Trojan

Solved
By JuiceBox
Sep 11, 2012
  1. Hi again. I was just watching videos on youtube when IE closed down and the desktop turned black. I ran Security Essentials and came up with something called Pum. Hijack.Start Menu. I removed a couple with Se and Malwarebytes, but it still keeps coming back. I'm not exactly sure hwat to do about it, so I came here. I'm running Windows 7 hime Premium on a stock Dell XPS 8300. Thanks in advance.
  2. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    You've been to this forum before so you should know what to do in order to receive some help.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    First, here's the Malwarebytes full scan log:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.09.06.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Landie :: NEWDELL [administrator]
    12/09/2012 4:13:38 PM
    mbam-log-2012-09-12 (16-13-38).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 488642
    Time elapsed: 1 hour(s), 9 minute(s), 27 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  4. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    There was no gmer log, so here's the DDS log. I'm not sure if I should attach the Attach.log file to the post, so to be safe, I'll just post it after this.
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Landie at 17:42:31 on 2012-09-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8175.5745 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\lxeccoms.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Landie\Desktop\cbr8bk3o.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [ApNnQdomYXNfVQU.exe] C:\ProgramData\ApNnQdomYXNfVQU.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
    TCP: Interfaces\{C99A5B1C-6C63-4A11-BC71-F9C6A44E582F} : DhcpNameServer = 192.168.1.254 199.185.220.254
    TCP: Interfaces\{F2F59A64-FE96-4EDB-9B9D-1B370D1CFCD6}\C416E6469656 : DhcpNameServer = 192.168.1.254 199.185.220.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [ApNnQdomYXNfVQU.exe] C:\ProgramData\ApNnQdomYXNfVQU.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-2 8704]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-28 13336]
    R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
    R2 NeatWorksDatabaseController;NeatWorks Database Controller;C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe [2008-12-23 351352]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxecserv.exe [2011-10-7 45736]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
    S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
    S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys --> C:\Windows\system32\DRIVERS\athrxu6.sys [?]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    S3 MSSQL$NR2007;SQL Server (NR2007);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2074-05-19 01:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
    2012-09-12 23:08:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8AEAD2-5426-4D8F-8819-524350C42086}\offreg.dll
    2012-09-10 15:13:07 373248 ----a-w- C:\ProgramData\ApNnQdomYXNfVQU.exe
    2012-09-09 20:29:55 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8AEAD2-5426-4D8F-8819-524350C42086}\mpengine.dll
    2012-09-08 19:34:17 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-15 22:28:08 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 22:28:08 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 22:28:04 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 22:28:04 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 22:28:04 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 22:28:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 22:28:02 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 22:28:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 22:28:02 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 22:28:00 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 22:27:58 956928 ----a-w- C:\Windows\System32\localspl.dll
    .
    ==================== Find3M ====================
    .
    2012-08-03 03:15:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-08-03 03:14:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-08-03 03:14:58 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-08-03 03:14:58 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-07-10 18:19:26 88 --sh--r- C:\ProgramData\202BF8F35A.sys
    2012-07-10 18:19:26 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 17:50:43.10 ===============
  5. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Here's the Attach.log file:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Landie at 17:42:31 on 2012-09-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8175.5745 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\lxeccoms.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Landie\Desktop\cbr8bk3o.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [ApNnQdomYXNfVQU.exe] C:\ProgramData\ApNnQdomYXNfVQU.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
    TCP: Interfaces\{C99A5B1C-6C63-4A11-BC71-F9C6A44E582F} : DhcpNameServer = 192.168.1.254 199.185.220.254
    TCP: Interfaces\{F2F59A64-FE96-4EDB-9B9D-1B370D1CFCD6}\C416E6469656 : DhcpNameServer = 192.168.1.254 199.185.220.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [ApNnQdomYXNfVQU.exe] C:\ProgramData\ApNnQdomYXNfVQU.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-2 8704]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-28 13336]
    R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
    R2 NeatWorksDatabaseController;NeatWorks Database Controller;C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe [2008-12-23 351352]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxecserv.exe [2011-10-7 45736]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
    S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
    S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys --> C:\Windows\system32\DRIVERS\athrxu6.sys [?]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    S3 MSSQL$NR2007;SQL Server (NR2007);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2074-05-19 01:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
    2012-09-12 23:08:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8AEAD2-5426-4D8F-8819-524350C42086}\offreg.dll
    2012-09-10 15:13:07 373248 ----a-w- C:\ProgramData\ApNnQdomYXNfVQU.exe
    2012-09-09 20:29:55 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8AEAD2-5426-4D8F-8819-524350C42086}\mpengine.dll
    2012-09-08 19:34:17 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-15 22:28:08 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 22:28:08 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 22:28:04 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 22:28:04 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 22:28:04 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 22:28:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 22:28:02 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 22:28:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 22:28:02 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 22:28:00 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 22:27:58 956928 ----a-w- C:\Windows\System32\localspl.dll
    .
    ==================== Find3M ====================
    .
    2012-08-03 03:15:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-08-03 03:14:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-08-03 03:14:58 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-08-03 03:14:58 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-07-10 18:19:26 88 --sh--r- C:\ProgramData\202BF8F35A.sys
    2012-07-10 18:19:26 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 17:50:43.10 ===============
  6. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Uh, windows really didn't want me to download rougekiller, even when I renamed it. So I'll just post the other two logs a little later when they've finished abstain from downloading it and post the other two logs when they've finished up...
  8. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Um... neither TDSS wants to run, nor MBR, and when I try and boot up safe mode, it never actually boots up. Well, either that, or it's taking a long time to boot up. I don't really know. But either way, I've tried running both TDSS and MBR as an administrator, and they won't work. Renaming them doesn't help either. I'm not really sure what to do at this point. And from what I can see on the task manager processes bar, it looks like they start up for a second, but then get shut down just as quickly.
  9. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  10. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    As I soon as I select "Repair your Computer," it just goes "Windows is Loading FIles," and just stays there. It's been like that for 10 minutes at the time of writing. Last time I did this, it didn't even take a minute. Is it the virus, or is the computer having trouble accessing the hard drive to get the files? Either way, I don't think it's all that good...
  11. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Do you have Windows 7 DVD?
  12. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Uh... not on hand. The recovery disc has been lost quite sometime ago, and no one's found it. And being the dunces we are, forgot to make a back up. Things aren't looking good right now, are they?
  13. Broni

