09:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 09:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 09:18 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 09:18 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 09:18 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 09:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 09:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 09:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 09:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 09:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 09:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 09:18 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 09:18 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 09:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 09:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 09:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-11 08:05 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-11 08:05 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-11 08:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-11 08:05 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-11 08:05 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-31 08:25 - 2009-10-02 16:05 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-09 14:49 - 2009-02-22 21:56 - 00227152 ____A C:\Windows\DirectX.log
2012-05-02 18:55 - 2012-05-02 18:55 - 00028056 ____A C:\Windows\System32\xfcodec64.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3998.02 MB
Available physical RAM: 3296.57 MB
Total Pagefile: 3675.5 MB
Available Pagefile: 3274.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.39 GB) (Free:157.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:13.7 GB) (Free:1.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.65 GB) (Free:3.65 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 284 GB 1024 KB
Partition 2 Primary 14 GB 284 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 284 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3741 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 17:17

======================= End Of Log ==========================
  • 0

#38
bigchris
Posted 30 July 2012 - 09:27 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
SEARCH.txt

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 23:11:51
Running from F:\

================== Search: "Services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-03 18:19] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-03 18:19] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2009-12-03 18:19] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2009-12-03 18:19] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\ERDNT\cache64\services.exe
[2012-06-13 15:05] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======
  • 0

#39
bigchris
Posted 30 July 2012 - 09:28 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
It worked Im guessing because since my laptop is Vista 64. I posted the logs. Hope that hopes and will wait for further instructions. Thanks :)
  • 0

#40
bigchris
Posted 31 July 2012 - 07:15 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay remember you told me if anything weird thing popped up well just today my CA Security Center tells me that Win32/ZAccess/EE Malware & Win32/Alureon.ZABQ!suspicious. Then it keeps asking me if I want to Install a flash player asking me permission to accept. Please help me :(, I think the same thing is happening what happened to me before my 1st post that now when I google something it redirects me to something other random website. Hope to hear from you soon

Edited by bigchris, 31 July 2012 - 07:23 PM.

  • 0

Advertisements

#41
dxfan1010101
Posted 31 July 2012 - 08:51 PM

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts

Okay remember you told me if anything weird thing popped up well just today my CA Security Center tells me that Win32/ZAccess/EE Malware & Win32/Alureon.ZABQ!suspicious. Then it keeps asking me if I want to Install a flash player asking me permission to accept. Please help me :(, I think the same thing is happening what happened to me before my 1st post that now when I google something it redirects me to something other random website. Hope to hear from you soon


Dont install anything. I have prepared a fix, it was just to late to be approved today. You ca Security center is right about the infection you have, it just doesent know how to clean it, Im sorry im so late, I had a very busy day,
  • 0

#42
dxfan1010101
Posted 01 August 2012 - 12:50 PM

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Step 1


  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the flashdrive as fixlist.txt

1 fofegqot; \??\C:\Windows\system32\drivers\fofegqot.sys [x]
1 kuufyfud; \??\C:\Windows\system32\drivers\kuufyfud.sys [x]
1 mbngfrcg; \??\C:\Windows\system32\drivers\mbngfrcg.sys [x]
C:\Windows\system32\drivers\mbngfrcg.sys
C:\Windows\system32\drivers\kuufyfud.sys
C:\Windows\system32\drivers\fofegqot.sys

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options and select Command prompt
Posted Image

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.


Step 2

For x64 bit systems please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

If the malware wont let it run Please try safe mode
  • 0

#43
Essexboy
Posted 07 August 2012 - 12:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP