Dogtooth

Members

View Profile See their activity

Posts
9
Joined
May 10, 2013
Last visited
October 6, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Dogtooth

Moneypak Virus, need fixlist.txt

Dogtooth replied to Dogtooth's topic in Resolved Malware Removal Logs

Can't get to my desktop in either normal or safe mode thanks to the Moneypak, so I'm running this from the command prompt under Repair Your Computer, and no addition.txt was created. Here's the new log. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by SYSTEM on MININT-KNII173 on 05-10-2013 13:52:42 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-21] (IDT, Inc.) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-28] (Synaptics Incorporated) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1111568 2011-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [197152 2011-02-10] (Trend Micro Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [] - [x] HKU\Andrew\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-09-26] (Google Inc.) HKU\Andrew\...\Winlogon: [shell] explorer.exe,C:\Users\Andrew\AppData\Roaming\data.dat [85504 2013-08-01] () <==== ATTENTION BootExecute: autocheck autochk * r݂,autocheck autochk * ݂Ꮼچ ==================== Services (Whitelisted) ================= S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated) S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1164328 2013-09-09] (iolo technologies, LLC) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.) S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.) S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.) S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST 2013-10-04 13:51 - 2013-10-04 15:39 - 00000004 _____ C:\Users\Andrew\AppData\Roaming\settings.ini 2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 _____ C:\Windows\Minidump\100413-43040-01.dmp 2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF 2013-10-02 18:03 - 2013-10-03 10:58 - 3741257391 _____ C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv 2013-10-02 10:10 - 2013-10-02 10:11 - 18182900 _____ C:\Users\Andrew\Downloads\P1E.mov 2013-10-02 09:54 - 2013-10-02 12:30 - 478707868 _____ C:\Users\Andrew\Downloads\LABLKOTs5.mp4 2013-10-02 09:47 - 2013-10-02 15:52 - 596432818 _____ C:\Users\Andrew\Downloads\GL85s3-DD54O.mp4 2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat 2013-10-01 13:59 - 2013-10-01 23:07 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp 2013-10-01 13:53 - 2013-09-24 02:07 - 1725359838 _____ C:\Users\Andrew\Downloads\21792_03_720p.mp4 2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 _____ C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent 2013-09-29 11:20 - 2013-09-29 11:45 - 295105297 _____ C:\Users\Andrew\Downloads\rnyaoe210.wmv 2013-09-29 11:15 - 2013-09-29 11:17 - 132497180 _____ C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip 2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics 2013-09-28 14:17 - 2013-09-28 16:35 - 418250189 _____ C:\Users\Andrew\Downloads\sg_TIBLc3.mp4 2013-09-28 10:04 - 2013-09-28 10:06 - 00004414 _____ C:\Windows\DPINST.LOG 2013-09-28 10:04 - 2013-09-28 10:06 - 00001414 _____ C:\Windows\Synaptics.log 2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys 2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 _____ (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 _____ C:\Windows\SysWOW64\SynTPEnhPS.dll 2013-09-27 10:43 - 2013-09-27 10:45 - 143794880 _____ C:\Users\Andrew\Downloads\IMG_1233.MOV 2013-09-26 20:15 - 2013-09-15 06:39 - 1368691539 _____ C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4 2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod 2013-09-24 10:27 - 2013-09-24 11:33 - 150817268 _____ C:\Users\Andrew\Downloads\tallW861.wmv 2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent 2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent 2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk 2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-09-18 20:13 - 2013-09-18 22:15 - 347222016 _____ C:\Users\Andrew\Downloads\nr077.mpg 2013-09-13 10:37 - 2013-09-13 11:08 - 376823808 _____ C:\Users\Andrew\Downloads\nr120.mpg 2013-09-12 21:30 - 2013-09-12 22:07 - 440460420 _____ C:\Users\Andrew\Downloads\nr044.avi 2013-09-12 13:29 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-09-12 13:29 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-09-12 13:29 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-09-12 13:29 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-12 13:29 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-09-12 13:28 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-09-12 13:28 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-09-12 13:28 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-09-12 13:28 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-09-12 13:28 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-09-12 13:28 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-09-12 13:28 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-09-12 13:28 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-09-12 13:28 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-09-12 13:28 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-09-12 13:28 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-09-12 13:28 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-09-12 13:28 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-09-12 13:28 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-09-12 13:28 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 13:28 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-12 13:28 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-12 13:28 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-12 13:28 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-09-12 13:28 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-12 13:28 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-09-12 13:28 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-12 13:28 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-12 13:28 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-09-12 13:28 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-12 13:28 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-12 13:28 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-12 06:04 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-09-12 06:04 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys 2013-09-12 06:04 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-09-12 06:04 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-09-12 06:04 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-09-12 06:04 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-09-12 06:04 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-09-12 06:04 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-09-12 06:04 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-09-12 06:04 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-09-12 06:04 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-12 06:04 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-12 06:04 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-12 06:04 - 2013-08-01 17:51 - 00085504 _____ C:\Users\Andrew\AppData\Roaming\data.dat 2013-09-12 06:04 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-12 06:04 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-12 06:04 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-09-12 06:04 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-09-12 06:04 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-12 06:04 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-12 06:04 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-12 06:04 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-12 06:04 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:04 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-09-12 06:04 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-09-12 06:04 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-12 06:04 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 _____ C:\ComboFix.txt 2013-09-05 19:03 - 2013-10-04 13:00 - 00071598 _____ C:\Windows\PFRO.log 2013-09-05 18:20 - 2013-10-04 16:54 - 00262899 _____ C:\Windows\setupact.log 2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 _____ C:\Windows\setuperr.log 2013-09-05 18:17 - 2013-09-05 18:19 - 00000000 ____D C:\AdwCleaner ==================== One Month Modified Files and Folders ======= 2098-05-21 20:42 - 2013-01-31 00:29 - 1143474353 _____ C:\Users\Andrew\Downloads\0455hd.mp4 2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST 2013-10-04 16:54 - 2013-09-05 18:20 - 00262899 _____ C:\Windows\setupact.log 2013-10-04 16:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-04 16:21 - 2013-03-21 21:50 - 01941825 _____ C:\Windows\WindowsUpdate.log 2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-04 15:47 - 2013-07-15 08:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-04 15:39 - 2013-10-04 13:51 - 00000004 _____ C:\Users\Andrew\AppData\Roaming\settings.ini 2013-10-04 15:38 - 2013-07-15 08:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-04 13:52 - 2011-12-15 18:23 - 00000000 ____D C:\Users\Andrew\Documents\Youcam 2013-10-04 13:33 - 2012-04-01 14:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 _____ C:\Windows\Minidump\100413-43040-01.dmp 2013-10-04 13:00 - 2013-09-05 19:03 - 00071598 _____ C:\Windows\PFRO.log 2013-10-04 13:00 - 2013-05-12 08:54 - 00000000 ____D C:\Windows\Minidump 2013-10-04 12:55 - 2011-12-15 19:22 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Azureus 2013-10-04 12:27 - 2011-12-15 16:24 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AC47C312-F710-4A38-A019-33A44B055B1F} 2013-10-03 11:21 - 2013-02-17 20:43 - 00000000 ____D C:\Users\Andrew\Documents\New folder 2013-10-03 11:21 - 2012-01-04 21:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc 2013-10-03 10:58 - 2013-10-02 18:03 - 3741257391 _____ C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv 2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF 2013-10-02 18:52 - 2013-07-15 08:43 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-02 15:52 - 2013-10-02 09:47 - 596432818 _____ C:\Users\Andrew\Downloads\GL85s3-DD54O.mp4 2013-10-02 12:30 - 2013-10-02 09:54 - 478707868 _____ C:\Users\Andrew\Downloads\LABLKOTs5.mp4 2013-10-02 12:27 - 2013-04-05 16:56 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAndrew 2013-10-02 12:27 - 2013-04-05 16:56 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForAndrew.job 2013-10-02 10:11 - 2013-10-02 10:10 - 18182900 _____ C:\Users\Andrew\Downloads\P1E.mov 2013-10-01 23:08 - 2012-10-05 07:27 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SoftGrid Client 2013-10-01 23:07 - 2013-10-01 13:59 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp 2013-10-01 14:21 - 2013-03-21 19:50 - 00000000 ___HD C:\users\Andrew 2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat 2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 _____ C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent 2013-09-29 11:45 - 2013-09-29 11:20 - 295105297 _____ C:\Users\Andrew\Downloads\rnyaoe210.wmv 2013-09-29 11:17 - 2013-09-29 11:15 - 132497180 _____ C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip 2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics 2013-09-28 16:35 - 2013-09-28 14:17 - 418250189 _____ C:\Users\Andrew\Downloads\sg_TIBLc3.mp4 2013-09-28 10:09 - 2011-12-24 10:16 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-09-28 10:08 - 2011-09-01 19:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2013-09-28 10:08 - 2011-09-01 19:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2013-09-28 10:07 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup 2013-09-28 10:06 - 2013-09-28 10:04 - 00004414 _____ C:\Windows\DPINST.LOG 2013-09-28 10:06 - 2013-09-28 10:04 - 00001414 _____ C:\Windows\Synaptics.log 2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys 2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 _____ (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 _____ C:\Windows\SysWOW64\SynTPEnhPS.dll 2013-09-28 10:04 - 2010-12-16 18:26 - 00411944 _____ (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll 2013-09-28 09:57 - 2012-01-06 17:25 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-09-27 10:45 - 2013-09-27 10:43 - 143794880 _____ C:\Users\Andrew\Downloads\IMG_1233.MOV 2013-09-25 14:00 - 2013-03-14 12:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\Microsoft Games 2013-09-25 13:46 - 2013-09-25 13:46 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod 2013-09-24 11:33 - 2013-09-24 10:27 - 150817268 _____ C:\Users\Andrew\Downloads\tallW861.wmv 2013-09-24 02:07 - 2013-10-01 13:53 - 1725359838 _____ C:\Users\Andrew\Downloads\21792_03_720p.mp4 2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent 2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 _____ C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent 2013-09-23 06:37 - 2012-04-01 14:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-23 06:37 - 2012-04-01 14:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-23 06:37 - 2011-12-24 10:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-21 08:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-09-21 08:23 - 2011-09-01 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk 2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-09-21 08:18 - 2011-09-01 19:27 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-09-18 22:15 - 2013-09-18 20:13 - 347222016 _____ C:\Users\Andrew\Downloads\nr077.mpg 2013-09-17 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-09-15 08:43 - 2009-07-13 21:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-15 06:39 - 2013-09-26 20:15 - 1368691539 _____ C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4 2013-09-13 11:08 - 2013-09-13 10:37 - 376823808 _____ C:\Users\Andrew\Downloads\nr120.mpg 2013-09-13 06:24 - 2013-07-22 16:41 - 00000000 ____D C:\ProgramData\iolo 2013-09-12 22:07 - 2013-09-12 21:30 - 440460420 _____ C:\Users\Andrew\Downloads\nr044.avi 2013-09-12 20:50 - 2013-09-12 19:29 - 198574080 _____ C:\Users\Andrew\Downloads\ashblue0065.avi 2013-09-12 20:07 - 2013-07-22 16:43 - 00002219 _____ C:\Users\Andrew\Desktop\System Mechanic.lnk 2013-09-12 13:59 - 2009-07-13 20:45 - 00273872 _____ C:\Windows\System32\FNTCACHE.DAT 2013-09-12 13:35 - 2013-08-14 23:04 - 00000000 ____D C:\Windows\System32\MRT 2013-09-12 13:35 - 2013-03-21 22:14 - 00811080 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-12 13:35 - 2012-10-05 07:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-12 13:30 - 2013-03-22 13:28 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-09-09 14:26 - 2013-07-22 16:43 - 00057584 _____ (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe 2013-09-09 14:26 - 2013-07-22 16:43 - 00026184 _____ (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe 2013-09-09 14:08 - 2013-07-22 16:43 - 02155152 _____ (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll 2013-09-09 14:08 - 2013-07-22 16:43 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll 2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 _____ C:\ComboFix.txt 2013-09-05 19:13 - 2013-07-15 00:58 - 00000000 ____D C:\Qoobox 2013-09-05 19:04 - 2009-07-13 18:34 - 00000215 ____N C:\Windows\system.ini 2013-09-05 18:23 - 2013-07-15 06:49 - 05120804 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe 2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 _____ C:\Windows\setuperr.log 2013-09-05 18:19 - 2013-09-05 18:17 - 00000000 ____D C:\AdwCleaner 2013-09-05 12:21 - 2012-11-04 21:52 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job 2013-09-05 12:21 - 2012-10-21 21:38 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANDREW-HP$ Files to move or delete: ==================== C:\Users\Andrew\AppData\Roaming\data.dat C:\Users\Andrew\AppData\Roaming\settings.ini ZeroAccess: C:\Users\Andrew\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install C:\Users\Andrew\AppData\Roaming\i.ini Some content of TEMP: ==================== C:\Users\Andrew\AppData\Local\Temp\hnmguagknaidfmjwnyu.bfg C:\Users\Andrew\AppData\Local\Temp\i4jdel0.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 7657.91 MB Available physical RAM: 6819.93 MB Total Pagefile: 7656.11 MB Available Pagefile: 6804.29 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:680.98 GB) (Free:6.44 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive h: (STORE N GO) (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5A01AB4C) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 9BAD4F6E) Partition 1: (Not Active) - (Size=4 GB) - (Type=0C) LastRegBack: 2013-09-24 13:16 ==================== End Of Log ============================
- October 6, 2013
- 4 replies
Moneypak Virus, need fixlist.txt

