Jump to content

brianknaebel

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by brianknaebel

    removal of winrscmde svchost.exe virus

    in Resolved Malware Removal Logs

    Posted

    CatByte:

    Here is the result of the listpart scan.

    Thanks,

    Brian

    ListParts by Farbar Version: 30-10-2012

    Ran by Brian (administrator) on 24-11-2012 at 14:19:40

    Windows 7 (X64)

    Running From: C:\Users\Brian\Desktop

    Language: 0409

    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 40%

    Total physical RAM: 3032.36 MB

    Available physical RAM: 1797.13 MB

    Total Pagefile: 6062.87 MB

    Available Pagefile: 4498.2 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:147.89 GB) NTFS

    4 Drive f: () (Removable) (Total:3.72 GB) (Free:0.22 GB) FAT32

    Disk ### Status Size Free Dyn Gpt

    -------- ------------- ------- ------- --- ---

    Disk 0 Online 232 GB 0 B

    Disk 1 No Media 0 B 0 B

    Disk 2 Online 3815 MB 0 B

    Partitions of Disk 0:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 OEM 39 MB 31 KB

    Partition 2 Primary 14 GB 40 MB

    Partition 3 Primary 218 GB 14 GB

    ======================================================================================================

    Disk: 0

    Partition 1

    Type : DE

    Hidden: Yes

    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0

    Partition 2

    Type : 07

    Hidden: No

    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0

    Partition 3

    Type : 07

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 2 C OS NTFS Partition 218 GB Healthy Boot

    ======================================================================================================

    Partitions of Disk 2:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 3814 MB 8 KB

    ======================================================================================================

    Disk: 2

    Partition 1

    Type : 0B

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 4 F FAT32 Removable 3814 MB Healthy

    ======================================================================================================

    ==========================================================

    TDL4: custom:26000022

    Windows Boot Manager

    --------------------

    identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}

    device partition=\Device\HarddiskVolume2

    description Windows Boot Manager

    locale en-US

    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

    default {85299226-cbf1-11de-90cc-d46b45696dce}

    resumeobject {85299225-cbf1-11de-90cc-d46b45696dce}

    displayorder {85299226-cbf1-11de-90cc-d46b45696dce}

    toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}

    timeout 30

    Windows Boot Loader

    -------------------

    identifier {85299226-cbf1-11de-90cc-d46b45696dce}

    device partition=C:

    path \Windows\system32\winload.exe

    description Windows 7

    locale en-US

    inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

    recoverysequence {85299227-cbf1-11de-90cc-d46b45696dce}

    recoveryenabled Yes

    osdevice partition=C:

    systemroot \Windows

    resumeobject {85299225-cbf1-11de-90cc-d46b45696dce}

    nx OptIn

    Windows Boot Loader

    -------------------

    identifier {85299227-cbf1-11de-90cc-d46b45696dce}

    device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{85299228-cbf1-11de-90cc-d46b45696dce}

    path \windows\system32\winload.exe

    description Windows Recovery Environment

    inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

    osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{85299228-cbf1-11de-90cc-d46b45696dce}

    systemroot \windows

    nx OptIn

    winpe Yes

    custom:46000010 Yes

    Resume from Hibernate

    ---------------------

    identifier {85299225-cbf1-11de-90cc-d46b45696dce}

    device partition=C:

    path \Windows\system32\winresume.exe

    description Windows Resume Application

    locale en-US

    inherit {1afa9c49-16ab-4a5c-901b-212802da9460}

    filedevice partition=C:

