Jump to content

brianknaebel

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by brianknaebel

  1. CatByte, I think this finally took care of my problem. I went to task manager after completing steps per your post and winrscmde didn't show up any more. See log files attached below Thanks so much!!! Fixlog.txt mbar-log-2012-11-24 (21-19-46).txt mbar-log-2012-11-24 (21-48-58).txt JRT.txt log.txt
  2. CatByte: Here is the result of the listpart scan. Thanks, Brian ListParts by Farbar Version: 30-10-2012 Ran by Brian (administrator) on 24-11-2012 at 14:19:40 Windows 7 (X64) Running From: C:\Users\Brian\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 40% Total physical RAM: 3032.36 MB Available physical RAM: 1797.13 MB Total Pagefile: 6062.87 MB Available Pagefile: 4498.2 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:147.89 GB) NTFS 4 Drive f: () (Removable) (Total:3.72 GB) (Free:0.22 GB) FAT32 Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 3815 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 218 GB 14 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 218 GB Healthy Boot ====================================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3814 MB 8 KB ====================================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F FAT32 Removable 3814 MB Healthy ====================================================================================================== ========================================================== TDL4: custom:26000022 Windows Boot Manager -------------------- identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} default {85299226-cbf1-11de-90cc-d46b45696dce} resumeobject {85299225-cbf1-11de-90cc-d46b45696dce} displayorder {85299226-cbf1-11de-90cc-d46b45696dce} toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d} timeout 30 Windows Boot Loader ------------------- identifier {85299226-cbf1-11de-90cc-d46b45696dce} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} recoverysequence {85299227-cbf1-11de-90cc-d46b45696dce} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {85299225-cbf1-11de-90cc-d46b45696dce} nx OptIn Windows Boot Loader ------------------- identifier {85299227-cbf1-11de-90cc-d46b45696dce} device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{85299228-cbf1-11de-90cc-d46b45696dce} path \windows\system32\winload.exe description Windows Recovery Environment inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{85299228-cbf1-11de-90cc-d46b45696dce} systemroot \windows nx OptIn winpe Yes custom:46000010 Yes Resume from Hibernate --------------------- identifier {85299225-cbf1-11de-90cc-d46b45696dce} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {1afa9c49-16ab-4a5c-901b-212802da9460} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {b2721d73-1db4-4c62-bf78-c548a880142d} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} badmemoryaccess Yes EMS Settings ------------ identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} custom:26000022 Yes Debugger Settings ----------------- identifier {4636856e-540f-4170-a130-a84776f4c654} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2} Global Settings --------------- identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} inherit {4636856e-540f-4170-a130-a84776f4c654} {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} {5189b25c-5558-4bf2-bca4-289b11bd29e2} Boot Loader Settings -------------------- identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} {7ff607e0-4395-11db-b0de-0800200c9a66} Hypervisor Settings ------------------- identifier {7ff607e0-4395-11db-b0de-0800200c9a66} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {1afa9c49-16ab-4a5c-901b-212802da9460} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} Device options -------------- identifier {85299228-cbf1-11de-90cc-d46b45696dce} description Ramdisk Options ramdisksdidevice partition=\Device\HarddiskVolume2 ramdisksdipath \Recovery\WindowsRE\boot.sdi ****** End Of Log ******
  3. CatByte: Here is result of frst64 scan. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 Ran by SYSTEM at 24-11-2012 14:09:12 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.) HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-07-05] (RealNetworks, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [148888 2009-11-07] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x] HKLM-x32\...\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-08-17] () Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) =================== 4 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [19232 2012-01-31] (Autodesk, Inc.) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.) 2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1021888 2012-10-10] (Enigma Software Group USA, LLC.) 4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.) ==================== Drivers (Whitelisted) ===================== 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () 3 EsgScanner; C:\Windows\System32\Drivers\EsgScanner.sys [22704 2012-06-22] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.) 