    Broni Malware Annihilator Posts: 45,265   +243

     
  14. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    So, is there a specific way I need to burn the ISO to a disc? Or can I just burn it willy nilly? Because I just burned one of the ISO's to a DVD-R and put it into the computer after setting the BIOs to boot from the Disc, and it just said "Reboot and Select Boot Device, or Insert Boot Media and press a Key"
    Or did I grab the wrong ISO or something?
  15. Broni

    Broni Malware Annihilator Posts: 45,265   +243

  16. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Well, got the Disc bootable, botted off the disc, and here are the scans. First, here's FRST:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01
    Ran by SYSTEM at 13-09-2012 20:14:32
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-03] (Sonic Solutions)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s [316072 2009-10-01] ()
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [ApNnQdomYXNfVQU.exe] C:\ProgramData\ApNnQdomYXNfVQU.exe [373248 2012-09-10] (AAW)
    HKU\Landie\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
    HKU\Landie\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [110352 2011-01-01] (www.motioninjoy.com)
    Tcpip\..\Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
    ==================== Services ====================
    2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
    2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [1052328 2010-04-14] ( )
    2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe -service [598696 2010-04-14] ( )
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 MSSQL$NR2007; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sNR2007 [29293408 2010-12-10] (Microsoft Corporation)
    2 NeatWorksDatabaseController; "C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe" [351352 2008-12-23] (The Neat Company)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    ==================== Drivers =================================
    3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1021440 2007-03-27] (Atheros Communications, Inc.)
    3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1041920 2007-07-05] (Atheros Communications, Inc.)
    3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    ==================== NetSvcs (Whitelisted) =================