    filepath \hiberfil.sys

    debugoptionenabled No

    Windows Memory Tester

    ---------------------

    identifier {b2721d73-1db4-4c62-bf78-c548a880142d}

    device partition=\Device\HarddiskVolume2

    path \boot\memtest.exe

    description Windows Memory Diagnostic

    locale en-US

    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

    badmemoryaccess Yes

    EMS Settings

    ------------

    identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

    custom:26000022 Yes

    Debugger Settings

    -----------------

    identifier {4636856e-540f-4170-a130-a84776f4c654}

    debugtype Serial

    debugport 1

    baudrate 115200

    RAM Defects

    -----------

    identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

    Global Settings

    ---------------

    identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

    inherit {4636856e-540f-4170-a130-a84776f4c654}

    {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

    {5189b25c-5558-4bf2-bca4-289b11bd29e2}

    Boot Loader Settings

    --------------------

    identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

    {7ff607e0-4395-11db-b0de-0800200c9a66}

    Hypervisor Settings

    -------------------

    identifier {7ff607e0-4395-11db-b0de-0800200c9a66}

    hypervisordebugtype Serial

    hypervisordebugport 1

    hypervisorbaudrate 115200

    Resume Loader Settings

    ----------------------

    identifier {1afa9c49-16ab-4a5c-901b-212802da9460}

    inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

    Device options

    --------------

    identifier {85299228-cbf1-11de-90cc-d46b45696dce}

    description Ramdisk Options

    ramdisksdidevice partition=\Device\HarddiskVolume2

    ramdisksdipath \Recovery\WindowsRE\boot.sdi

    ****** End Of Log ******

    removal of winrscmde svchost.exe virus

    in Resolved Malware Removal Logs

    Posted

    CatByte: Here is result of frst64 scan.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012

    Ran by SYSTEM at 24-11-2012 14:09:12

    Running from H:\

    Windows 7 Home Premium (X64) OS Language: English(US)

    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

    HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)

    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-07-05] (RealNetworks, Inc.)

    HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [148888 2009-11-07] (Sun Microsystems, Inc.)

    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)

    HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]

    HKLM-x32\...\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-08-17] ()

    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Services (Whitelisted) ===================

    4 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [19232 2012-01-31] (Autodesk, Inc.)

    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)

    2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1021888 2012-10-10] (Enigma Software Group USA, LLC.)

    4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

    ==================== Drivers (Whitelisted) =====================

    3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()

    3 EsgScanner; C:\Windows\System32\Drivers\EsgScanner.sys [22704 2012-06-22] ()

    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)

    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)

    1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)

    3 RDID1061; C:\Windows\System32\Drivers\rdwm1061.sys [201216 2009-09-18] (Roland Corporation)

    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========

    2012-11-24 14:00 - 2012-11-24 14:00 - 00277088 ____A C:\Windows\Minidump\112412-24726-01.dmp

    2012-11-24 13:43 - 2012-11-24 13:50 - 01461039 ____A (Farbar) C:\Users\Brian\Downloads\FRST64.exe

    2012-11-24 09:29 - 2012-11-24 09:29 - 00044554 ____A C:\Users\Brian\Desktop\attach.txt

    2012-11-24 09:29 - 2012-11-24 09:28 - 00017040 ____A C:\Users\Brian\Desktop\dds.txt

    2012-11-24 09:23 - 2012-11-24 09:25 - 00688992 ____R (Swearware) C:\Users\Brian\Downloads\dds.com

    2012-11-23 23:59 - 2012-11-23 23:59 - 00002256 ____A C:\Users\Brian\Desktop\SpyHunter.lnk

    2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\sh4ldr

    2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\Program Files\Enigma Software Group

    2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____A C:\autoexec.bat

    2012-11-23 23:59 - 2012-06-22 12:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys

    2012-11-23 23:57 - 2012-11-23 23:59 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

    2012-11-18 14:41 - 2009-07-13 19:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

    2012-11-18 14:03 - 2012-10-08 06:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

    2012-11-18 14:03 - 2012-10-08 05:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

    2012-11-18 14:03 - 2012-10-08 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

    2012-11-18 14:03 - 2012-10-08 05:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

    2012-11-18 14:03 - 2012-10-08 05:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

    2012-11-18 14:03 - 2012-10-08 05:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

    2012-11-18 14:03 - 2012-10-08 05:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

    2012-11-18 14:03 - 2012-10-08 05:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

    2012-11-18 14:03 - 2012-10-08 05:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

    2012-11-18 14:03 - 2012-10-08 05:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

    2012-11-18 14:03 - 2012-10-08 05:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

    2012-11-18 14:03 - 2012-10-08 05:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

    2012-11-18 14:03 - 2012-10-08 05:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

    2012-11-18 14:03 - 2012-10-08 05:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

    2012-11-18 14:03 - 2012-10-08 05:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

    2012-11-18 14:03 - 2012-10-08 05:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

    2012-11-18 14:03 - 2012-10-08 02:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2012-11-18 14:03 - 2012-10-08 02:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2012-11-18 14:03 - 2012-10-08 01:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2012-11-18 14:03 - 2012-10-08 01:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2012-11-18 14:03 - 2012-10-08 01:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2012-11-18 14:03 - 2012-10-08 01:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2012-11-18 14:03 - 2012-10-08 01:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

    2012-11-18 14:03 - 2012-10-08 01:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2012-11-18 14:03 - 2012-10-08 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2012-11-18 14:03 - 2012-10-08 01:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

