Sign In
Create Account
Find content
Display name history
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 17:44:28 Run:1
Running from E:\
==============================================
C:\Windows\Installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2} moved successfully.
==== End of Fixlog ====
- Malwarebytes Forum
- Viewing Profile: Cajun20th
Cajun20th
Community Stats
- Group Members
- Active Posts 18 (0.01 per day)
- Most Active In Resolved HijackThis Logs (16 posts)
- Profile Views 927
- Member Title New Member
- Age Age Unknown
- Birthday Birthday Unknown
-
Gender
Not Telling
Contact Information
User Tools
In Topic: Need help removing "Trojan Horse Patched_c.LXT"
26 July 2012 - 05:45 PM
In Topic: Need help removing "Trojan Horse Patched_c.LXT"
26 July 2012 - 05:15 PM
Here are the logs
************************************************************************************************
FRST.TXT
************************************************************************************************
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 17:03:41
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
==================== Services (Whitelisted) ======
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-07-02] (Lavasoft Limited)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe /s [123320 2011-06-06] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll" /prefetch:1 [132984 2011-06-06] (Symantec Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
========================== Drivers (Whitelisted) =============
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 HfsUsb; C:\Windows\System32\Drivers\HfsUsb.sys [14336 2010-04-19] (Honeywell Fire Systems)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-06-21] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-12-12] (Lavasoft AB)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 HardLock; [x]
2 WinRT; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-26 17:03 - 2012-07-26 17:03 - 00000000 ____D C:\FRST
2012-07-26 13:16 - 2012-07-26 13:16 - 00001336 ____A C:\Users\Adam\Desktop\RKreport[1].txt
2012-07-26 13:15 - 2012-07-26 13:16 - 00000000 ____D C:\Users\Adam\Desktop\RK_Quarantine
2012-07-26 13:15 - 2012-07-26 12:55 - 01552384 ____A C:\Users\Adam\Desktop\RogueKiller.exe
2012-07-26 13:14 - 2012-07-26 13:14 - 00000000 ____D C:\Windows\pss
2012-07-26 12:58 - 2012-07-26 13:44 - 00000000 ___SD C:\ComboFix
2012-07-26 12:58 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-26 12:58 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-26 12:58 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-26 12:50 - 2012-07-26 12:58 - 00000000 ___SD C:\32788R22FWJFW
2012-07-26 12:50 - 2012-07-26 12:56 - 00000000 ____D C:\Qoobox
2012-07-26 12:50 - 2012-07-26 12:52 - 00000000 ____D C:\Windows\erdnt
2012-07-26 12:50 - 2012-07-26 12:48 - 04719912 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2012-07-25 17:06 - 2012-07-25 17:06 - 00027520 ____A C:\Users\Adam\AppData\Local\dt.dat
2012-07-25 16:49 - 2012-07-25 17:01 - 00000000 ____D C:\Users\Adam\AppData\Roaming\AVG
2012-07-25 16:48 - 2012-07-25 16:48 - 00001142 ____A C:\Users\Adam\Desktop\AVG PC Tuneup 2011.lnk
2012-07-25 15:34 - 2012-07-25 15:34 - 00000000 ____D C:\Users\Adam\AppData\Roaming\AVG2012
2012-07-25 15:33 - 2012-07-25 15:33 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-25 15:33 - 2012-07-25 15:33 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-25 15:30 - 2012-07-26 11:54 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-25 15:30 - 2012-07-25 18:01 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-25 15:30 - 2012-07-25 15:30 - 00000000 ___HD C:\$AVG
2012-07-25 15:29 - 2012-07-25 16:48 - 00000000 ____D C:\Program Files (x86)\AVG
2012-07-25 15:22 - 2012-07-26 11:56 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-18 09:37 - 2012-07-18 09:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 06:48 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-14 06:45 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-14 06:45 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-14 06:45 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-14 06:45 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-14 06:45 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-14 06:45 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-14 06:45 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-14 06:45 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-14 06:45 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-14 06:45 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-14 06:45 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-14 06:45 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-14 06:45 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-14 06:45 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-14 06:45 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-14 06:45 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-14 06:45 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-14 06:45 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-14 06:45 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-14 06:45 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-14 06:45 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-14 06:45 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-14 06:45 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-14 06:45 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-14 06:45 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-14 06:45 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-14 06:45 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-14 06:45 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 12:59 - 2012-07-12 12:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-12 12:59 - 2012-07-12 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-07-12 12:43 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-12 12:43 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-12 12:43 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 12:43 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 12:43 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-12 12:43 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-12 12:43 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-12 12:43 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-12 12:43 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-12 12:43 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-12 12:43 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 12:43 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 12:43 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-12 12:43 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-12 12:43 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-12 12:43 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-12 12:43 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-12 12:43 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-12 12:43 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-06-27 19:16 - 2012-06-27 19:17 - 00000000 ____D C:\Users\Adam\AppData\Roaming\WinRAR
2012-06-27 19:16 - 2012-06-27 19:16 - 00001005 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-27 19:16 - 2012-06-27 19:16 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-06-27 10:01 - 2012-06-27 10:01 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-06-27 09:30 - 2012-06-27 09:30 - 00000118 ____A C:\Windows\System32\MRT.INI
============ 3 Months Modified Files ========================
2012-07-26 13:56 - 2011-06-27 13:22 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-26 13:56 - 2011-05-10 10:40 - 01093959 ____A C:\Windows\WindowsUpdate.log
2012-07-26 13:56 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:56 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:44 - 2011-06-27 13:22 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 13:44 - 2011-06-22 19:08 - 00036551 ____A C:\aaw7boot.log
2012-07-26 13:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 13:44 - 2009-07-13 20:51 - 00045032 ____A C:\Windows\setupact.log
2012-07-26 13:16 - 2012-07-26 13:16 - 00001336 ____A C:\Users\Adam\Desktop\RKreport[1].txt
2012-07-26 13:11 - 2011-05-17 18:31 - 00018974 ____A C:\Windows\PFRO.log
2012-07-26 12:55 - 2012-07-26 13:15 - 01552384 ____A C:\Users\Adam\Desktop\RogueKiller.exe
2012-07-26 12:48 - 2012-07-26 12:50 - 04719912 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2012-07-26 12:08 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-25 18:02 - 2011-06-24 17:11 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-07-25 18:02 - 2011-06-24 17:11 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-07-25 17:06 - 2012-07-25 17:06 - 00027520 ____A C:\Users\Adam\AppData\Local\dt.dat
2012-07-25 16:48 - 2012-07-25 16:48 - 00001142 ____A C:\Users\Adam\Desktop\AVG PC Tuneup 2011.lnk
2012-07-25 15:33 - 2012-07-25 15:33 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-25 15:14 - 2012-01-24 22:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 07:05 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-14 06:46 - 2010-01-15 08:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 10:46 - 2011-06-24 18:33 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 19:16 - 2012-06-27 19:16 - 00001005 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-27 09:30 - 2012-06-27 09:30 - 00000118 ____A C:\Windows\System32\MRT.INI
2012-06-11 19:08 - 2012-07-14 06:48 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-12 12:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 12:43 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-12 12:43 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-12 12:43 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-12 12:43 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-12 12:43 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-12 12:43 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-12 12:43 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-25 12:59 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-25 12:59 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-25 12:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-25 12:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-25 12:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-14 06:45 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-14 06:45 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-14 06:45 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-14 06:45 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-14 06:45 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-14 06:45 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-14 06:45 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-14 06:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-14 06:45 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-14 06:45 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-14 06:45 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-14 06:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-14 06:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-14 06:45 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-14 06:45 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-14 06:45 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-14 06:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-14 06:45 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-14 06:45 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-14 06:45 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-14 06:45 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-14 06:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-14 06:45 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-14 06:45 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-14 06:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-14 06:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-14 06:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-14 06:45 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-12 12:43 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-12 12:43 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-12 12:43 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-12 12:43 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-12 12:43 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-12 12:43 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-12 12:43 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-12 12:43 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-12 12:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 09:25 - 2010-01-15 08:40 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-04 03:06 - 2012-06-25 13:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-25 13:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-25 13:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-25 13:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 18:34 - 2012-04-28 18:34 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
ZeroAccess:
C:\Windows\Installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}
C:\Windows\Installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\L
C:\Windows\Installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 19%
Total physical RAM: 3894.68 MB
Available physical RAM: 3118.16 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3106.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.76 GB) (Free:419.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (4GB FLASH) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3824 MB 0 B
==================================================================================
Disk: 1
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
==================================================================================
==========================================================
Last Boot: 2012-05-05 10:01
======================= End Of Log ==========================
*************************************************************************************************************************************************************
Search,txt
*************************************************************************************************************************************************************
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 17:05:36
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
************************************************************************************************
FRST.TXT
************************************************************************************************
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 17:03:41
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
==================== Services (Whitelisted) ======
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-07-02] (Lavasoft Limited)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe /s [123320 2011-06-06] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll" /prefetch:1 [132984 2011-06-06] (Symantec Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
========================== Drivers (Whitelisted) =============
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 HfsUsb; C:\Windows\System32\Drivers\HfsUsb.sys [14336 2010-04-19] (Honeywell Fire Systems)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-06-21] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-12-12] (Lavasoft AB)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 HardLock; [x]
2 WinRT; [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-26 17:03 - 2012-07-26 17:03 - 00000000 ____D C:\FRST
2012-07-26 13:16 - 2012-07-26 13:16 - 00001336 ____A C:\Users\Adam\Desktop\RKreport[1].txt
2012-07-26 13:15 - 2012-07-26 13:16 - 00000000 ____D C:\Users\Adam\Desktop\RK_Quarantine
2012-07-26 13:15 - 2012-07-26 12:55 - 01552384 ____A C:\Users\Adam\Desktop\RogueKiller.exe
2012-07-26 13:14 - 2012-07-26 13:14 - 00000000 ____D C:\Windows\pss
2012-07-26 12:58 - 2012-07-26 13:44 - 00000000 ___SD C:\ComboFix
2012-07-26 12:58 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-26 12:58 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-26 12:58 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-26 12:58 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-26 12:50 - 2012-07-26 12:58 - 00000000 ___SD C:\32788R22FWJFW
2012-07-26 12:50 - 2012-07-26 12:56 - 00000000 ____D C:\Qoobox
2012-07-26 12:50 - 2012-07-26 12:52 - 00000000 ____D C:\Windows\erdnt
2012-07-26 12:50 - 2012-07-26 12:48 - 04719912 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2012-07-25 17:06 - 2012-07-25 17:06 - 00027520 ____A C:\Users\Adam\AppData\Local\dt.dat
2012-07-25 16:49 - 2012-07-25 17:01 - 00000000 ____D C:\Users\Adam\AppData\Roaming\AVG
2012-07-25 16:48 - 2012-07-25 16:48 - 00001142 ____A C:\Users\Adam\Desktop\AVG PC Tuneup 2011.lnk
2012-07-25 15:34 - 2012-07-25 15:34 - 00000000 ____D C:\Users\Adam\AppData\Roaming\AVG2012
2012-07-25 15:33 - 2012-07-25 15:33 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-25 15:33 - 2012-07-25 15:33 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-25 15:30 - 2012-07-26 11:54 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-25 15:30 - 2012-07-25 18:01 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-25 15:30 - 2012-07-25 15:30 - 00000000 ___HD C:\$AVG
2012-07-25 15:29 - 2012-07-25 16:48 - 00000000 ____D C:\Program Files (x86)\AVG
2012-07-25 15:22 - 2012-07-26 11:56 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-18 09:37 - 2012-07-18 09:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 06:48 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-14 06:45 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-14 06:45 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-14 06:45 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-14 06:45 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-14 06:45 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-14 06:45 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-14 06:45 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-14 06:45 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-14 06:45 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-14 06:45 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-14 06:45 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-14 06:45 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-14 06:45 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-14 06:45 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-14 06:45 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-14 06:45 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-14 06:45 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-14 06:45 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-14 06:45 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-14 06:45 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-14 06:45 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-14 06:45 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-14 06:45 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-14 06:45 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-14 06:45 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-14 06:45 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-14 06:45 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-14 06:45 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 12:59 - 2012-07-12 12:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-12 12:59 - 2012-07-12 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-07-12 12:43 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-12 12:43 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-12 12:43 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 12:43 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 12:43 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-12 12:43 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-12 12:43 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-12 12:43 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-12 12:43 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-12 12:43 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-12 12:43 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 12:43 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 12:43 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-12 12:43 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-12 12:43 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-12 12:43 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-12 12:43 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-12 12:43 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-12 12:43 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-06-27 19:16 - 2012-06-27 19:17 - 00000000 ____D C:\Users\Adam\AppData\Roaming\WinRAR
2012-06-27 19:16 - 2012-06-27 19:16 - 00001005 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-27 19:16 - 2012-06-27 19:16 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-06-27 10:01 - 2012-06-27 10:01 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-06-27 09:30 - 2012-06-27 09:30 - 00000118 ____A C:\Windows\System32\MRT.INI
============ 3 Months Modified Files ========================
2012-07-26 13:56 - 2011-06-27 13:22 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-26 13:56 - 2011-05-10 10:40 - 01093959 ____A C:\Windows\WindowsUpdate.log
2012-07-26 13:56 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:56 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:44 - 2011-06-27 13:22 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 13:44 - 2011-06-22 19:08 - 00036551 ____A C:\aaw7boot.log
2012-07-26 13:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 13:44 - 2009-07-13 20:51 - 00045032 ____A C:\Windows\setupact.log
