Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix on external drive


  • Please log in to reply
5 replies to this topic

#1 computermd

computermd

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 24 July 2012 - 12:51 PM

I have a computer that is infected with malware... research i've done says to run combo fix, however, the system will not stay in windows long enough to run the program... even in safe mode. Does anyone know how to run Combofix on an external drive?

Thanks for any help you


*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 24 July 2012 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:11 PM

Posted 24 July 2012 - 01:04 PM

DO NOT RUN COMBOFIX.

Please note the message text in blue at the top of this forum.


ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Edited by Queen-Evie, 24 July 2012 - 01:09 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:11 PM

Posted 24 July 2012 - 01:19 PM

It would appear the infection is the issue,, can you run DDS? A person trained in Combofix use will reply with ,if needed, instruction.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 computermd

computermd
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 24 July 2012 - 01:51 PM

I can't run anything when the system is booted.... the only thing i can do is run scans from another system... avast found sirefef infection and deleted it but still has the "your going to be logged off in one min" (even in safe mode) the system reboots within a minute its windows 7 64bit.... i tried the windows xp shutdown -a with no results.... any suggestions to get the data you need pulling from an external drive? i tried also to use safe mode with command prompt but it gives the same error and reboots within the minute

#5 computermd

computermd
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 24 July 2012 - 05:26 PM

I found the farbar recovery tool here is the info Hope this is what you need

Scan result of Farbar Recovery Scan Tool Version: 24-07-2012 02
Ran by SYSTEM at 24-07-2012 18:20:00
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2010-02-11] (Advanced Micro Devices, Inc.)
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
Winlogon\Notify\DfLogon: LogonDll.dll [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Owner\Start Menu\Programs\Startup\dds.scr (Swearware)

==================== Services (Whitelisted) ======

3 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
2 atashost; "C:\Windows\SysWOW64\atashost.exe" [20360 2010-10-12] (WebEx Communications, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [267488 2011-07-27] ()
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]