3 RDID1061; C:\Windows\System32\Drivers\rdwm1061.sys [201216 2009-09-18] (Roland Corporation) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-11-24 14:00 - 2012-11-24 14:00 - 00277088 ____A C:\Windows\Minidump\112412-24726-01.dmp 2012-11-24 13:43 - 2012-11-24 13:50 - 01461039 ____A (Farbar) C:\Users\Brian\Downloads\FRST64.exe 2012-11-24 09:29 - 2012-11-24 09:29 - 00044554 ____A C:\Users\Brian\Desktop\attach.txt 2012-11-24 09:29 - 2012-11-24 09:28 - 00017040 ____A C:\Users\Brian\Desktop\dds.txt 2012-11-24 09:23 - 2012-11-24 09:25 - 00688992 ____R (Swearware) C:\Users\Brian\Downloads\dds.com 2012-11-23 23:59 - 2012-11-23 23:59 - 00002256 ____A C:\Users\Brian\Desktop\SpyHunter.lnk 2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\sh4ldr 2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____A C:\autoexec.bat 2012-11-23 23:59 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys 2012-11-23 23:57 - 2012-11-23 23:59 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-18 14:41 - 2009-07-13 19:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-11-18 14:03 - 2012-10-08 06:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-18 14:03 - 2012-10-08 05:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-18 14:03 - 2012-10-08 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-18 14:03 - 2012-10-08 05:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-18 14:03 - 2012-10-08 05:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-18 14:03 - 2012-10-08 05:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-18 14:03 - 2012-10-08 05:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-18 14:03 - 2012-10-08 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-18 14:03 - 2012-10-08 05:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-18 14:03 - 2012-10-08 05:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-18 14:03 - 2012-10-08 05:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-18 14:03 - 2012-10-08 05:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-18 14:03 - 2012-10-08 05:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-18 14:03 - 2012-10-08 05:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-18 14:03 - 2012-10-08 05:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-18 14:03 - 2012-10-08 05:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-18 14:03 - 2012-10-08 02:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-18 14:03 - 2012-10-08 02:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-18 14:03 - 2012-10-08 01:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-18 14:03 - 2012-10-08 01:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-18 14:03 - 2012-10-08 01:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-18 14:03 - 2012-10-08 01:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-18 14:03 - 2012-10-08 01:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-18 14:03 - 2012-10-08 01:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-18 14:03 - 2012-10-08 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-18 14:03 - 2012-10-08 01:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-18 14:03 - 2012-10-08 01:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-18 14:03 - 2012-10-08 01:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-18 14:03 - 2012-10-08 01:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-18 14:03 - 2012-10-08 01:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-18 14:03 - 2012-10-08 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-18 14:03 - 2012-10-08 01:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-15 22:06 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-15 22:06 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-15 22:06 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-15 22:06 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-15 21:55 - 2012-11-15 21:55 - 00000208 ____A C:\Windows\System32\MRT.INI 2012-11-15 21:51 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-11-15 21:51 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-11-15 21:51 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-11-15 21:51 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-11-15 21:51 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 21:51 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-11-15 21:51 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-11-15 21:51 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-11-15 20:33 - 2012-10-18 12:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-15 19:34 - 2012-09-25 16:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-15 19:34 - 2012-09-25 15:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-11-04 19:16 - 2012-11-04 19:35 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brian\Desktop\mbam-consumer.exe ==================== One Month Modified Files and Folders ======= 2012-11-24 14:08 - 2012-11-24 14:08 - 00000000 ____D C:\FRST 2012-11-24 14:02 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-24 14:02 - 2009-07-13 22:51 - 00096083 ____A C:\Windows\setupact.log 2012-11-24 14:00 - 2012-11-24 14:00 - 00277088 ____A C:\Windows\Minidump\112412-24726-01.dmp 2012-11-24 14:00 - 2011-10-10 18:31 - 389467019 ____A C:\Windows\MEMORY.DMP 2012-11-24 14:00 - 2011-10-10 18:31 - 00000000 ____D C:\Windows\Minidump 2012-11-24 13:59 - 2009-12-19 09:04 - 00000000 ____D C:\brian 2012-11-24 13:50 - 2012-11-24 13:43 - 01461039 ____A (Farbar) C:\Users\Brian\Downloads\FRST64.exe 2012-11-24 13:48 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-24 13:48 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-24 13:36 - 2012-09-22 21:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-24 13:34 - 2010-11-26 11:52 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-24 13:33 - 2009-12-16 21:13 - 00000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log 2012-11-24 13:33 - 2009-11-07 15:37 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2012-11-24 