    2012-11-18 14:03 - 2012-10-08 01:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2012-11-18 14:03 - 2012-10-08 01:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2012-11-18 14:03 - 2012-10-08 01:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2012-11-18 14:03 - 2012-10-08 01:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2012-11-18 14:03 - 2012-10-08 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2012-11-18 14:03 - 2012-10-08 01:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2012-11-15 22:06 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

    2012-11-15 22:06 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

    2012-11-15 22:06 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

    2012-11-15 22:06 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

    2012-11-15 21:55 - 2012-11-15 21:55 - 00000208 ____A C:\Windows\System32\MRT.INI

    2012-11-15 21:51 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll

    2012-11-15 21:51 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe

    2012-11-15 21:51 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll

    2012-11-15 21:51 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll

    2012-11-15 21:51 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll

    2012-11-15 21:51 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys

    2012-11-15 21:51 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys

    2012-11-15 21:51 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

    2012-11-15 20:33 - 2012-10-18 12:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    2012-11-15 19:34 - 2012-09-25 16:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

    2012-11-15 19:34 - 2012-09-25 15:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

    2012-11-04 19:16 - 2012-11-04 19:35 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brian\Desktop\mbam-consumer.exe

    ==================== One Month Modified Files and Folders =======

    2012-11-24 14:08 - 2012-11-24 14:08 - 00000000 ____D C:\FRST

    2012-11-24 14:02 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

    2012-11-24 14:02 - 2009-07-13 22:51 - 00096083 ____A C:\Windows\setupact.log

    2012-11-24 14:00 - 2012-11-24 14:00 - 00277088 ____A C:\Windows\Minidump\112412-24726-01.dmp

    2012-11-24 14:00 - 2011-10-10 18:31 - 389467019 ____A C:\Windows\MEMORY.DMP

    2012-11-24 14:00 - 2011-10-10 18:31 - 00000000 ____D C:\Windows\Minidump

    2012-11-24 13:59 - 2009-12-19 09:04 - 00000000 ____D C:\brian

    2012-11-24 13:50 - 2012-11-24 13:43 - 01461039 ____A (Farbar) C:\Users\Brian\Downloads\FRST64.exe

    2012-11-24 13:48 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2012-11-24 13:48 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2012-11-24 13:36 - 2012-09-22 21:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

    2012-11-24 13:34 - 2010-11-26 11:52 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2012-11-24 13:33 - 2009-12-16 21:13 - 00000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log

    2012-11-24 13:33 - 2009-11-07 15:37 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

    2012-11-24 10:24 - 2009-07-13 23:10 - 01951680 ____A C:\Windows\WindowsUpdate.log

    2012-11-24 10:11 - 2010-11-26 11:52 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2012-11-24 09:29 - 2012-11-24 09:29 - 00044554 ____A C:\Users\Brian\Desktop\attach.txt

    2012-11-24 09:28 - 2012-11-24 09:29 - 00017040 ____A C:\Users\Brian\Desktop\dds.txt

    2012-11-24 09:26 - 2012-06-19 19:40 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735682779-3776735334-2523709070-1001UA.job

    2012-11-24 09:25 - 2012-11-24 09:23 - 00688992 ____R (Swearware) C:\Users\Brian\Downloads\dds.com

    2012-11-24 09:01 - 2009-07-13 23:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    2012-11-23 23:59 - 2012-11-23 23:59 - 00002256 ____A C:\Users\Brian\Desktop\SpyHunter.lnk

    2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\sh4ldr

    2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____D C:\Program Files\Enigma Software Group

    2012-11-23 23:59 - 2012-11-23 23:59 - 00000000 ____A C:\autoexec.bat

    2012-11-23 23:59 - 2012-11-23 23:57 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

    2012-11-22 17:35 - 2012-06-19 19:40 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735682779-3776735334-2523709070-1001Core.job

    2012-11-19 20:57 - 2012-10-15 20:52 - 00000000 ____D C:\Windows\pss

    2012-11-19 12:22 - 2009-07-13 23:13 - 00787254 ____A C:\Windows\System32\PerfStringBackup.INI

    2012-11-18 03:05 - 2009-12-16 21:09 - 00000000 ____D C:\users\Brian

    2012-11-18 03:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration

    2012-11-16 21:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

    2012-11-16 20:31 - 2009-11-07 17:19 - 00532550 ____A C:\Windows\PFRO.log

    2012-11-16 05:41 - 2009-12-16 21:10 - 00131656 ____A C:\Users\Brian\Local Settings\GDIPFONTCACHEV1.DAT

    2012-11-16 05:41 - 2009-12-16 21:10 - 00131656 ____A C:\Users\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    2012-11-16 05:41 - 2009-12-16 21:10 - 00131656 ____A C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT

    2012-11-16 05:40 - 2009-07-13 22:45 - 00459240 ____A C:\Windows\System32\FNTCACHE.DAT

    2012-11-15 22:11 - 2009-11-07 15:39 - 00000000 ____D C:\Users\All Users\Microsoft Help

    2012-11-15 22:11 - 2009-11-07 15:39 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help

    2012-11-15 21:55 - 2012-11-15 21:55 - 00000208 ____A C:\Windows\System32\MRT.INI

    2012-11-15 21:52 - 2012-10-09 21:40 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

    2012-11-15 21:50 - 2009-07-13 20:34 - 00000534 ____A C:\Windows\win.ini

    2012-11-15 21:47 - 2012-10-04 20:41 - 00006465 ____A C:\Users\Brian\Local Settings\chromeupdate.crx

    2012-11-15 21:47 - 2012-10-04 20:41 - 00006465 ____A C:\Users\Brian\Local Settings\Application Data\chromeupdate.crx

    2012-11-15 21:47 - 2012-10-04 20:41 - 00006465 ____A C:\Users\Brian\AppData\Local\chromeupdate.crx

    2012-11-15 18:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat

    2012-11-15 18:22 - 2011-07-05 19:13 - 00000000 ____D C:\Users\All Users\Real

    2012-11-15 18:22 - 2011-07-05 19:13 - 00000000 ____D C:\Users\All Users\Application Data\Real

    2012-11-09 03:07 - 2012-06-19 19:50 - 00002486 ____A C:\Users\Brian\Desktop\Google Chrome.lnk

    2012-11-04 19:49 - 2012-10-16 16:38 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2012-11-04 19:49 - 2012-10-16 16:38 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

    2012-11-04 19:49 - 2012-10-16 16:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-11-04 19:35 - 2012-11-04 19:16 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Brian\Desktop\mbam-consumer.exe

    2012-11-02 21:13 - 2012-10-01 19:18 - 00000000 ____D C:\adoption profile pics

    ATTENTION: ========> Check for possible partition/boot infection:

    C:\Windows\svchost.exe

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\SysWOW64\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\SysWOW64\explorer.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\SysWOW64\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe => MD5 is legit

    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\SysWOW64\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\SysWOW64\userinit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK

    HKLM\...\exefile\DefaultIcon: %1 => OK

    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-15 21:50:28

    Restore point made on: 2012-11-17 03:00:36

    Restore point made on: 2012-11-18 11:18:08

    Restore point made on: 2012-11-18 14:03:34

    Restore point made on: 2012-11-18 14:14:11

    Restore point made on: 2012-11-19 03:00:38

    Restore point made on: 2012-11-20 03:00:29

    Restore point made on: 2012-11-21 03:00:29

    Restore point made on: 2012-11-21 07:08:05

    Restore point made on: 2012-11-21 07:16:33

    Restore point made on: 2012-11-22 03:00:32

    Restore point made on: 2012-11-22 18:18:02

    Restore point made on: 2012-11-23 23:58:13

    Restore point made on: 2012-11-24 03:00:31

    Restore point made on: 2012-11-24 08:21:48

    Restore point made on: 2012-11-24 10:24:23

    ==================== Memory info ===========================

    Percentage of memory in use: 18%

    Total physical RAM: 3032.36 MB

    Available physical RAM: 2477.79 MB

    Total Pagefile: 3030.51 MB

    Available Pagefile: 2471.81 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:147.91 GB) NTFS

    2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.

    6 Drive h: () (Removable) (Total:3.72 GB) (Free:0.22 GB) FAT32

    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt

    -------- ------------- ------- ------- --- ---

    Disk 0 Online 232 GB 0 B

    Disk 1 No Media 0 B 0 B

    Disk 2 No Media 0 B 0 B

    Disk 3 Online 3815 MB 0 B

    Partitions of Disk 0:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 OEM 39 MB 31 KB

    Partition 2 Primary 14 GB 40 MB

    Partition 3 Primary 218 GB 14 GB

    ==================================================================================

    Disk: 0

    Partition 1

    Type : DE

    Hidden: Yes

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 6 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0

    Partition 2

    Type : 07

    Hidden: No

    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0

    Partition 3

    Type : 07

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 2 C OS NTFS Partition 218 GB Healthy

    =========================================================

    Partitions of Disk 3:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 3814 MB 8 KB

    ==================================================================================

    Disk: 3

    Partition 1

    Type : 0B

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 5 H FAT32 Removable 3814 MB Healthy

    =========================================================

    Last Boot: 2012-11-15 19:04

    ==================== End Of Log =============================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.