Dogtooth posted a topic in Resolved Malware Removal Logs

My Windows 7 laptop has been hit with the Moneypak virus, and I ran FARBAR to get the log, and I just need a fixlist.txt to move on to the next step. Here's the log, and I appreciate any help. Thanks! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2013 01 (ATTENTION: FRST version is 148 days old) Ran by SYSTEM on 05-10-2013 04:27:41 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-21] (IDT, Inc.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-28] (Synaptics Incorporated) HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [] [x] HKU\Andrew\...\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [844752 2013-09-26] (Google Inc.) HKU\Andrew\...\Winlogon: [shell] explorer.exe,C:\Users\Andrew\AppData\Roaming\data.dat [85504 2013-08-01] () <==== ATTENTION BootExecute: autocheck autochk * r??,autocheck autochk * ???? ==================== Services (Whitelisted) ================= S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated) S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1164328 2013-09-09] (iolo technologies, LLC) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.) S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.) S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST 2013-10-04 13:51 - 2013-10-04 15:39 - 00000004 ____A C:\Users\Andrew\AppData\Roaming\settings.ini 2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 ____A C:\Windows\Minidump\100413-43040-01.dmp 2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF 2013-10-02 18:03 - 2013-10-03 10:58 - 3741257391 ____A C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv 2013-10-02 10:10 - 2013-10-02 10:11 - 18182900 ____A C:\Users\Andrew\Downloads\P1E.mov 2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat 2013-10-01 13:59 - 2013-10-01 23:07 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp 2013-10-01 13:53 - 2013-09-24 02:07 - 1725359838 ____A C:\Users\Andrew\Downloads\21792_03_720p.mp4 2013-09-30 17:45 - 2013-09-30 17:45 - 00015146 ____A C:\Users\Andrew\Downloads\WWE.Triple.H.Thy.Kingdom.Come.2013.BDRip.x264-RUDOS.torrent 2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 ____A C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent 2013-09-29 11:20 - 2013-09-29 11:45 - 295105297 ____A C:\Users\Andrew\Downloads\rnyaoe210.wmv 2013-09-29 11:15 - 2013-09-29 11:17 - 132497180 ____A C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip 2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics 2013-09-28 14:17 - 2013-09-28 16:35 - 418250189 ____A C:\Users\Andrew\Downloads\sg_TIBLc3.mp4 2013-09-28 10:04 - 2013-09-28 10:06 - 00004414 ____A C:\Windows\DPINST.LOG 2013-09-28 10:04 - 2013-09-28 10:06 - 00001414 ____A C:\Windows\Synaptics.log 2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys 2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 ____A C:\Windows\SysWOW64\SynTPEnhPS.dll 2013-09-27 10:43 - 2013-09-27 10:45 - 143794880 ____A C:\Users\Andrew\Downloads\IMG_1233.MOV 2013-09-26 20:15 - 2013-09-15 06:39 - 1368691539 ____A C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4 2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 13:47 - 2013-09-24 13:48 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod 2013-09-24 10:27 - 2013-09-24 11:33 - 150817268 ____A C:\Users\Andrew\Downloads\tallW861.wmv 2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent 2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent 2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk 2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-09-18 20:13 - 2013-09-18 22:15 - 347222016 ____A C:\Users\Andrew\Downloads\nr077.mpg 2013-09-13 10:37 - 2013-09-13 11:08 - 376823808 ____A C:\Users\Andrew\Downloads\nr120.mpg 2013-09-12 21:30 - 2013-09-12 22:07 - 440460420 ____A C:\Users\Andrew\Downloads\nr044.avi 2013-09-12 19:49 - 2013-09-12 20:06 - 201717760 ____A C:\Users\Andrew\Downloads\ashblue0100.avi 2013-09-12 19:29 - 2013-09-12 20:50 - 198574080 ____A C:\Users\Andrew\Downloads\ashblue0065.avi 2013-09-12 18:09 - 2013-09-12 19:18 - 146745344 ____A C:\Users\Andrew\Downloads\ashblue0041.avi 2013-09-12 13:29 - 2013-07-31 05:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-09-12 13:29 - 2013-07-31 05:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-09-12 13:29 - 2013-07-31 01:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-09-12 13:29 - 2013-07-31 01:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-12 13:29 - 2013-07-31 01:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-09-12 13:28 - 2013-07-31 06:17 - 17833472 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-09-12 13:28 - 2013-07-31 05:42 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-09-12 13:28 - 2013-07-31 05:29 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-09-12 13:28 - 2013-07-31 05:20 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-09-12 13:28 - 2013-07-31 05:19 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-09-12 13:28 - 2013-07-31 05:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-09-12 13:28 - 2013-07-31 05:17 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-09-12 13:28 - 2013-07-31 05:16 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-09-12 13:28 - 2013-07-31 05:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-09-12 13:28 - 2013-07-31 05:13 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-09-12 13:28 - 2013-07-31 05:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-09-12 13:28 - 2013-07-31 05:11 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-09-12 13:28 - 2013-07-31 05:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-09-12 13:28 - 2013-07-31 05:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-09-12 13:28 - 2013-07-31 02:30 - 12335104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 13:28 - 2013-07-31 02:05 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-12 13:28 - 2013-07-31 02:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-12 13:28 - 2013-07-31 01:53 - 01104896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-12 13:28 - 2013-07-31 01:52 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-09-12 13:28 - 2013-07-31 01:52 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-12 13:28 - 2013-07-31 01:51 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-09-12 13:28 - 2013-07-31 01:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-12 13:28 - 2013-07-31 01:48 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-12 13:28 - 2013-07-31 01:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-09-12 13:28 - 2013-07-31 01:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-12 13:28 - 2013-07-31 01:46 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-12 13:28 - 2013-07-31 01:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-12 06:04 - 2013-08-07 17:20 - 03155456 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-09-12 06:04 - 2013-08-04 18:25 - 00155584 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys 2013-09-12 06:04 - 2013-08-01 18:23 - 05550528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-09-12 06:04 - 2013-08-01 18:15 - 01732032 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-09-12 06:04 - 2013-08-01 18:15 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-09-12 06:04 - 2013-08-01 18:15 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-09-12 06:04 - 2013-08-01 18:15 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-09-12 06:04 - 2013-08-01 18:14 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-09-12 06:04 - 2013-08-01 18:14 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-09-12 06:04 - 2013-08-01 18:13 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-09-12 06:04 - 2013-08-01 18:13 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00006656 ____A (Microsoft Corporation) C:\Windows\System32\apisetschema.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 18:12 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:59 - 03968960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-12 06:04 - 2013-08-01 17:59 - 03913664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-12 06:04 - 2013-08-01 17:51 - 01292192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-12 06:04 - 2013-08-01 17:51 - 00085504 ____A C:\Users\Andrew\AppData\Roaming\data.dat 2013-09-12 06:04 - 2013-08-01 17:50 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-12 06:04 - 2013-08-01 17:50 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-12 06:04 - 2013-08-01 17:50 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:48 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 17:09 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-09-12 06:04 - 2013-08-01 16:59 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-09-12 06:04 - 2013-08-01 16:45 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-12 06:04 - 2013-08-01 16:45 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-12 06:04 - 2013-08-01 16:45 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-12 06:04 - 2013-08-01 16:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-12 06:04 - 2013-08-01 16:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 16:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 16:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:04 - 2013-08-01 16:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:04 - 2013-07-25 18:24 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-09-12 06:04 - 2013-07-25 18:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-09-12 