    ==================== One Month Created Files and Folders ======================
    2012-09-13 15:50 - 2012-08-24 12:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Landie\Desktop\billy.exe
    2012-09-13 15:23 - 2012-09-13 15:23 - 00003352 ____H C:\bootsqm.dat
    2012-09-13 15:22 - 2012-09-13 15:22 - 00000000 __SHD C:\found.001
    2012-09-13 15:12 - 2012-09-13 15:12 - 00000657 ___AH C:\Users\Landie\Desktop\File_Recovery.lnk
    2012-09-13 15:09 - 2012-09-13 15:39 - 00000000 ___HD C:\Users\Landie\Desktop\tdsskiller
    2012-09-13 15:09 - 2012-09-13 15:00 - 04731392 ____A (AVAST Software) C:\Users\Landie\Desktop\aswMBR.exe
    2012-09-13 15:09 - 2012-09-13 14:58 - 02193184 ___AH C:\Users\Landie\Desktop\tdsskiller.zip
    2012-09-12 15:03 - 2012-09-12 14:59 - 00607260 ___RH (Swearware) C:\Users\Landie\Desktop\dds.com
    2012-09-12 15:03 - 2012-09-12 14:57 - 00302592 ___AH C:\Users\Landie\Desktop\cbr8bk3o.exe
    2012-09-10 07:13 - 2012-09-10 07:10 - 00373248 ___AH (AAW) C:\Users\All Users\ApNnQdomYXNfVQU.exe
    2012-08-30 07:56 - 2012-08-30 07:57 - 00372440 ___AH C:\Windows\Minidump\083012-23150-01.dmp
    2012-08-27 11:36 - 2012-08-31 20:32 - 00000000 ___HD C:\Users\Landie\Desktop\Crazy Bass Stuff
    2012-08-23 21:02 - 2012-08-24 17:20 - 00011330 ___AH C:\Users\Landie\Desktop\Usher schedule Sep to Dec 2012.xlsx
    2012-08-23 07:23 - 2012-08-23 07:23 - 00076819 ___AH C:\Users\Landie\Documents\Untitled.wma
    2012-08-15 21:04 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-15 21:04 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-15 21:04 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-15 21:04 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-15 21:04 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-15 21:04 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-15 21:04 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-15 21:04 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-15 21:04 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-15 21:04 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-15 21:04 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-15 21:04 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-15 21:04 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-15 21:04 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-15 21:04 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-15 21:04 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-15 21:04 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-15 21:04 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-15 21:04 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-15 21:04 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-15 21:04 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-15 21:04 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-15 21:04 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-15 21:04 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-15 21:04 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-15 21:04 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-15 21:04 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-15 21:04 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-15 14:28 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-15 14:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-15 14:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-15 14:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-15 14:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-15 14:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-15 14:28 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-15 14:28 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-15 14:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-15 14:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-15 14:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-15 14:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-15 14:27 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    ==================== 3 Months Modified Files ================================
    2012-09-13 18:28 - 2012-06-28 11:13 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-09-13 18:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-13 18:26 - 2009-07-13 20:51 - 00110364 ___AH C:\Windows\setupact.log
    2012-09-13 16:34 - 2009-07-13 21:10 - 01994388 ___AH C:\Windows\WindowsUpdate.log
    2012-09-13 16:05 - 2011-06-22 14:29 - 00000912 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
    2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-13 15:27 - 2011-10-07 14:39 - 00093899 ___AH C:\Users\All Users\lxecscan.log
    2012-09-13 15:23 - 2012-09-13 15:23 - 00003352 ____H C:\bootsqm.dat
    2012-09-13 15:12 - 2012-09-13 15:12 - 00000657 ___AH C:\Users\Landie\Desktop\File_Recovery.lnk
    2012-09-13 15:00 - 2012-09-13 15:09 - 04731392 ____A (AVAST Software) C:\Users\Landie\Desktop\aswMBR.exe
    2012-09-13 14:58 - 2012-09-13 15:09 - 02193184 ___AH C:\Users\Landie\Desktop\tdsskiller.zip
    2012-09-12 20:05 - 2011-06-22 14:29 - 00000860 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
    2012-09-12 14:59 - 2012-09-12 15:03 - 00607260 ___RH (Swearware) C:\Users\Landie\Desktop\dds.com
    2012-09-12 14:57 - 2012-09-12 15:03 - 00302592 ___AH C:\Users\Landie\Desktop\cbr8bk3o.exe
    2012-09-10 15:14 - 2011-01-28 15:21 - 00124062 ___AH C:\Windows\PFRO.log
    2012-09-10 07:10 - 2012-09-10 07:13 - 00373248 ___AH (AAW) C:\Users\All Users\ApNnQdomYXNfVQU.exe
    2012-08-30 07:57 - 2012-08-30 07:56 - 00372440 ___AH C:\Windows\Minidump\083012-23150-01.dmp
    2012-08-30 07:56 - 2011-02-28 16:30 - 527974013 ___AH C:\Windows\MEMORY.DMP
    2012-08-29 10:26 - 2009-07-13 21:13 - 00799508 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-24 17:20 - 2012-08-23 21:02 - 00011330 ___AH C:\Users\Landie\Desktop\Usher schedule Sep to Dec 2012.xlsx
    2012-08-24 12:28 - 2012-09-13 15:50 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Landie\Desktop\billy.exe
    2012-08-23 07:23 - 2012-08-23 07:23 - 00076819 ___AH C:\Users\Landie\Documents\Untitled.wma
    2012-08-16 07:45 - 2009-07-13 20:45 - 00462264 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-15 21:02 - 2011-03-29 10:06 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-02 19:15 - 2011-07-21 13:15 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-08-02 19:14 - 2011-07-21 13:15 - 00444952 ___AH (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-08-02 19:14 - 2011-07-21 13:15 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-08-02 19:14 - 2011-07-21 13:15 - 00109080 ___AH (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-31 12:03 - 2012-07-31 12:03 - 00001148 ___AH C:\Windows\SysWOW64\game.ini
    2012-07-31 12:03 - 2012-07-31 11:54 - 00000056 ___AH C:\Windows\kgt2k.INI
    2012-07-31 08:46 - 2009-07-13 21:08 - 00032654 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-18 10:15 - 2012-08-15 14:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 09:28 - 2011-01-28 13:36 - 00289325 ___AH C:\Windows\DirectX.log
    2012-07-10 10:19 - 2012-06-29 12:54 - 00000088 __RSH C:\Users\All Users\202BF8F35A.sys
    2012-07-10 10:19 - 2011-07-03 19:29 - 00000848 __ASH C:\Users\All Users\KGyGaAvL.sys
    2012-07-08 15:46 - 2012-07-08 15:46 - 00371728 ___AH C:\Windows\Minidump\070812-28485-01.dmp
    2012-07-08 15:42 - 2012-07-08 15:42 - 00372480 ___AH C:\Windows\Minidump\070812-31855-01.dmp
    2012-07-05 07:43 - 2012-07-05 07:42 - 00371976 ___AH C:\Windows\Minidump\070512-21980-01.dmp
    2012-07-04 14:16 - 2012-08-15 14:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 14:28 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 14:28 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 14:28 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 14:28 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-29 10:53 - 2012-06-29 10:53 - 00047353 ___AH C:\JavaRa.log
    2012-06-29 10:50 - 2011-10-20 14:53 - 00174064 ___AH (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-29 10:50 - 2011-10-20 14:53 - 00174064 ___AH (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-29 10:48 - 2011-02-25 09:55 - 00001945 ___AH C:\Windows\epplauncher.mif
    2012-06-29 10:48 - 2011-02-07 19:32 - 00804910 ___AH C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-28 20:55 - 2012-08-15 21:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-15 21:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-15 21:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-15 21:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-15 21:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-15 21:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-15 21:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-15 21:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-15 21:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-15 21:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-15 21:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-15 21:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-15 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-15 21:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-15 21:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-15 21:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-15 21:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-15 21:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-15 21:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-15 21:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-15 21:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-15 21:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-15 21:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-15 21:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-15 21:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-15 21:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-15 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-15 21:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-28 11:11 - 2009-07-13 18:34 - 00000215 ___AH C:\Windows\system.ini
    2012-06-22 13:26 - 2012-06-22 13:26 - 00000220 ___AH C:\Windows\Tasks\SidebarExecute.job
    2012-06-21 20:00 - 2012-06-21 19:59 - 00275096 ___AH C:\Windows\Minidump\062112-25708-01.dmp
    2012-06-21 18:21 - 2012-03-21 17:23 - 00093184 __ASH C:\Users\Landie\Documents\Thumbs.db
    2012-06-16 08:51 - 2012-06-14 20:08 - 00010634 ___AH C:\Users\Landie\Desktop\Usher schedule Jul-Aug 2012.xlsx