2012-07-26 13:16 - 2012-07-26 13:16 - 00001336 ____A C:\Users\Adam\Desktop\RKreport[1].txt
2012-07-26 13:11 - 2011-05-17 18:31 - 00018974 ____A C:\Windows\PFRO.log
2012-07-26 12:55 - 2012-07-26 13:15 - 01552384 ____A C:\Users\Adam\Desktop\RogueKiller.exe
2012-07-26 12:48 - 2012-07-26 12:50 - 04719912 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2012-07-26 12:08 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-25 18:02 - 2011-06-24 17:11 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-07-25 18:02 - 2011-06-24 17:11 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-07-25 17:06 - 2012-07-25 17:06 - 00027520 ____A C:\Users\Adam\AppData\Local\dt.dat
2012-07-25 16:48 - 2012-07-25 16:48 - 00001142 ____A C:\Users\Adam\Desktop\AVG PC Tuneup 2011.lnk
2012-07-25 15:33 - 2012-07-25 15:33 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-25 15:14 - 2012-01-24 22:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 07:05 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-14 06:46 - 2010-01-15 08:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 10:46 - 2011-06-24 18:33 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 19:16 - 2012-06-27 19:16 - 00001005 ____A C:\Users\Public\Desktop\WinRAR.lnk
2012-06-27 09:30 - 2012-06-27 09:30 - 00000118 ____A C:\Windows\System32\MRT.INI
2012-06-11 19:08 - 2012-07-14 06:48 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-12 12:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 12:43 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-12 12:43 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-12 12:43 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-12 12:43 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-12 12:43 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-12 12:43 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-12 12:43 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-25 12:59 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-25 12:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-25 12:59 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-25 12:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-25 12:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-25 12:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-14 06:45 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-14 06:45 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-14 06:45 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-14 06:45 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-14 06:45 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-14 06:45 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-14 06:45 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-14 06:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-14 06:45 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-14 06:45 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-14 06:45 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-14 06:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-14 06:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-14 06:45 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-14 06:45 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-14 06:45 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-14 06:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-14 06:45 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-14 06:45 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-14 06:45 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-14 06:45 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-14 06:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-14 06:45 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-14 06:45 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-14 06:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-14 06:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-14 06:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-14 06:45 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-12 12:43 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-12 12:43 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-12 12:43 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-12 12:43 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-12 12:43 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-12 12:43 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-12 12:43 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-12 12:43 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-12 12:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 09:25 - 2010-01-15 08:40 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-04 03:06 - 2012-06-25 13:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-25 13:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-25 13:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-25 13:08 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 18:34 - 2012-04-28 18:34 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
ZeroAccess:
C:\Windows\Installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}
C:\Windows\Installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\L
C:\Windows\Installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 19%
Total physical RAM: 3894.68 MB
Available physical RAM: 3118.16 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3106.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.76 GB) (Free:419.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (4GB FLASH) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3824 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3824 MB 0 B
==================================================================================
Disk: 1
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
==================================================================================
==========================================================
Last Boot: 2012-05-05 10:01
======================= End Of Log ==========================
*************************************************************************************************************************************************************
Search,txt
*************************************************************************************************************************************************************
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 17:05:36
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
In Topic: Need help removing "Trojan Horse Patched_c.LXT"
26 July 2012 - 04:19 PM
Here are the results!!!!
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Adam [Admin rights]
Mode: Scan -- Date: 07/26/2012 16:16:32
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\L --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 53a10b3f995cd958c092ee844335177c
[BSP] e9b16b30ed8309d14d93b5f3d8fe3d40 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Adam [Admin rights]
Mode: Scan -- Date: 07/26/2012 16:16:32
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{bd201fcc-751e-9110-3e05-9a52c685c8e2}\L --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 53a10b3f995cd958c092ee844335177c
[BSP] e9b16b30ed8309d14d93b5f3d8fe3d40 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
- Malwarebytes Forum
- → Viewing Profile: Cajun20th