06:04 - 2013-07-25 17:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-12 06:04 - 2013-07-25 17:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-11 13:10 - 2013-09-11 11:09 - 779907957 ____A C:\Users\Andrew\Downloads\LisaA_BHC_Sc2hd.mp4 2013-09-07 12:38 - 2013-09-07 13:34 - 393764129 ____A 2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 ____A C:\ComboFix.txt 2013-09-05 19:03 - 2013-10-04 13:00 - 00071598 ____A C:\Windows\PFRO.log 2013-09-05 18:20 - 2013-10-04 16:54 - 00262899 ____A C:\Windows\setupact.log 2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 ____A C:\Windows\setuperr.log 2013-09-05 18:17 - 2013-09-05 18:19 - 00000000 ____D C:\AdwCleaner ==================== One Month Modified Files and Folders ======= 2098-05-21 20:42 - 2013-01-31 00:29 - 1143474353 ____A C:\Users\Andrew\Downloads\0455hd.mp4 2013-10-04 18:26 - 2013-10-04 18:26 - 00000000 ____D C:\FRST 2013-10-04 16:54 - 2013-09-05 18:20 - 00262899 ____A C:\Windows\setupact.log 2013-10-04 16:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-10-04 16:21 - 2013-03-21 21:50 - 01941825 ____A C:\Windows\WindowsUpdate.log 2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-04 16:21 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-04 15:47 - 2013-07-15 08:42 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-04 15:39 - 2013-10-04 13:51 - 00000004 ____A C:\Users\Andrew\AppData\Roaming\settings.ini 2013-10-04 15:38 - 2013-07-15 08:42 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-04 13:52 - 2011-12-15 18:23 - 00000000 ____D C:\Users\Andrew\Documents\Youcam 2013-10-04 13:33 - 2012-04-01 14:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-04 13:00 - 2013-10-04 13:00 - 00262144 ____A C:\Windows\Minidump\100413-43040-01.dmp 2013-10-04 13:00 - 2013-09-05 19:03 - 00071598 ____A C:\Windows\PFRO.log 2013-10-04 13:00 - 2013-05-12 08:54 - 00000000 ____D C:\Windows\Minidump 2013-10-04 12:55 - 2011-12-15 19:22 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Azureus 2013-10-03 11:21 - 2013-02-17 20:43 - 00000000 ____D C:\Users\Andrew\Documents\New folder 2013-10-03 11:21 - 2012-01-04 21:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc 2013-10-03 10:58 - 2013-10-02 18:03 - 3741257391 ____A C:\Users\Andrew\Desktop\Miyazaki - Laputa Castle in the sky.mkv 2013-10-02 19:58 - 2013-10-02 19:58 - 00000000 ____D C:\Users\Andrew\Desktop\Nausicaa.Of.The.Valley.Of.The.Wind.1984.x264.AC3.4AUDIO-WAF 2013-10-02 18:52 - 2013-07-15 08:43 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-02 15:52 - 2013-10-02 09:47 - 596432818 ____A C:\Users\Andrew\Downloads\GL85s3-DD54O.mp4 2013-10-02 12:30 - 2013-10-02 09:54 - 478707868 ____A C:\Users\Andrew\Downloads\LABLKOTs5.mp4 2013-10-02 12:27 - 2013-04-05 16:56 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAndrew.job 2013-10-02 10:11 - 2013-10-02 10:10 - 18182900 ____A C:\Users\Andrew\Downloads\P1E.mov 2013-10-01 23:08 - 2012-10-05 07:27 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SoftGrid Client 2013-10-01 23:07 - 2013-10-01 13:59 - 00015758 ____H C:\Users\Andrew\Desktop\~WRL3595.tmp 2013-10-01 14:21 - 2013-03-21 19:50 - 00000000 ___HD C:\users\Andrew 2013-10-01 14:17 - 2013-10-01 14:17 - 00003288 ____N C:\bootsqm.dat 2013-09-30 17:45 - 2013-09-30 17:45 - 00015146 ____A C:\Users\Andrew\Downloads\WWE.Triple.H.Thy.Kingdom.Come.2013.BDRip.x264-RUDOS.torrent 2013-09-30 10:48 - 2013-09-30 10:48 - 00023300 ____A C:\Users\Andrew\Downloads\The.Princess.Bride.1987.720p.BluRay.x264-REVEiLLE.4757494.TPB.torrent 2013-09-29 11:45 - 2013-09-29 11:20 - 295105297 ____A C:\Users\Andrew\Downloads\rnyaoe210.wmv 2013-09-29 11:17 - 2013-09-29 11:15 - 132497180 ____A C:\Users\Andrew\Downloads\Comedy Bang! Bang! 2013 Tour.zip 2013-09-29 08:45 - 2013-09-29 08:45 - 00000000 ____D C:\ProgramData\Synaptics 2013-09-28 16:35 - 2013-09-28 14:17 - 418250189 ____A C:\Users\Andrew\Downloads\sg_TIBLc3.mp4 2013-09-28 10:09 - 2011-12-24 10:16 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-09-28 10:08 - 2011-09-01 19:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2013-09-28 10:08 - 2011-09-01 19:05 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2013-09-28 10:07 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup 2013-09-28 10:06 - 2013-09-28 10:04 - 00004414 ____A C:\Windows\DPINST.LOG 2013-09-28 10:06 - 2013-09-28 10:04 - 00001414 ____A C:\Windows\Synaptics.log 2013-09-28 10:04 - 2013-09-28 10:04 - 01451056 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys 2013-09-28 10:04 - 2013-09-28 10:04 - 00276264 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00226600 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00222504 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00177448 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00148264 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo9.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll 2013-09-28 10:04 - 2013-09-28 10:04 - 00066856 ____A C:\Windows\SysWOW64\SynTPEnhPS.dll 2013-09-28 10:04 - 2010-12-16 18:26 - 00411944 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll 2013-09-28 09:57 - 2012-01-06 17:25 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-09-25 14:00 - 2013-03-14 12:11 - 00000000 ____D C:\Users\Andrew\AppData\Local\Microsoft Games 2013-09-24 13:48 - 2013-09-24 13:48 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 13:48 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-24 13:47 - 2013-09-24 13:47 - 00000000 ____D C:\Program Files\iPod 2013-09-24 11:33 - 2013-09-24 10:27 - 150817268 ____A C:\Users\Andrew\Downloads\tallW861.wmv 2013-09-24 02:07 - 2013-10-01 13:53 - 1725359838 ____A C:\Users\Andrew\Downloads\21792_03_720p.mp4 2013-09-23 07:35 - 2013-09-23 07:35 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html (1).torrent 2013-09-23 07:34 - 2013-09-23 07:34 - 00000301 ____A C:\Users\Andrew\Downloads\widgets-tweet_button.html.torrent 2013-09-23 06:37 - 2012-04-01 14:01 - 00692616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-23 06:37 - 2011-12-24 10:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-21 08:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-09-21 08:23 - 2011-09-01 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-21 08:22 - 2013-09-21 08:22 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk 2013-09-21 08:19 - 2013-09-21 08:19 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-09-21 08:14 - 2013-09-21 08:14 - 00059608 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-09-18 22:15 - 2013-09-18 20:13 - 347222016 ____A C:\Users\Andrew\Downloads\nr077.mpg 2013-09-17 13:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-09-15 08:43 - 2009-07-13 21:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-15 06:39 - 2013-09-26 20:15 - 1368691539 ____A C:\Users\Andrew\Downloads\6HBk3PnA4T.mp4 2013-09-13 11:08 - 2013-09-13 10:37 - 376823808 ____A C:\Users\Andrew\Downloads\nr120.mpg 2013-09-13 06:24 - 2013-07-22 16:41 - 00000000 ____D C:\ProgramData\iolo 2013-09-12 22:07 - 2013-09-12 21:30 - 440460420 ____A C:\Users\Andrew\Downloads\nr044.avi 2013-09-12 20:50 - 2013-09-12 19:29 - 198574080 ____A C:\Users\Andrew\Downloads\ashblue0065.avi 2013-09-12 20:07 - 2013-07-22 16:43 - 00002219 ____A C:\Users\Andrew\Desktop\System Mechanic.lnk 2013-09-12 20:06 - 2013-09-12 19:49 - 201717760 ____A C:\Users\Andrew\Downloads\ashblue0100.avi 2013-09-12 19:18 - 2013-09-12 18:09 - 146745344 ____A C:\Users\Andrew\Downloads\ashblue0041.avi 2013-09-12 13:59 - 2009-07-13 20:45 - 00273872 ____A C:\Windows\System32\FNTCACHE.DAT 2013-09-12 13:35 - 2013-08-14 23:04 - 00000000 ____D C:\Windows\System32\MRT 2013-09-12 13:35 - 2013-03-21 22:14 - 00811080 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-12 13:35 - 2012-10-05 07:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-12 13:30 - 2013-03-22 13:28 - 79143768 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-09-11 11:09 - 2013-09-11 13:10 - 779907957 ____A C:\Users\Andrew\Downloads\LisaA_BHC_Sc2hd.mp4 2013-09-09 14:26 - 2013-07-22 16:43 - 00057584 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe 2013-09-09 14:26 - 2013-07-22 16:43 - 00026184 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe 2013-09-09 14:08 - 2013-07-22 16:43 - 02155152 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll 2013-09-09 14:08 - 2013-07-22 16:43 - 02097984 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll 2013-09-05 19:13 - 2013-09-05 19:13 - 00020153 ____A C:\ComboFix.txt 2013-09-05 19:13 - 2013-07-15 00:58 - 00000000 ____D C:\Qoobox 2013-09-05 19:04 - 2009-07-13 18:34 - 00000215 ____N C:\Windows\system.ini 2013-09-05 18:23 - 2013-07-15 06:49 - 05120804 ____R (Swearware) C:\Users\Andrew\Desktop\ComboFix.exe 2013-09-05 18:20 - 2013-09-05 18:20 - 00000000 ____A C:\Windows\setuperr.log 2013-09-05 18:19 - 2013-09-05 18:17 - 00000000 ____D C:\AdwCleaner ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 7657.91 MB Available physical RAM: 6828.79 MB Total Pagefile: 7656.11 MB Available Pagefile: 6821.41 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:680.98 GB) (Free:6.44 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:1.9 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive h: (STORE N GO) (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5A01AB4C) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 9BAD4F6E) Partition 1: (Not Active) - (Size=4 GB) - (Type=0C) Last Boot: 2013-09-24 13:16 ==================== End Of Log ============================
- October 5, 2013
- 4 replies
Need help with Moneypak virus