10:24 - 2009-07-13 23:10 - 01951680 ____A C:\Windows\WindowsUpdate.log 2012-11-24 10:11 - 2010-11-26 11:52 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-24 09:29 - 2012-11-24 09:29 - 00044554 ____A C:\Users\Brian\Desktop\attach.txt 2012-11-24 09:28 - 2012-11-24 09:29 - 00017040 ____A C:\Users\Brian\Desktop\dds.txt 2012-11-24 09:26 - 2012-06-19 19:40 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735682779-3776735334-2523709070-1001UA.job 2012-11-24 09:25 - 2012-11-24 09:23 - 00688992 ____R (Swearware) C:\Users\Brian\Downloads\dds.com 2012-11-24 09:01 - 2009-07-13 23:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-23 23:59 - 2012-11-23 23:59 - 00002256 ____A C:\Users\Brian\Desktop\SpyHunter.lnk 2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\sh4ldr 2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____A C:\autoexec.bat 2012-11-23 23:59 - 2012-11-23 23:57 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-22 17:35 - 2012-06-19 19:40 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735682779-3776735334-2523709070-1001Core.job 2012-11-19 20:57 - 2012-10-15 20:52 - 00000000 ____D C:\Windows\pss 2012-11-19 12:22 - 2009-07-13 23:13 - 00787254 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-18 03:05 - 2009-12-16 21:09 - 00000000 ____D C:\users\Brian 2012-11-18 03:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration 2012-11-16 21:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2012-11-16 20:31 - 2009-11-07 17:19 - 00532550 ____A C:\Windows\PFRO.log 2012-11-16 05:41 - 2009-12-16 21:10 - 00131656 ____A C:\Users\Brian\Local Settings\GDIPFONTCACHEV1.DAT 2012-11-16 05:41 - 2009-12-16 21:10 - 00131656 ____A C:\Users\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-11-16 05:41 - 2009-12-16 21:10 - 00131656 ____A C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-16 05:40 - 2009-07-13 22:45 - 00459240 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-15 22:11 - 2009-11-07 15:39 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-11-15 22:11 - 2009-11-07 15:39 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2012-11-15 21:55 - 2012-11-15 21:55 - 00000208 ____A C:\Windows\System32\MRT.INI 2012-11-15 21:52 - 2012-10-09 21:40 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-15 21:50 - 2009-07-13 20:34 - 00000534 ____A C:\Windows\win.ini 2012-11-15 21:47 - 2012-10-04 20:41 - 00006465 ____A C:\Users\Brian\Local Settings\chromeupdate.crx 2012-11-15 21:47 - 2012-10-04 20:41 - 00006465 ____A C:\Users\Brian\Local Settings\Application Data\chromeupdate.crx 2012-11-15 21:47 - 2012-10-04 20:41 - 00006465 ____A C:\Users\Brian\AppData\Local\chromeupdate.crx 2012-11-15 18:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat 2012-11-15 18:22 - 2011-07-05 19:13 - 00000000 ____D C:\Users\All Users\Real 2012-11-15 18:22 - 2011-07-05 19:13 - 00000000 ____D C:\Users\All Users\Application Data\Real 2012-11-09 03:07 - 2012-06-19 19:50 - 00002486 ____A C:\Users\Brian\Desktop\Google Chrome.lnk 2012-11-04 19:49 - 2012-10-16 16:38 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-04 19:49 - 2012-10-16 16:38 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-04 19:49 - 2012-10-16 16:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-04 19:35 - 2012-11-04 19:16 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brian\Desktop\mbam-consumer.exe 2012-11-02 21:13 - 2012-10-01 19:18 - 00000000 ____D C:\adoption profile pics ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-15 21:50:28 Restore point made on: 2012-11-17 03:00:36 Restore point made on: 2012-11-18 11:18:08 Restore point made on: 2012-11-18 14:03:34 Restore point made on: 2012-11-18 14:14:11 Restore point made on: 2012-11-19 03:00:38 Restore point made on: 2012-11-20 03:00:29 Restore point made on: 2012-11-21 03:00:29 Restore point made on: 2012-11-21 07:08:05 Restore point made on: 2012-11-21 07:16:33 Restore point made on: 2012-11-22 03:00:32 Restore point made on: 2012-11-22 18:18:02 Restore point made on: 2012-11-23 23:58:13 Restore point made on: 2012-11-24 03:00:31 Restore point made on: 2012-11-24 08:21:48 Restore point made on: 2012-11-24 10:24:23 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3032.36 MB Available physical RAM: 2477.79 MB Total Pagefile: 3030.51 MB Available Pagefile: 2471.81 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:147.91 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.57 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection. 6 Drive h: () (Removable) (Total:3.72 GB) (Free:0.22 GB) FAT32 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 Online 3815 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 218 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D RECOVERY NTFS Partition 14 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 218 GB Healthy ========================================================= Partitions of Disk 3: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3814 MB 8 KB ================================================================================== Disk: 3 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 3814 MB Healthy ========================================================= Last Boot: 2012-11-15 19:04 ==================== End Of Log =============================
  4. Need help!! Been infected with winrscmde. Have tried many things so far and all un-successful. Just ran dds per instructions. See attach.txt and DDS.txt file attachments below. Thanks!!! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.