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-15 21:02:41
    Restore point made on: 2012-08-19 06:39:24
    Restore point made on: 2012-08-22 09:02:06
    Restore point made on: 2012-08-25 17:53:39
    Restore point made on: 2012-08-29 08:27:15
    Restore point made on: 2012-09-02 13:05:12
    Restore point made on: 2012-09-06 14:43:39
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 8174.63 MB
    Available physical RAM: 7317.73 MB
    Total Pagefile: 8172.78 MB
    Available Pagefile: 7312.27 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions ============================
    1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.23 GB) NTFS
    2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
    8 Drive k: (STORE N GO) (Removable) (Total:7.45 GB) (Free:0.78 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 3695 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 7636 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 12 GB 40 MB
    Partition 3 Primary 919 GB 12 GB
    Partition 4 Primary 10 MB 931 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 FAT Partition 39 MB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 919 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes
    There is no volume associated with this partition.
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3694 MB 31 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
    ==================================================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7632 MB 4032 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K STORE N GO FAT32 Removable 7632 MB Healthy
    ==================================================================================
    Last Boot: 2012-09-07 16:32
    ==================== End Of Log =============================
  17. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    And here's the search.txt:
    Farbar Recovery Scan Tool (x64) Version: 14-09-2012 01
    Ran by SYSTEM at 2012-09-13 20:16:28
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ___AH (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\erdnt\cache64\services.exe
    [2012-06-28 11:17] - [2009-07-13 17:39] - 0328704 ___AH (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
  18. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    We have couple of issues there.
    We have some infection and we have infected fake partition.
    Let's deal with infected partition first.