Dogtooth replied to Dogtooth's topic in Resolved Malware Removal Logs

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 21:47:01 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Andrew - ANDREW-HP # Boot Mode : Normal # Running from : C:\Users\Andrew\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Application Updater ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\Common Files\spigot Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar Folder Deleted : C:\Program Files (x86)\Vuze_Remote Folder Deleted : C:\Users\Andrew\AppData\Local\Conduit Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Vuze Remote Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Vuze_Remote ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Search Settings Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\Software\Vuze_Remote Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E6C4492-4246-4799-ABC2-F98AFA5D3C15} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8C6D7E2-567D-415D-A3F7-9D95CF35B827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4618 octets] - [10/05/2013 21:33:31] AdwCleaner[R2].txt - [4678 octets] - [10/05/2013 21:34:36] AdwCleaner[s1].txt - [4173 octets] - [10/05/2013 21:47:01] ########## EOF - C:\AdwCleaner[s1].txt - [4233 octets] ########## Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Trend Micro Titanium Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Java 7 Update 21 Adobe Flash Player 11.6.602.180 Adobe Reader XI Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe iolo Common Lib ioloServiceManager.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````
- May 11, 2013
- 14 replies
Need help with Moneypak virus

Dogtooth replied to Dogtooth's topic in Resolved Malware Removal Logs

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 21:34:36 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Andrew - ANDREW-HP # Boot Mode : Normal # Running from : C:\Users\Andrew\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : Application Updater ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\Program Files (x86)\Application Updater Folder Found : C:\Program Files (x86)\Common Files\spigot Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Vuze Remote toolbar Folder Found : C:\Program Files (x86)\Vuze_Remote Folder Found : C:\Program Files (x86)\Vuze_Remote Folder Found : C:\Users\Andrew\AppData\Local\Conduit Folder Found : C:\Users\Andrew\AppData\LocalLow\Conduit Folder Found : C:\Users\Andrew\AppData\LocalLow\Search Settings Folder Found : C:\Users\Andrew\AppData\LocalLow\Vuze Remote Folder Found : C:\Users\Andrew\AppData\LocalLow\Vuze_Remote Folder Found : C:\Users\Andrew\AppData\LocalLow\Vuze_Remote ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\Search Settings Key Found : HKLM\Software\Application Updater Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Key Found : HKLM\Software\Search Settings Key Found : HKLM\Software\Vuze_Remote Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E6C4492-4246-4799-ABC2-F98AFA5D3C15} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8C6D7E2-567D-415D-A3F7-9D95CF35B827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4618 octets] - [10/05/2013 21:33:31] AdwCleaner[R2].txt - [4551 octets] - [10/05/2013 21:34:36] ########## EOF - C:\AdwCleaner[R2].txt - [4611 octets] ##########
- May 11, 2013
- 14 replies
Need help with Moneypak virus

Dogtooth replied to Dogtooth's topic in Resolved Malware Removal Logs

ComboFix 13-05-10.03 - Andrew 05/10/2013 21:06:48.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7658.5316 [GMT -4:00] Running from: c:\users\Andrew\Desktop\ComboFix.exe AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-11 to 2013-05-11 ))))))))))))))))))))))))))))))) . . 2013-05-11 01:15 . 2013-05-11 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-10 22:43 . 2013-05-10 22:43 -------- d-----w- c:\programdata\Malwarebytes 2013-05-10 22:01 . 2013-05-10 22:01 -------- d-----w- C:\FRST 2013-04-28 08:36 . 2013-04-28 08:36 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-04-23 18:12 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-17 15:57 . 2013-04-17 15:57 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-17 15:55 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-17 15:53 . 2013-04-17 15:53 -------- d-----w- c:\programdata\McAfee . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-21 16:53 . 2012-04-01 22:01 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-21 16:53 . 2011-12-24 18:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-10 03:54 . 2013-03-22 21:28 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-30 19:33 . 2013-03-30 19:33 388096 ----a-r- c:\users\Andrew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-22 20:52 . 2013-03-22 20:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-03-22 20:52 . 2013-03-22 20:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-22 20:52 . 2013-03-22 20:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll_old0 2013-03-22 20:52 . 2013-03-22 20:52 1103872 ----a-w- c:\windows\SysWow64\urlmon.dll_old0 2013-03-22 20:52 . 2013-03-22 20:52 1796096 ----a-w- c:\windows\SysWow64\iertutil.dll_old0 2013-03-22 20:52 . 2013-03-22 20:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-03-22 20:52 . 2013-03-22 20:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-22 20:52 . 2013-03-22 20:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-22 20:52 . 2013-03-22 20:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-22 20:52 . 2013-03-22 20:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-03-22 20:52 . 2013-03-22 20:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-22 20:52 . 2013-03-22 20:52 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-03-22 20:52 . 2013-03-22 20:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-22 20:52 . 2013-03-22 20:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-22 20:52 . 2013-03-22 20:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-22 20:52 . 2013-03-22 20:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-22 20:52 . 2013-03-22 20:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2013-03-22 20:52 . 2013-03-22 20:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-22 20:52 . 2013-03-22 20:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-22 20:52 . 2013-03-22 20:52 222208 ----a-w- c:\windows\system32\msls31.dll 2013-03-22 20:52 . 2013-03-22 20:52 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-22 20:52 . 2013-03-22 20:52 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-22 20:52 . 2013-03-22 20:52 267776 ----a-w- c:\windows\system32\ieaksie.dll 2013-03-22 20:52 . 2013-03-22 20:52 163840 ----a-w- c:\windows\system32\ieakui.dll 2013-03-22 20:52 . 2013-03-22 20:52 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-22 20:52 . 2013-03-22 20:52 12288 ----a-w- c:\windows\system32\mshta.exe 2013-03-22 20:52 . 2013-03-22 20:52 114176 ----a-w- c:\windows\system32\admparse.dll 2013-03-22 20:52 . 2013-03-22 20:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-22 20:52 . 2013-03-22 20:52 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-22 20:52 . 2013-03-22 20:52 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-03-22 20:52 . 2013-03-22 20:52 160256 ----a-w- c:\windows\system32\ieakeng.dll 2013-03-22 20:52 . 2013-03-22 20:52 145920 ----a-w- c:\windows\system32\iepeers.dll 2013-03-22 20:52 . 2013-03-22 20:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-22 20:52 . 2013-03-22 20:52 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-22 20:52 . 2013-03-22 20:52 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-03-22 20:52 . 2013-03-22 20:52 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-22 20:52 . 2013-03-22 20:52 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-22 20:52 . 2013-03-22 20:52 448512 ----a-w- c:\windows\system32\html.iec 2013-03-22 20:52 . 2013-03-22 20:52 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-22 20:52 . 2013-03-22 20:52 111616 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-22 20:52 . 2013-03-22 20:52 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-03-22 20:52 . 2013-03-22 20:52 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-03-22 20:52 . 2013-03-22 20:52 82432 ----a-w- c:\windows\system32\icardie.dll 2013-03-22 20:52 . 2013-03-22 20:52 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-22 20:52 . 2013-03-22 20:52 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-22 20:52 . 2013-03-22 20:52 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-03-22 20:52 . 2013-03-22 20:52 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-22 20:52 . 2013-03-22 20:52 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-22 20:52 . 2013-03-22 20:52 249344 ----a-w- c:\windows\system32\webcheck.dll 2013-03-22 20:52 . 2013-03-22 20:52 165888 ----a-w- c:\windows\system32\iexpress.exe 2013-03-22 20:52 . 2013-03-22 20:52 160256 ----a-w- c:\windows\system32\wextract.exe 2013-03-22 20:52 . 2013-03-22 20:52 103936 ----a-w- c:\windows\system32\inseng.dll 2013-03-21 23:30 . 2013-03-21 14:43 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-03-21 21:28 . 2013-03-21 21:28 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-03-21 21:27 . 2013-03-21 21:28 310688 ----a-w- c:\windows\system32\javaws.exe 2013-03-21 21:27 . 2013-03-21 21:28 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-21 21:27 . 2013-03-21 21:28 188832 ----a-w- c:\windows\system32\javaw.exe 2013-03-21 21:27 . 2013-03-21 21:28 188320 ----a-w- c:\windows\system32\java.exe 2013-03-21 21:27 . 2011-09-02 03:25 963488 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-21 21:27 . 2013-03-21 21:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-21 21:27 . 2011-09-02 03:25 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-21 06:24 . 2013-03-21 06:24 1054720 ------w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-21 06:24 . 2013-03-21 06:24 226304 ------w- c:\windows\system32\elshyph.dll 2013-03-21 06:24 . 2013-03-21 06:24 185344 ------w- c:\windows\SysWow64\elshyph.dll 2013-03-21 06:24 . 2013-03-21 06:24 719360 ------w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-21 06:24 . 2013-03-21 06:24 905728 ------w- c:\windows\system32\mshtmlmedia.dll 2013-03-21 06:22 . 2013-03-21 06:22 4096 ------w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 4096 ------w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 9728 ------w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 9728 ------w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 5632 ------w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 3072 ------w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 2560 ------w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 3584 ------w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 3584 ------w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 2560 ------w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 10752 ------w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-21 06:22 . 2013-03-21 06:22 10752 ------w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-19 06:04 . 2013-04-10 00:23 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 00:23 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 00:23 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 00:23 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 00:23 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 00:23 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-18 03:59 . 2011-12-16 21:32 57584 ----a-w- c:\windows\system32\iolobtdfg.exe 2013-03-18 03:58 . 2011-12-16 21:32 26184 ----a-w- c:\windows\system32\smrgdf.exe 2013-03-18 03:43 . 2013-01-11 07:26 2155688 ----a-w- c:\windows\system32\Incinerator64.dll 2013-03-18 03:43 . 2011-12-16 21:32 2097472 ----a-w- c:\windows\SysWow64\Incinerator32.dll 2013-03-03 17:49 . 2012-10-15 02:34 234544 ----a-w- c:\windows\RegBootClean64.exe 2013-03-03 17:49 . 2012-10-15 02:34 22064 ----a-w- c:\windows\DCEBoot64.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}] 2013-02-23 23:17 1352512 ----a-w- c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll" [2013-02-23 1352512] . [HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-22 1255736] R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624] R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-02-23 805752] R4 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/02 14:59;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648] R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424] R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296] R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-02 2413056] R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-09-21 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-02 204288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-03-18 1070080] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-07-26 82160] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-08-08 67664] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-15 1813056] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-02 338536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *Deregistered* - hitmanpro37 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 02:23 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:53] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 06:55] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21 06:55] . 2013-05-08 c:\windows\Tasks\HPCeeScheduleForANDREW-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-05-04 c:\windows\Tasks\HPCeeScheduleForAndrew.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-21 1425408] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152] . ------- Supplementary Scan ------- . uStart Page = hxxp://espn.com/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-Sudoku, Kakuro + Friends - c:\windows\uninstall\Sudoku . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-10 21:19:40 ComboFix-quarantined-files.txt 2013-05-11 01:19 . Pre-Run: 172,059,987,968 bytes free Post-Run: 171,657,932,800 bytes free . - - End Of File - - AC21A6F3284C6F414A815084DE6EA1CA
- May 11, 2013
- 14 replies
Need help with Moneypak virus