========================== Drivers (Whitelisted) =============

3 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [12288 2007-04-09] (Waytech Development, Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-24 17:56 - 2012-07-24 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.733E539E41EA5A34
2012-07-24 17:56 - 2012-07-24 17:56 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\waujlkit.sys
2012-07-24 17:56 - 2012-07-24 17:56 - 00000000 ___SD C:\32788R22FWJFW
2012-07-24 17:53 - 2012-07-24 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C277A93D9EB916
2012-07-24 17:49 - 2012-07-24 17:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6E99E62DFFBFAC9
2012-07-24 17:46 - 2012-07-24 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F3E52FFECD52A19
2012-07-24 17:43 - 2012-07-24 17:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E487637FE033D582
2012-07-24 17:43 - 2012-07-24 17:43 - 00000000 ___SD C:\ComboFix
2012-07-24 17:41 - 2012-07-24 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1AC912424EFC4B93
2012-07-24 17:08 - 2012-07-24 17:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F70A78B79AD1E4C
2012-07-24 17:06 - 2012-07-24 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4BF6E62C6B831AE
2012-07-24 17:05 - 2012-07-24 16:57 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-07-24 17:03 - 2012-07-24 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.062D5F428AC5F32B
2012-07-24 17:01 - 2012-07-24 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD695F0BBAF473ED
2012-07-24 16:58 - 2012-07-24 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1255755231823DD1
2012-07-24 16:56 - 2012-07-24 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.058D3E5D8C8A02A0
2012-07-24 16:53 - 2012-07-24 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.078A84F27A2FD5B0
2012-07-24 16:51 - 2012-07-24 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A2BC669CEB091EA
2012-07-24 16:49 - 2012-07-24 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A590D303536C7AE
2012-07-24 16:46 - 2012-07-24 16:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470CD6B88277A2C5
2012-07-24 16:43 - 2012-07-24 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614BA88A46F75B56
2012-07-24 16:41 - 2012-07-24 16:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D0E7E0CAE1EDD6BB
2012-07-24 16:39 - 2012-07-24 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD109EAC31A2B869
2012-07-24 16:36 - 2012-07-24 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B4101EB043EA6D9
2012-07-24 16:34 - 2012-07-24 16:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E85CFF0C0812E746
2012-07-24 16:32 - 2012-07-24 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CB4FFC2699C3F20
2012-07-24 16:29 - 2012-07-24 16:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5617049059FE8EA2
2012-07-24 16:26 - 2012-07-24 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F754AA41540A459
2012-07-24 16:24 - 2012-07-24 16:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1BD9E18F7E785F90
2012-07-24 16:22 - 2012-07-24 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03CAD5A3A6091925
2012-07-24 16:20 - 2012-07-24 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.719E7197917A2F1B
2012-07-24 15:52 - 2012-07-24 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B8C68BDB64604EE
2012-07-24 15:48 - 2012-07-24 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.113E78347C1EEF2E
2012-07-24 11:21 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-24 11:21 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-24 11:21 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-24 11:21 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-24 11:21 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-24 11:21 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-24 11:21 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-24 11:21 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-24 11:17 - 2012-07-24 11:17 - 00000000 ____D C:\Windows\erdnt
2012-07-24 11:17 - 2012-07-24 11:17 - 00000000 ____D C:\Qoobox
2012-07-24 11:17 - 2012-07-23 16:52 - 04583914 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-07-23 15:02 - 2012-07-23 15:02 - 00000000 ____D C:\Users\Owner\Application Data\Malwarebytes
2012-07-23 15:02 - 2012-07-23 15:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-07-23 13:22 - 2012-07-24 11:04 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 13:22 - 2012-07-24 11:04 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 13:22 - 2012-07-24 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 13:22 - 2012-07-23 13:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-23 13:22 - 2012-07-23 13:22 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-23 13:22 - 2012-07-23 13:22 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-23 13:22 - 2012-07-23 13:22 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-07-23 13:22 - 2012-07-23 13:22 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-23 13:22 - 2012-07-03 11:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-23 13:22 - 2012-07-03 11:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-23 13:22 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-23 12:59 - 2012-07-23 12:59 - 00000000 ____A C:\Users\Owner\Downloads\FFCC.tmp
2012-07-23 12:54 - 2012-07-24 16:49 - 00000404 ____A C:\rkill.log
2012-07-23 12:51 - 2011-04-19 09:18 - 01006778 ____A C:\Users\Owner\Desktop\rkill.exe
2012-07-22 12:27 - 2012-07-22 12:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-22 12:27 - 2012-07-22 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-21 10:51 - 2012-07-21 10:51 - 00016923 ____A C:\Users\Owner\Desktop\hs_err_pid6892.log
2012-07-21 10:51 - 2012-07-21 10:51 - 00016713 ____A C:\Users\Owner\Desktop\hs_err_pid1808.log
2012-07-17 17:49 - 2012-07-17 17:49 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-13 10:38 - 2012-07-24 09:17 - 00000000 ____D C:\Users\Owner\Local Settings\Intel
2012-07-13 10:38 - 2012-07-24 09:17 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\Intel
2012-07-13 10:38 - 2012-07-24 09:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Intel
2012-07-11 13:50 - 2012-07-11 14:51 - 00288768 ____A C:\Users\Owner\Desktop\FIREHOUSE_fillout.wps
2012-07-11 03:02 - 2012-06-11 22:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:00 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 03:00 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 03:00 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 03:00 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 03:00 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 03:00 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 03:00 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 03:00 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 03:00 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 03:00 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 03:00 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 03:00 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 03:00 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 03:00 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 03:00 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 03:00 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 03:00 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 03:00 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 03:00 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 03:00 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 03:00 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 03:00 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 03:00 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 03:00 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 03:00 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 03:00 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 03:00 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 03:00 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:26 - 2012-06-09 00:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 19:26 - 2012-06-08 23:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 19:26 - 2012-06-06 00:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 19:26 - 2012-06-06 00:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 19:26 - 2012-06-06 00:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 19:26 - 2012-06-06 00:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 19:26 - 2012-06-02 00:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 19:26 - 2012-06-02 00:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 19:26 - 2012-06-02 00:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 19:26 - 2012-06-02 00:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 19:26 - 2012-06-02 00:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 19:26 - 2012-06-01 23:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 19:26 - 2012-06-01 23:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 19:26 - 2012-06-01 23:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 19:26 - 2012-06-01 23:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-27 10:20 - 2012-06-27 10:20 - 00010752 ____A C:\Users\Owner\My Documents\Diagnostics.wps
2012-06-27 10:20 - 2012-06-27 10:20 - 00010752 ____A C:\Users\Owner\Documents\Diagnostics.wps