    • For x32 (x86) bit systems download ListParts to a USB flash drive.
    • For x64 bit systems download ListParts64 to a USB flash drive.
    • Plug the USB drive into the infected machine.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • Press Scan button.
    • It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.
  19. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Well, here's the Results.txt file:
    ListParts by Farbar Version: 14-09-2012
    Ran by SYSTEM (administrator) on 14-09-2012 at 16:03:21
    Windows 7 (X64)
    Running From: F:\
    Language: 0409
    ************************************************************
    ========================= Memory info ======================
    Percentage of memory in use: 11%
    Total physical RAM: 8174.63 MB
    Available physical RAM: 7245.76 MB
    Total Pagefile: 8172.78 MB
    Available Pagefile: 7356.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.23 GB) NTFS
    2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
    8 Drive k: (STORE N GO) (Removable) (Total:7.45 GB) (Free:0.78 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 3695 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 7636 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 12 GB 40 MB
    Partition 3 Primary 919 GB 12 GB
    Partition 4 Primary 10 MB 931 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 FAT Partition 39 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 919 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes
    There is no volume associated with this partition.
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3694 MB 31 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
    ======================================================================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7632 MB 4032 KB
    ======================================================================================================
    Disk: 6
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K STORE N GO FAT32 Removable 7632 MB Healthy
    ======================================================================================================
    ****** End Of Log ******
  20. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Edited...hold on...
  21. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    • Click Start and in the Search Programs and files box type Notepad.exe then hit Enter.
    • An empty Notepad file will open.
    • Copy and paste the contents of the code box below into Notepad.

    Code:
    Disk=0 Partition=2 active
    custom
    Disk=0 Partition=4 delete
    
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fix.txt to the flash drive where ListParts is located.

