orinwarren
-
Posts
2 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by orinwarren
-
-
Was doing research last night and working online. Logged out and shut down. Started up computer to discover the FBI Moneypak scam/virus had taken over my computer. Spent most of the day looking up how to resolve this on my brothers computer online. Most of them instructed accessing in safe mode and manualling removing it. Problem is the safe mode is also blocked by this virus now and the RUN appliacation and rgedit tools are blocked even though Ihave the adminstrator privelges active. We found a similar thread about this here and followed the instructions the expert gave there as well but have reached a dead end. http://forums.malwarebytes.org/index.php?showtopic=117917&st=0 I think who ever made this virsus is has worked around the previous solutions you can find posted online now. Now I am debating throwing my labtop in the trash...
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2012
Ran by SYSTEM at 29-12-2012 17:36:40
Running from E:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9972328 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1386776 2011-06-23] (Logitech, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Mike\...\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent [1354736 2012-12-04] (Valve Corporation)
HKU\Mike\...\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" [4771184 2011-06-30] (BitTorrent, Inc.)
HKU\Mike\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-01] ()
HKU\Mike\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit)
HKU\Mike\...\Run: [Facebook Update] "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-13] (Facebook Inc.)
HKU\Mike\...\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-23] (Google Inc.)
HKU\Mike\...\Run: [spotify] "C:\Users\Mike\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [5576408 2012-09-12] (Spotify Ltd)
HKU\Mike\...\Run: [spotify Web Helper] "C:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-09-12] ()
HKLM\...\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [449584 2011-07-08] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
==================== Services (Whitelisted) ===================
2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-08-23] ()
2 WebOptimizer; C:\Windows\System32\dmwu.exe [1006448 2012-09-13] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
==================== Drivers (Whitelisted) ====================
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39064 2011-04-30] (Logitech, Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-04-30] (Logitech, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7122944 2010-10-18] (Intel Corporation)
3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [47616 2009-10-28] (REDC)
2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38912 2009-12-11] (REDC)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [60160 2009-08-13] (Microsoft Corporation)
1 A2DDA; \??\C:\Users\Mike\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2012-12-29 17:33 - 2012-12-29 17:33 - 00000000 ____D C:\FRST
2012-12-29 15:13 - 2012-12-29 15:13 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2012-12-29 15:13 - 2012-12-29 15:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-29 15:13 - 2011-07-08 05:55 - 00022712 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-29 15:07 - 2011-07-08 05:55 - 00041272 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-12-29 15:02 - 2012-12-29 15:04 - 00000112 ____A C:\Windows\setupact.log
2012-12-29 15:02 - 2012-12-29 15:02 - 00000000 ____A C:\Windows\setuperr.log
2012-12-29 11:29 - 2012-12-29 11:29 - 00000000 ____D C:\Users\Mike\AppData\Roaming\EurekaLog
2012-12-21 01:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 01:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-14 08:54 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-14 08:54 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-14 08:54 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-14 08:54 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-14 08:54 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-14 08:54 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-14 08:54 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-14 08:54 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-14 08:54 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-14 08:54 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-14 08:54 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-14 08:54 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-14 08:54 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-14 08:54 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-14 08:54 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-14 08:54 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-14 06:40 - 2012-11-21 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-14 06:39 - 2012-10-04 08:47 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-14 06:39 - 2012-10-04 08:43 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-14 06:39 - 2012-10-04 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 06:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-14 06:39 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-14 06:39 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-14 06:38 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-14 06:38 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