============ 3 Months Modified Files ========================

2012-07-24 17:56 - 2012-07-24 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.733E539E41EA5A34
2012-07-24 17:56 - 2012-07-24 17:56 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\waujlkit.sys
2012-07-24 17:53 - 2012-07-24 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C277A93D9EB916
2012-07-24 17:51 - 2010-10-07 10:15 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-24 17:51 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-24 17:51 - 2009-07-13 23:51 - 00066325 ____A C:\Windows\setupact.log
2012-07-24 17:49 - 2012-07-24 17:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6E99E62DFFBFAC9
2012-07-24 17:46 - 2012-07-24 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F3E52FFECD52A19
2012-07-24 17:43 - 2012-07-24 17:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E487637FE033D582
2012-07-24 17:41 - 2012-07-24 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1AC912424EFC4B93
2012-07-24 17:13 - 2009-07-13 23:45 - 00012288 _____ C:\Windows\System32\umstartup.etl
2012-07-24 17:08 - 2012-07-24 17:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F70A78B79AD1E4C
2012-07-24 17:06 - 2012-07-24 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4BF6E62C6B831AE
2012-07-24 17:03 - 2012-07-24 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.062D5F428AC5F32B
2012-07-24 17:03 - 2009-07-14 00:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-24 17:01 - 2012-07-24 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD695F0BBAF473ED
2012-07-24 16:58 - 2012-07-24 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1255755231823DD1
2012-07-24 16:57 - 2012-07-24 17:05 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-07-24 16:56 - 2012-07-24 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.058D3E5D8C8A02A0
2012-07-24 16:53 - 2012-07-24 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.078A84F27A2FD5B0
2012-07-24 16:51 - 2012-07-24 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A2BC669CEB091EA
2012-07-24 16:49 - 2012-07-24 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7A590D303536C7AE
2012-07-24 16:49 - 2012-07-23 12:54 - 00000404 ____A C:\rkill.log
2012-07-24 16:46 - 2012-07-24 16:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.470CD6B88277A2C5
2012-07-24 16:43 - 2012-07-24 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614BA88A46F75B56
2012-07-24 16:41 - 2012-07-24 16:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D0E7E0CAE1EDD6BB
2012-07-24 16:39 - 2012-07-24 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD109EAC31A2B869
2012-07-24 16:38 - 2010-12-22 19:56 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358389016-2352100808-2656878526-1001UA.job
2012-07-24 16:36 - 2012-07-24 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B4101EB043EA6D9
2012-07-24 16:34 - 2012-07-24 16:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E85CFF0C0812E746
2012-07-24 16:32 - 2012-07-24 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1CB4FFC2699C3F20
2012-07-24 16:29 - 2012-07-24 16:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5617049059FE8EA2
2012-07-24 16:26 - 2012-07-24 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F754AA41540A459
2012-07-24 16:24 - 2012-07-24 16:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1BD9E18F7E785F90
2012-07-24 16:23 - 2010-10-07 10:15 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-24 16:22 - 2012-07-24 16:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03CAD5A3A6091925
2012-07-24 16:20 - 2012-07-24 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.719E7197917A2F1B
2012-07-24 15:52 - 2012-07-24 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B8C68BDB64604EE
2012-07-24 15:48 - 2012-07-24 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.113E78347C1EEF2E
2012-07-24 15:47 - 2010-04-09 15:41 - 01822374 ____A C:\Windows\PFRO.log
2012-07-24 11:04 - 2012-07-23 13:22 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-24 11:04 - 2012-07-23 13:22 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 16:52 - 2012-07-24 11:17 - 04583914 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-07-23 14:11 - 2009-07-14 00:13 - 00729706 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 12:59 - 2012-07-23 12:59 - 00000000 ____A C:\Users\Owner\Downloads\FFCC.tmp
2012-07-23 12:53 - 2010-07-16 12:42 - 00000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-07-23 12:49 - 2009-07-14 00:10 - 01759383 ____A C:\Windows\WindowsUpdate.log