    Enter System Recovery Options again.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • Press Fix button.
    • ListParts will process the script in Fix.txt
    • When finished please press the Scan button.
    • It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.
  22. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Alright, here's the Result.txt file:
    ListParts by Farbar Version: 14-09-2012
    Ran by SYSTEM (administrator) on 14-09-2012 at 18:11:41
    Windows 7 (X64)
    Running From: F:\
    Language: 0409
    ************************************************************
    ========================= Memory info ======================
    Percentage of memory in use: 11%
    Total physical RAM: 8174.63 MB
    Available physical RAM: 7271.31 MB
    Total Pagefile: 8172.78 MB
    Available Pagefile: 7349.75 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.23 GB) NTFS
    2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
    8 Drive k: (STORE N GO) (Removable) (Total:7.45 GB) (Free:0.78 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 13 MB
    Disk 1 Online 3695 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 7636 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 12 GB 40 MB
    Partition 3 Primary 919 GB 12 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 FAT Partition 39 MB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 919 GB Healthy
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3694 MB 31 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
    ======================================================================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7632 MB 4032 KB
    ======================================================================================================
    Disk: 6
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K STORE N GO FAT32 Removable 7632 MB Healthy
    ======================================================================================================
    ****** End Of Log ******
  23. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Good job :)

    Now post fresh FRST log.
  24. JuiceBox

    JuiceBox Newcomer, in training Topic Starter Posts: 92

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01
    Ran by SYSTEM at 14-09-2012 18:40:22
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] ()
    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-03] (Sonic Solutions)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s [316072 2009-10-01] ()
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [ApNnQdomYXNfVQU.exe] C:\ProgramData\ApNnQdomYXNfVQU.exe [373248 2012-09-10] (AAW)
    HKU\Landie\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
    HKU\Landie\...\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini [110352 2011-01-01] (www.motioninjoy.com)
    Tcpip\..\Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
    ==================== Services ====================
    2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
    2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [1052328 2010-04-14] ( )
    2 lxec_device; C:\Windows\SysWow64\lxeccoms.exe -service [598696 2010-04-14] ( )
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 MSSQL$NR2007; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sNR2007 [29293408 2010-12-10] (Microsoft Corporation)
    2 NeatWorksDatabaseController; "C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe" [351352 2008-12-23] (The Neat Company)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    ==================== Drivers =================================
    3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1021440 2007-03-27] (Atheros Communications, Inc.)
    3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1041920 2007-07-05] (Atheros Communications, Inc.)
    3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    ==================== NetSvcs (Whitelisted) =================