Dogtooth replied to Dogtooth's topic in Resolved Malware Removal Logs

mbar-log Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Andrew :: ANDREW-HP [administrator] 5/10/2013 8:15:17 PM mbar-log-2013-05-10 (20-15-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30248 Time elapsed: 43 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) system-log Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 1.397000 GHz Memory total: 8029896704, free: 5951246336 ------------ Kernel report ------------ 05/10/2013 18:43:42 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amd_sata.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\amd_xata.sys \SystemRoot\system32\drivers\amdsata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\Windows\system32\drivers\ElRawDsk.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\PDFsFilter.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\tmcomm.sys \SystemRoot\system32\DRIVERS\tmevtmgr.sys \SystemRoot\system32\DRIVERS\tmactmon.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\sechost.dll \Windows\System32\kernel32.dll \Windows\System32\lpk.dll \Windows\System32\msctf.dll \Windows\System32\rpcrt4.dll \Windows\System32\ole32.dll \Windows\System32\normaliz.dll \Windows\System32\iertutil.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll \Windows\System32\imm32.dll \Windows\System32\oleaut32.dll \Windows\System32\urlmon.dll \Windows\System32\nsi.dll \Windows\System32\Wldap32.dll \Windows\System32\psapi.dll \Windows\System32\difxapi.dll \Windows\System32\wininet.dll \Windows\System32\clbcatq.dll \Windows\System32\imagehlp.dll \Windows\System32\setupapi.dll \Windows\System32\comdlg32.dll \Windows\System32\shlwapi.dll \Windows\System32\gdi32.dll \Windows\System32\shell32.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\usp10.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800722b060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000066\ Lower Device Object: 0xfffffa8006bd19c0 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.10.10 Downloaded database version: v2013.05.07.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800706d9b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800706c950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8006bcc8c0, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa8006bc31f0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8006bd19c0, DeviceName: \Device\00000066\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00d291c30, 0xfffffa800722b060, 0xfffffa800a5cf190 Lower DeviceData: 0xfffff8a0113ec3e0, 0xfffffa8006bd19c0, 0xfffffa800a59d170 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 5A01AB4C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1428109312 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1428518912 Numsec = 36417536 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Performing system, memory and registry scan... Infected: c:\$RECYCLE.BIN\S-1-5-18\$826ce7f6c92fb53a67876a75897c27ab --> [Trojan.Siredef.C] Infected: c:\$RECYCLE.BIN\S-1-5-21-4211300235-2248101734-400005066-1001\$826ce7f6c92fb53a67876a75897c27ab --> [Trojan.Siredef.C] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Removal successful. No system shutdown is required. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 1.397000 GHz Memory total: 8029896704, free: 5518893056 ------------ Kernel report ------------ 05/10/2013 19:31:39 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amd_sata.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\amd_xata.sys \SystemRoot\system32\drivers\amdsata.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\Windows\system32\drivers\ElRawDsk.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\PDFsFilter.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\tmcomm.sys \SystemRoot\system32\DRIVERS\tmevtmgr.sys \SystemRoot\system32\DRIVERS\tmactmon.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\sechost.dll \Windows\System32\kernel32.dll \Windows\System32\lpk.dll \Windows\System32\msctf.dll \Windows\System32\rpcrt4.dll \Windows\System32\ole32.dll \Windows\System32\normaliz.dll \Windows\System32\iertutil.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll \Windows\System32\imm32.dll \Windows\System32\oleaut32.dll \Windows\System32\urlmon.dll \Windows\System32\nsi.dll \Windows\System32\Wldap32.dll \Windows\System32\psapi.dll \Windows\System32\difxapi.dll \Windows\System32\wininet.dll \Windows\System32\clbcatq.dll \Windows\System32\imagehlp.dll \Windows\System32\setupapi.dll \Windows\System32\comdlg32.dll \Windows\System32\shlwapi.dll \Windows\System32\gdi32.dll \Windows\System32\shell32.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\usp10.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800722b060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000066\ Lower Device Object: 0xfffffa8006bd19c0 Lower Device Driver Name: \Driver\amd_sata\ Device already Exists: 0xfffffa800a59d170 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800706d9b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800722b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800706c950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8006bcc8c0, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa8006bc31f0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8006bd19c0, DeviceName: \Device\00000066\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a01137e220, 0xfffffa800722b060, 0xfffffa800a5cf190 Lower DeviceData: 0xfffff8a002c3c7c0, 0xfffffa8006bd19c0, 0xfffffa800a59d170 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 5A01AB4C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1428109312 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1428518912 Numsec = 36417536 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Performing system, memory and registry scan... Done! Scan finished
- May 11, 2013
- 14 replies
Need help with Moneypak virus

Dogtooth replied to Dogtooth's topic in Resolved Malware Removal Logs

Computer was able to boot normally, no problems. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-05-2013 01 Ran by SYSTEM at 2013-05-10 16:30:32 Run:1 Running from H:\ Boot Mode: Recovery ============================================== HKEY_USERS\Andrew\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully. HKEY_USERS\Andrew\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKLM\System\ControlSet002\Control\Session Manager\\BootExecute => Value was restored successfully. C:\Users\Andrew\Documents\6ba0b90b.exe => Moved successfully. C:\ProgramData\2433f433 => Moved successfully. C:\Users\Andrew\AppData\Local\2433f433 => Moved successfully. C:\Users\Andrew\AppData\Roaming\2433f433 => Moved successfully. C:\Users\Andrew\Documents\6ba0b90b.exe => File/Directory not found. ==== End of Fixlog ====
- May 10, 2013
- 14 replies
Need help with Moneypak virus