2012-07-22 12:27 - 2011-12-18 01:43 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-22 12:27 - 2011-12-18 01:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-22 12:26 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 12:26 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 15:37 - 2010-12-22 19:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358389016-2352100808-2656878526-1001Core.job
2012-07-21 10:51 - 2012-07-21 10:51 - 00016923 ____A C:\Users\Owner\Desktop\hs_err_pid6892.log
2012-07-21 10:51 - 2012-07-21 10:51 - 00016713 ____A C:\Users\Owner\Desktop\hs_err_pid1808.log
2012-07-19 10:08 - 2010-10-11 07:54 - 00024840 ____A C:\Users\Owner\Application Data\wklnhst.dat
2012-07-19 10:08 - 2010-10-11 07:54 - 00024840 ____A C:\Users\Owner\AppData\Roaming\wklnhst.dat
2012-07-11 18:34 - 2010-12-22 19:57 - 00002407 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
2012-07-11 14:51 - 2012-07-11 13:50 - 00288768 ____A C:\Users\Owner\Desktop\FIREHOUSE_fillout.wps
2012-07-11 03:19 - 2009-07-13 23:45 - 00324472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 03:01 - 2010-09-28 19:03 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 11:21 - 2012-07-23 13:22 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 11:21 - 2012-07-23 13:22 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-27 13:17 - 2012-06-15 22:39 - 00036352 ____A C:\Users\Owner\My Documents\Bioinic Engineering-SS BIO.wps
2012-06-27 13:17 - 2012-06-15 22:39 - 00036352 ____A C:\Users\Owner\Documents\Bioinic Engineering-SS BIO.wps
2012-06-27 10:20 - 2012-06-27 10:20 - 00010752 ____A C:\Users\Owner\My Documents\Diagnostics.wps
2012-06-27 10:20 - 2012-06-27 10:20 - 00010752 ____A C:\Users\Owner\Documents\Diagnostics.wps
2012-06-16 09:07 - 2011-04-28 09:48 - 00000021 ____A C:\Windows\SysWOW64\PDFWRITR.INI
2012-06-16 09:07 - 2011-04-28 09:48 - 00000021 ____A C:\Windows\SysWOW64\__PDF.INI
2012-06-16 09:07 - 2009-07-13 21:34 - 00000424 ____A C:\Windows\win.ini
2012-06-15 23:10 - 2012-06-15 23:10 - 00472576 ____A C:\Users\Owner\Downloads\Artificial_White_Blood_Cell(1).ppt
2012-06-15 23:09 - 2012-06-15 23:09 - 00472576 ____A C:\Users\Owner\Downloads\Artificial_White_Blood_Cell.ppt
2012-06-11 22:02 - 2012-07-11 03:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:30 - 2012-07-10 19:26 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:46 - 2012-07-10 19:26 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 00:50 - 2012-07-10 19:26 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 00:50 - 2012-07-10 19:26 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 00:09 - 2012-07-10 19:26 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:09 - 2012-07-10 19:26 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 17:19 - 2012-06-22 09:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 09:13 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 09:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 09:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 09:13 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 09:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 09:13 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-22 09:13 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-22 09:13 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:49 - 2012-07-11 03:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 07:17 - 2012-07-11 03:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 07:12 - 2012-07-11 03:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 07:05 - 2012-07-11 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 07:05 - 2012-07-11 03:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 07:04 - 2012-07-11 03:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 07:04 - 2012-07-11 03:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 07:03 - 2012-07-11 03:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 07:01 - 2012-07-11 03:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 07:00 - 2012-07-11 03:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 06:59 - 2012-07-11 03:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 06:57 - 2012-07-11 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 06:57 - 2012-07-11 03:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 06:54 - 2012-07-11 03:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 04:07 - 2012-07-11 03:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 03:43 - 2012-07-11 03:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 03:33 - 2012-07-11 03:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 03:26 - 2012-07-11 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 03:25 - 2012-07-11 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 03:25 - 2012-07-11 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 03:23 - 2012-07-11 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 03:21 - 2012-07-11 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 03:20 - 2012-07-11 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 03:19 - 2012-07-11 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 03:19 - 2012-07-11 03:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 03:17 - 2012-07-11 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 03:16 - 2012-07-11 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 03:14 - 2012-07-11 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:38 - 2012-07-10 19:26 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:38 - 2012-07-10 19:26 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:37 - 2012-07-10 19:26 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:27 - 2012-07-10 19:26 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:27 - 2012-07-10 19:26 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:48 - 2012-07-10 19:26 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:48 - 2012-07-10 19:26 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:47 - 2012-07-10 19:26 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:42 - 2012-07-10 19:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-21 15:44 - 2010-10-11 15:03 - 00001945 ____A C:\Users\Owner\Desktop\Apex Medina v4 Appraiser.lnk
2012-05-17 14:26 - 2012-05-17 14:25 - 02585099 ____A C:\Users\Owner\Downloads\Appraisal order for Equity - 1440229101 2601 MEADOW LN loan # 1702479917 use this email.zip
2012-05-04 05:52 - 2012-06-13 23:04 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:08 - 2012-06-13 23:04 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:08 - 2012-06-13 23:04 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 00:32 - 2012-06-13 23:04 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 12:32 - 2012-04-28 12:32 - 00078848 ____A C:\Users\Owner\Downloads\PP-Personal Financial Statement April081 (1).xls
2012-04-28 12:30 - 2012-04-28 12:30 - 00078848 ____A C:\Users\Owner\Downloads\PP-Personal Financial Statement April081.xls
2012-04-27 22:50 - 2012-06-13 23:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:34 - 2012-06-13 23:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:34 - 2012-06-13 23:04 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:28 - 2012-06-13 23:04 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


ZeroAccess:
C:\Windows\Installer\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}
C:\Windows\Installer\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\@
C:\Windows\Installer\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\L
C:\Windows\Installer\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\U
C:\Windows\Installer\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\L\00000004.@
C:\Windows\Installer\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\L\1afb2d56
C:\Windows\Installer\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\L\201d3dde

ZeroAccess:
C:\Users\Owner\AppData\Local\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}
C:\Users\Owner\AppData\Local\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\@
C:\Users\Owner\AppData\Local\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\L
C:\Users\Owner\AppData\Local\{31936dfe-883f-bd04-fdcb-cd3e2e92c4f2}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4094.98 MB
Available physical RAM: 3506.32 MB
Total Pagefile: 4093.13 MB
Available Pagefile: 3497.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:392.52 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive i: () (Removable) (Total:7.45 GB) (Free:5.4 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7633 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I FAT32 Removable 7633 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 12:18

======================= End Of Log ==========================

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:11 PM

Posted 24 July 2012 - 06:09 PM

Hello..
Start a new topic named "Can't run anything" and post that FRST log there as we need a specialist to help you.

Post it in a new topic explained in here Virus, Trojan, Spyware, and Malware Removal Logs,thanks.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users