    ==================== One Month Created Files and Folders ======================
    2012-09-13 15:50 - 2012-08-24 12:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Landie\Desktop\billy.exe
    2012-09-13 15:23 - 2012-09-13 15:23 - 00003352 ____H C:\bootsqm.dat
    2012-09-13 15:22 - 2012-09-13 15:22 - 00000000 __SHD C:\found.001
    2012-09-13 15:12 - 2012-09-13 15:12 - 00000657 ___AH C:\Users\Landie\Desktop\File_Recovery.lnk
    2012-09-13 15:09 - 2012-09-13 15:39 - 00000000 ___HD C:\Users\Landie\Desktop\tdsskiller
    2012-09-13 15:09 - 2012-09-13 15:00 - 04731392 ____A (AVAST Software) C:\Users\Landie\Desktop\aswMBR.exe
    2012-09-13 15:09 - 2012-09-13 14:58 - 02193184 ___AH C:\Users\Landie\Desktop\tdsskiller.zip
    2012-09-12 15:03 - 2012-09-12 14:59 - 00607260 ___RH (Swearware) C:\Users\Landie\Desktop\dds.com
    2012-09-12 15:03 - 2012-09-12 14:57 - 00302592 ___AH C:\Users\Landie\Desktop\cbr8bk3o.exe
    2012-09-10 07:13 - 2012-09-10 07:10 - 00373248 ___AH (AAW) C:\Users\All Users\ApNnQdomYXNfVQU.exe
    2012-08-30 07:56 - 2012-08-30 07:57 - 00372440 ___AH C:\Windows\Minidump\083012-23150-01.dmp
    2012-08-27 11:36 - 2012-08-31 20:32 - 00000000 ___HD C:\Users\Landie\Desktop\Crazy Bass Stuff
    2012-08-23 21:02 - 2012-08-24 17:20 - 00011330 ___AH C:\Users\Landie\Desktop\Usher schedule Sep to Dec 2012.xlsx
    2012-08-23 07:23 - 2012-08-23 07:23 - 00076819 ___AH C:\Users\Landie\Documents\Untitled.wma
    2012-08-15 21:04 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-15 21:04 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-15 21:04 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-15 21:04 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-15 21:04 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-15 21:04 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-15 21:04 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-15 21:04 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-15 21:04 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-15 21:04 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-15 21:04 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-15 21:04 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-15 21:04 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-15 21:04 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-15 21:04 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-15 21:04 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-15 21:04 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-15 21:04 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-15 21:04 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-15 21:04 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-15 21:04 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-15 21:04 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-15 21:04 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-15 21:04 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-15 21:04 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-15 21:04 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-15 21:04 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-15 21:04 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-15 14:28 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-15 14:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-15 14:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-15 14:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-15 14:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-15 14:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-15 14:28 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-15 14:28 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-15 14:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-15 14:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-15 14:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-15 14:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-08-15 14:27 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    ==================== 3 Months Modified Files ================================
    2012-09-13 18:28 - 2012-06-28 11:13 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-09-13 18:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-13 18:26 - 2009-07-13 20:51 - 00110364 ___AH C:\Windows\setupact.log
    2012-09-13 16:34 - 2009-07-13 21:10 - 01994388 ___AH C:\Windows\WindowsUpdate.log
    2012-09-13 16:05 - 2011-06-22 14:29 - 00000912 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
    2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-13 15:38 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-13 15:27 - 2011-10-07 14:39 - 00093899 ___AH C:\Users\All Users\lxecscan.log
    2012-09-13 15:23 - 2012-09-13 15:23 - 00003352 ____H C:\bootsqm.dat
    2012-09-13 15:12 - 2012-09-13 15:12 - 00000657 ___AH C:\Users\Landie\Desktop\File_Recovery.lnk
    2012-09-13 15:00 - 2012-09-13 15:09 - 04731392 ____A (AVAST Software) C:\Users\Landie\Desktop\aswMBR.exe
    2012-09-13 14:58 - 2012-09-13 15:09 - 02193184 ___AH C:\Users\Landie\Desktop\tdsskiller.zip
    2012-09-12 20:05 - 2011-06-22 14:29 - 00000860 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
    2012-09-12 14:59 - 2012-09-12 15:03 - 00607260 ___RH (Swearware) C:\Users\Landie\Desktop\dds.com
    2012-09-12 14:57 - 2012-09-12 15:03 - 00302592 ___AH C:\Users\Landie\Desktop\cbr8bk3o.exe
    2012-09-10 15:14 - 2011-01-28 15:21 - 00124062 ___AH C:\Windows\PFRO.log
    2012-09-10 07:10 - 2012-09-10 07:13 - 00373248 ___AH (AAW) C:\Users\All Users\ApNnQdomYXNfVQU.exe
    2012-08-30 07:57 - 2012-08-30 07:56 - 00372440 ___AH C:\Windows\Minidump\083012-23150-01.dmp
    2012-08-30 07:56 - 2011-02-28 16:30 - 527974013 ___AH C:\Windows\MEMORY.DMP
    2012-08-29 10:26 - 2009-07-13 21:13 - 00799508 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-24 17:20 - 2012-08-23 21:02 - 00011330 ___AH C:\Users\Landie\Desktop\Usher schedule Sep to Dec 2012.xlsx
    2012-08-24 12:28 - 2012-09-13 15:50 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Landie\Desktop\billy.exe
    2012-08-23 07:23 - 2012-08-23 07:23 - 00076819 ___AH C:\Users\Landie\Documents\Untitled.wma
    2012-08-16 07:45 - 2009-07-13 20:45 - 00462264 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-15 21:02 - 2011-03-29 10:06 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-02 19:15 - 2011-07-21 13:15 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-08-02 19:14 - 2011-07-21 13:15 - 00444952 ___AH (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-08-02 19:14 - 2011-07-21 13:15 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-08-02 19:14 - 2011-07-21 13:15 - 00109080 ___AH (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-31 12:03 - 2012-07-31 12:03 - 00001148 ___AH C:\Windows\SysWOW64\game.ini
    2012-07-31 12:03 - 2012-07-31 11:54 - 00000056 ___AH C:\Windows\kgt2k.INI
    2012-07-31 08:46 - 2009-07-13 21:08 - 00032654 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-18 10:15 - 2012-08-15 14:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-17 09:28 - 2011-01-28 13:36 - 00289325 ___AH C:\Windows\DirectX.log
    2012-07-10 10:19 - 2012-06-29 12:54 - 00000088 __RSH C:\Users\All Users\202BF8F35A.sys
    2012-07-10 10:19 - 2011-07-03 19:29 - 00000848 __ASH C:\Users\All Users\KGyGaAvL.sys
    2012-07-08 15:46 - 2012-07-08 15:46 - 00371728 ___AH C:\Windows\Minidump\070812-28485-01.dmp
    2012-07-08 15:42 - 2012-07-08 15:42 - 00372480 ___AH C:\Windows\Minidump\070812-31855-01.dmp
    2012-07-05 07:43 - 2012-07-05 07:42 - 00371976 ___AH C:\Windows\Minidump\070512-21980-01.dmp
    2012-07-04 14:16 - 2012-08-15 14:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 14:28 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 14:28 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 14:28 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 14:28 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-29 10:53 - 2012-06-29 10:53 - 00047353 ___AH C:\JavaRa.log
    2012-06-29 10:50 - 2011-10-20 14:53 - 00174064 ___AH (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-29 10:50 - 2011-10-20 14:53 - 00174064 ___AH (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-29 10:48 - 2011-02-25 09:55 - 00001945 ___AH C:\Windows\epplauncher.mif
    2012-06-29 10:48 - 2011-02-07 19:32 - 00804910 ___AH C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-28 20:55 - 2012-08-15 21:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-15 21:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-15 21:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-15 21:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-15 21:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-15 21:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-15 21:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-15 21:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-15 21:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-15 21:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-15 21:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-15 21:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-15 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-15 21:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-15 21:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-15 21:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-15 21:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-15 21:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-15 21:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-15 21:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-15 21:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-15 21:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-15 21:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-15 21:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-15 21:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-15 21:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-15 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-15 21:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-28 11:11 - 2009-07-13 18:34 - 00000215 ___AH C:\Windows\system.ini
    2012-06-22 13:26 - 2012-06-22 13:26 - 00000220 ___AH C:\Windows\Tasks\SidebarExecute.job
    2012-06-21 20:00 - 2012-06-21 19:59 - 00275096 ___AH C:\Windows\Minidump\062112-25708-01.dmp
    2012-06-21 18:21 - 2012-03-21 17:23 - 00093184 __ASH C:\Users\Landie\Documents\Thumbs.db