==================== One Month Modified Files and Folders ========
2012-12-29 17:33 - 2012-12-29 17:33 - 00000000 ____D C:\FRST
2012-12-29 15:17 - 2011-06-30 10:27 - 01870530 ____A C:\Windows\WindowsUpdate.log
2012-12-29 15:13 - 2012-12-29 15:13 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2012-12-29 15:13 - 2012-12-29 15:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-12-29 15:11 - 2011-06-30 08:50 - 00739918 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-12-29 15:07 - 2012-12-29 15:07 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-29 15:05 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-29 15:04 - 2012-12-29 15:02 - 00000112 ____A C:\Windows\setupact.log
2012-12-29 15:02 - 2012-12-29 15:02 - 00000000 ____A C:\Windows\setuperr.log
2012-12-29 15:00 - 2011-07-03 00:23 - 00000000 ____D C:\Program Files\Steam
2012-12-29 15:00 - 2011-06-30 09:14 - 00000000 ____D C:\Users\Mike\AppData\Roaming\BitTorrent
2012-12-29 14:56 - 2012-11-03 08:36 - 52805632 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-12-29 14:56 - 2012-11-03 08:36 - 16912384 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-12-29 14:56 - 2012-11-03 08:36 - 00450560 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-12-29 14:56 - 2012-11-03 08:36 - 00069632 ____A C:\Windows\System32\config\SAM.iobit
2012-12-29 14:56 - 2012-11-03 08:36 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit
2012-12-29 14:56 - 2011-06-30 08:47 - 00000000 ____D C:\users\Mike
2012-12-29 14:41 - 2011-08-01 01:03 - 00000000 ____D C:\Users\Mike\AppData\Local\PMB Files
2012-12-29 11:29 - 2012-12-29 11:29 - 00000000 ____D C:\Users\Mike\AppData\Roaming\EurekaLog
2012-12-29 09:33 - 2009-07-13 20:34 - 00018224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-29 09:33 - 2009-07-13 20:34 - 00018224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-29 09:28 - 2012-06-15 17:18 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001UA.job
2012-12-29 09:22 - 2011-07-03 00:23 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-12-29 02:02 - 2012-06-23 20:15 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001UA.job
2012-12-29 01:16 - 2012-05-03 05:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-28 12:28 - 2011-06-30 13:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-12-28 10:40 - 2012-09-12 00:27 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Spotify
2012-12-27 08:02 - 2012-06-23 20:15 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001Core.job
2012-12-25 18:32 - 2012-11-19 22:10 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Tropico 4
2012-12-25 13:01 - 2012-06-15 17:18 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1217937582-2889780426-1002776351-1001Core.job
2012-12-21 13:26 - 2009-07-13 20:33 - 03772152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-16 10:52 - 2011-07-21 21:17 - 00000000 ____D C:\Users\Mike\AppData\Local\Paint.NET
2012-12-16 06:13 - 2012-12-21 01:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-21 01:00 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 00:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-12-14 08:54 - 2011-06-30 19:25 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-14 08:50 - 2011-06-30 11:30 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-14 08:16 - 2012-05-03 05:03 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-12-14 08:16 - 2011-06-30 11:00 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-12-04 17:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2011-06-30 21:38] - [2010-11-20 04:21] - 0843264 ____A (Microsoft Corporation) F0912678C35E4FE5220A4869861B6ED7
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-12-28 17:59:42
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 3963.98 MB
Available physical RAM: 3470.78 MB
Total Pagefile: 3962.26 MB
Available Pagefile: 3480.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB
==================== Partitions =============================
1 Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:147.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
3 Drive e: (Dec 29 2012) (CDROM) (Total:4.37 GB) (Free:4.37 GB) UDF
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 287 GB
=========================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI100343V0F NTFS Partition 286 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Last Boot: 2012-12-25 10:14
==================== End Of Log ============================
Farbar Recovery Scan Tool (x86) Version: 29-12-2012
Ran by SYSTEM at 2012-12-29 17:38:01
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
=== End Of Search ===
Computer hijacked need help.
in Resolved Malware Removal Logs
Posted
Also before anyone jumps the gun and assumes I entered the solution specifically given for the other topic I listed in the link.http://forums.malwar...pic=117917&st=0 ,No I did not as that solution clearly indicated that it was meant for that poster and could damage my computer I did that. I simply followed the instructions for acquiring the logs before stopping and posting them here.