Dogtooth replied to Dogtooth's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2013 01 Ran by SYSTEM on 10-05-2013 14:28:18 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-21] (IDT, Inc.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated) HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\Andrew\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Andrew\Documents\6ba0b90b.exe [34304 2013-05-09] () HKU\Andrew\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) BootExecute: autocheck autochk * 7???NT Native Test???NT Native Test????????? ==================== Services (Whitelisted) ================= S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated) S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1070080 2013-03-17] (iolo technologies, LLC) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-03-21] () S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.) S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.) S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-10 14:01 - 2013-05-10 14:01 - 00000000 ____D C:\FRST 2013-05-09 11:25 - 2013-05-09 11:25 - 00174410 ____A C:\ProgramData\2433f433 2013-05-09 11:25 - 2013-05-09 11:25 - 00174403 ____A C:\Users\Andrew\AppData\Local\2433f433 2013-05-09 11:25 - 2013-05-09 11:25 - 00174394 ____A C:\Users\Andrew\AppData\Roaming\2433f433 2013-05-09 11:25 - 2013-05-09 11:25 - 00034304 ____A C:\Users\Andrew\Documents\6ba0b90b.exe 2013-05-09 10:50 - 2013-05-09 11:25 - 107339160 ____A C:\Users\Andrew\Downloads\ROH.Best.of.Nigel.McGuinness.part2.rar.crdownload 2013-05-07 11:38 - 2013-05-07 11:38 - 00060557 ____A C:\Users\Andrew\Downloads\[kat.ph]intimidation.1960.dvdrip.xvid.wrd.torrent 2013-05-05 16:18 - 2013-05-05 21:29 - 889039366 ____A C:\Users\Andrew\Downloads\0013.mcSW_hd.mp4 2013-05-05 11:04 - 2013-05-05 11:36 - 285620309 ____A C:\Users\Andrew\Downloads\Cum_Fart_Tsunami_2_Scene_2_dvd.wmv 2013-05-05 10:54 - 2013-05-05 12:19 - 260032894 ____A C:\Users\Andrew\Downloads\pc.avi 2013-05-05 10:15 - 2013-05-05 10:39 - 220600207 ____A C:\Users\Andrew\Downloads\Wh11itney_brnntyscene3.wmv 2013-05-05 09:31 - 2013-05-05 10:17 - 1362826387 ____A C:\Users\Andrew\Downloads\fa-chelsea-taylor-1280x720-01.wmv 2013-05-04 18:59 - 2013-05-04 19:09 - 481675268 ____A C:\Users\Andrew\Downloads\olga-496x368-01.mpeg 2013-05-04 18:15 - 2013-05-04 18:55 - 1660101569 ____A C:\Users\Andrew\Downloads\fa-arianna-sky-1280x720-01.wmv 2013-05-04 17:59 - 2013-05-04 18:23 - 1091536530 ____A C:\Users\Andrew\Downloads\fa-alla-1280x720-01.wmv 2013-05-04 17:38 - 2013-05-04 18:13 - 1460323315 ____A C:\Users\Andrew\Downloads\fa-rikki-love-1280x720-01.wmv 2013-05-04 17:18 - 2013-05-04 17:53 - 1533892011 ____A C:\Users\Andrew\Downloads\fa-aaralyn-barra-1280x720-01.wmv 2013-05-04 16:51 - 2013-05-04 17:23 - 1345130219 ____A C:\Users\Andrew\Downloads\fa-kim-seoul-1280x720-01.wmv 2013-05-04 16:36 - 2013-05-04 16:59 - 1387826657 ____A C:\Users\Andrew\Downloads\fa-chrissie-summers-1280x720-01.wmv 2013-05-04 16:09 - 2013-05-04 16:34 - 1466723697 ____A C:\Users\Andrew\Downloads\fa-amor-vond-1280x720-01.wmv 2013-05-04 15:09 - 2013-05-04 15:41 - 1671413683 ____A C:\Users\Andrew\Downloads\fa-kali-michaels-1280x720-01.wmv 2013-05-04 14:40 - 2013-05-04 15:06 - 1245401328 ____A C:\Users\Andrew\Downloads\fa-rayna-1920x1080-01.wmv 2013-05-03 17:15 - 2013-05-03 18:28 - 1618540817 ____A C:\Users\Andrew\Downloads\fa-dolly-valentine-1280x720-01.wmv 2013-05-03 16:29 - 2013-05-03 17:23 - 973252593 ____A C:\Users\Andrew\Downloads\fa-maia-davis-1280x720-01.wmv 2013-05-03 15:41 - 2013-05-03 17:14 - 1680573767 ____A C:\Users\Andrew\Downloads\fa-francesca-1280x720-01.wmv 2013-05-03 12:04 - 2013-05-03 13:44 - 1697269591 ____A C:\Users\Andrew\Downloads\fa-vanessa-lee-1280x720-01.wmv 2013-05-03 11:43 - 2013-05-03 13:30 - 1788958431 ____A C:\Users\Andrew\Downloads\fa-needa-1280x720-01.wmv 2013-05-03 11:36 - 2013-05-03 12:08 - 557633540 ____A C:\Users\Andrew\Downloads\renee-496x368-01.mpeg 2013-05-03 11:33 - 2013-05-03 13:30 - 1878167283 ____A C:\Users\Andrew\Downloads\fa-leena-sky-1280x720-01.wmv 2013-05-03 10:45 - 2013-05-03 11:31 - 1479614333 ____A C:\Users\Andrew\Downloads\emma_heart-1280x720-01.wmv 2013-05-02 16:05 - 2013-05-02 16:05 - 00025788 ____A C:\Users\Andrew\Downloads\472A55D198ED0D896790F9EC7CC2549CC4E185E3.torrent 2013-05-02 15:01 - 2013-05-02 15:26 - 203958272 ____A C:\Users\Andrew\Downloads\nr131.avi 2013-05-02 14:03 - 2013-05-02 15:05 - 358282275 ____A C:\Users\Andrew\Downloads\Whitney_-_Britney_Stevens_-_Nice_Rack_15.mp4 2013-05-02 10:34 - 2013-05-02 12:17 - 312655214 ____A C:\Users\Andrew\Downloads\Whitney_Stevens_and_Britney_Stevens_-_fotb5_df.avi 2013-05-02 10:30 - 2013-05-02 13:01 - 464292992 ____A C:\Users\Andrew\Downloads\nr155.avi 2013-05-01 10:42 - 2013-05-01 11:07 - 408659972 ____A C:\Users\Andrew\Downloads\gigi-496x368-01.mpeg 2013-05-01 08:21 - 2013-05-01 09:15 - 236437176 ____A C:\Users\Andrew\Downloads\Britney_Stevens__Whitney_Stevens__Sledge_Hammer.wmv 2013-04-29 10:34 - 2013-04-29 10:34 - 00010809 ____A C:\Users\Andrew\Downloads\Mad_Men_S06E05_HDTV_x264-EVOLVE.8421721.TPB.torrent 2013-04-29 10:15 - 2013-04-29 10:39 - 209231092 ____A C:\Users\Andrew\Downloads\Britney_Stevens__MOC-_Britneys_Balloon_Party_.avi 2013-04-28 21:22 - 2013-04-29 09:51 - 1437665961 ____A C:\Users\Andrew\Desktop\Koreyoshi Kurahara – 1960 – The Warped Ones.mkv 2013-04-27 16:01 - 2013-04-27 16:01 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-04-27 15:34 - 2013-04-26 12:43 - 1185952375 ____A C:\Users\Andrew\Downloads\Whores on the 14th - Katie St. Ives.mp4 2013-04-26 16:28 - 2013-04-04 20:04 - 629120521 ____A C:\Users\Andrew\Downloads\Jayden Jaymes,Chanel Preston - Pretty_Dirty_2_Scene_5 - Anal HD.mp4 2013-04-25 21:41 - 2013-04-25 22:13 - 1896447487 ____A C:\Users\Andrew\Downloads\fa-cassie-hills-1280x720-01.wmv 2013-04-25 21:41 - 2013-04-25 21:50 - 117157954 ____A C:\Users\Andrew\Downloads\samantha-320x240_fla-01.wmv 2013-04-25 21:15 - 2013-04-25 21:28 - 964476299 ____A C:\Users\Andrew\Downloads\fa-jolee2-1280x720-01.wmv 2013-04-25 20:48 - 2013-04-25 21:12 - 1306905857 ____A C:\Users\Andrew\Downloads\fa-kylie-1280x720-01.wmv 2013-04-25 20:17 - 2013-04-25 20:48 - 1311777929 ____A C:\Users\Andrew\Downloads\fa-brittney-stevens-1280x720-01.wmv 2013-04-25 20:08 - 2013-04-25 20:41 - 1322884545 ____A C:\Users\Andrew\Downloads\jordan_james-1280x720-01.wmv 2013-04-25 19:46 - 2013-04-25 20:11 - 1814191063 ____A C:\Users\Andrew\Downloads\fa-amy-lee-1280x720-01.wmv 2013-04-25 19:14 - 2013-04-25 19:29 - 901435531 ____A C:\Users\Andrew\Downloads\fa-rosalyn-winter-1280x720-01.wmv 2013-04-25 10:46 - 2013-04-25 11:07 - 1274729551 ____A