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-15 21:02:41
    Restore point made on: 2012-08-19 06:39:24
    Restore point made on: 2012-08-22 09:02:06
    Restore point made on: 2012-08-25 17:53:39
    Restore point made on: 2012-08-29 08:27:15
    Restore point made on: 2012-09-02 13:05:12
    Restore point made on: 2012-09-06 14:43:39
    ==================== Memory info ===========================
    Percentage of memory in use: 12%
    Total physical RAM: 8174.63 MB
    Available physical RAM: 7159.34 MB
    Total Pagefile: 8172.78 MB
    Available Pagefile: 7247.45 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions ============================
    1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.23 GB) NTFS
    2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
    8 Drive k: (STORE N GO) (Removable) (Total:7.45 GB) (Free:0.78 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 13 MB
    Disk 1 Online 3695 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 7636 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 12 GB 40 MB
    Partition 3 Primary 919 GB 12 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 FAT Partition 39 MB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 919 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3694 MB 31 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
    ==================================================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7632 MB 4032 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K STORE N GO FAT32 Removable 7632 MB Healthy
    ==================================================================================
    Last Boot: 2012-09-07 16:32
    ==================== End Of Log =============================
  25. Broni

    Broni Malware Annihilator Posts: 45,265   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally and see if TDSSKiller, RogueKiller and aswMBR will run.
    If so post their logs.

    Attached Files:



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.