C:\Users\Andrew\Downloads\fa-crissy-moon-1280x720-01.wmv 2013-04-25 10:36 - 2013-04-25 11:17 - 1616572821 ____A C:\Users\Andrew\Downloads\fa-allie-foster2-1280x720-01.wmv 2013-04-24 15:38 - 2013-04-24 18:26 - 1856527477 ____A C:\Users\Andrew\Downloads\fa-zoe-holloway-1280x720-01.wmv 2013-04-24 15:33 - 2013-04-24 18:22 - 1408674853 ____A C:\Users\Andrew\Downloads\fa-beverly-hills-1280x720-01.wmv 2013-04-24 15:07 - 2013-04-24 18:23 - 1558108241 ____A C:\Users\Andrew\Downloads\fa-mimi-rayne-1280x720-01.wmv 2013-04-24 14:56 - 2013-04-24 18:07 - 1896214782 ____A C:\Users\Andrew\Downloads\fa-jordyn-peaks-1920x1080-01.wmv 2013-04-24 13:34 - 2013-04-24 13:34 - 00000000 ____D C:\Users\Andrew\Desktop\Spellbound.1945.720p.BluRay.X264-AMIABLE [PublicHD] 2013-04-23 20:07 - 2012-01-05 11:04 - 369887140 ____A C:\Users\Andrew\Downloads\Taylor St. Claire - Cocktails 2.avi 2013-04-23 16:41 - 2013-04-22 18:26 - 512794900 ____A C:\Users\Andrew\Downloads\last_minute_model_big.mp4 2013-04-23 16:33 - 2013-04-23 18:50 - 1380522857 ____A C:\Users\Andrew\Downloads\fa-danica-dillon-1280x720-01.wmv 2013-04-23 16:31 - 2013-04-23 18:11 - 954068345 ____A C:\Users\Andrew\Downloads\fa-danica-dillon2-1280x720-01.wmv 2013-04-23 16:28 - 2013-04-23 18:53 - 1546492213 ____A C:\Users\Andrew\Downloads\belle_bond-1280x720-01.wmv 2013-04-23 15:50 - 2013-04-23 18:34 - 1544572143 ____A C:\Users\Andrew\Downloads\maya_mckay-1280x720-01.wmv 2013-04-23 15:43 - 2013-04-23 18:39 - 1523716249 ____A C:\Users\Andrew\Downloads\fa-the-sexxxtons-1280x720-01.wmv 2013-04-23 15:32 - 2013-04-23 18:37 - 1640605078 ____A C:\Users\Andrew\Downloads\fa-nala-1920x1080-01.wmv 2013-04-23 15:25 - 2013-04-20 16:04 - 118276152 ____A C:\Users\Andrew\Downloads\FaceslapYourself.mov 2013-04-23 10:12 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-22 17:03 - 2013-04-22 17:51 - 436125195 ____A C:\Users\Andrew\Downloads\Skye070.mp4 2013-04-21 20:08 - 2013-04-20 03:43 - 855419541 ____A C:\Users\Andrew\Downloads\Madison Scott - Old Timer Happy Ending.wmv 2013-04-21 16:30 - 2013-04-21 17:14 - 408468354 ____A C:\Users\Andrew\Downloads\massage_hi.wmv 2013-04-21 08:57 - 2013-04-21 09:25 - 227246080 ____A C:\Users\Andrew\Downloads\Big Tits Round Asses 3.avi 2013-04-20 17:24 - 2013-04-20 18:03 - 302400998 ____A C:\Users\Andrew\Downloads\Brianna_Banks_-_Touch_Me_Sc_ 2013-04-19 14:23 - 2013-04-19 15:23 - 539889664 ____A C:\Users\Andrew\Downloads\nr033.mpg 2013-04-19 13:36 - 2013-04-19 13:53 - 151476510 ____A C:\Users\Andrew\Downloads\nr032.avi 2013-04-19 12:44 - 2013-04-19 13:15 - 284239144 ____A C:\Users\Andrew\Downloads\nr049.mpg 2013-04-19 11:55 - 2013-04-19 12:34 - 356583424 ____A C:\Users\Andrew\Downloads\Rachel Roxxx - College Invasion 12 (Scene 6).avi 2013-04-19 11:09 - 2013-04-19 11:36 - 193642086 ____A C:\Users\Andrew\Downloads\nr070.avi 2013-04-19 09:57 - 2013-04-19 11:01 - 463495270 ____A C:\Users\Andrew\Downloads\Eva Angelina - Deviance scene 1.avi 2013-04-19 06:21 - 2013-04-19 06:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8B5DB727-358D-4852-930B-A5E2F39BBD00} 2013-04-17 14:51 - 2009-08-27 10:00 - 259571800 ____A C:\Users\Andrew\Downloads\2104-rf.avi 2013-04-17 09:28 - 2013-04-16 07:46 - 382199434 ____A C:\Users\Andrew\Downloads\michaels.mp4 2013-04-17 08:03 - 2013-04-17 10:07 - 380371778 ____A C:\Users\Andrew\Downloads\Ta St - Pu man Aud 12 (1995).avi 2013-04-17 07:55 - 2013-04-17 07:55 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-04-17 07:55 - 2013-04-04 01:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-04-17 07:55 - 2013-04-04 01:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-04-17 07:55 - 2013-04-04 01:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-04-17 07:53 - 2013-04-17 07:53 - 00000000 ____D C:\ProgramData\McAfee 2013-04-16 23:14 - 2013-03-17 11:15 - 251284862 ____A C:\Users\Andrew\Downloads\RitaF_TheWTheB2.mp4 2013-04-16 20:01 - 2013-04-16 21:52 - 165259559 ____A C:\Users\Andrew\Downloads\nr181.mpg 2013-04-16 18:57 - 2013-04-16 19:23 - 220629566 ____A C:\Users\Andrew\Downloads\nr017.avi 2013-04-16 16:49 - 2011-04-03 15:03 - 317181306 ____A C:\Users\Andrew\Downloads\Jewel De'Nyle - I Love It Rough.wmv 2013-04-16 16:20 - 2006-11-23 08:43 - 239728670 ____A C:\Users\Andrew\Downloads\G_rp.avi 2013-04-16 15:49 - 2013-04-16 17:39 - 333072384 ____A C:\Users\Andrew\Downloads\NyleCaution.avi 2013-04-16 15:48 - 2013-04-16 17:53 - 890587219 ____A C:\Users\Andrew\Downloads\nr009.mp4 2013-04-16 14:54 - 2013-04-16 15:36 - 319943015 ____A C:\Users\Andrew\Downloads\2890_03_big.mp4 2013-04-16 14:22 - 2013-04-16 14:48 - 228595084 ____A C:\Users\Andrew\Downloads\Jewel_DeNyle-Super_Sex_Girl.avi 2013-04-14 20:55 - 2013-02-18 09:41 - 99623920 ____A C:\Users\Andrew\Downloads\Tiffany - censored A Pudding Cup And Eat It.wmv 2013-04-12 13:03 - 2013-04-12 13:03 - 22816850 ____A C:\Users\Andrew\Downloads\AnalFanatic2.mov 2013-04-10 21:17 - 2013-04-10 22:58 - 686689865 ____A C:\Users\Andrew\Downloads\Nicole.Ray-JC.jan10.700p_pornfactor.net_.wmv 2013-04-10 19:58 - 2013-04-10 20:56 - 502560537 ____A C:\Users\Andrew\Downloads\jc_alanahrae-wmvFullHigh-1.wmv 2013-04-10 16:14 - 2013-04-10 16:32 - 875562340 ____A C:\Users\Andrew\Downloads\cock-hits-the-spot-2-scene4.720p.mp4 ==================== One Month Modified Files and Folders ======= 2098-05-21 20:42 - 2013-01-31 00:29 - 1143474353 ____A C:\Users\Andrew\Downloads\0455hd.mp4 2013-05-10 14:01 - 2013-05-10 14:01 - 00000000 ____D C:\FRST 2013-05-10 10:17 - 2013-03-21 19:50 - 00000000 ____D C:\users\Andrew 2013-05-10 10:16 - 2011-12-16 13:24 - 00000000 ____D C:\ProgramData\Trend Micro 2013-05-10 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-05-10 06:33 - 2012-04-01 14:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-10 06:31 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-10 06:31 - 2009-07-13 20:45 - 00036064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-10 06:28 - 2013-03-21 21:50 - 01279172 ____A C:\Windows\WindowsUpdate.log 2013-05-10 06:24 - 2013-03-20 22:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-10 06:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-10 06:23 - 2009-07-13 20:51 - 01140795 ____A C:\Windows\setupact.log 2013-05-10 06:19 - 2009-07-13 21:08 - 00020878 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-09 20:13 - 2013-03-20 22:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-09 11:26 - 2010-11-20 19:47 - 00245422 ____A C:\Windows\PFRO.log 2013-05-09 11:25 - 2013-05-09 11:25 - 00174410 ____A C:\ProgramData\2433f433 2013-05-09 11:25 - 2013-05-09 11:25 - 00174403 ____A C:\Users\Andrew\AppData\Local\2433f433 2013-05-09 11:25 - 2013-05-09 11:25 - 00174394 ____A C:\Users\Andrew\AppData\Roaming\2433f433 2013-05-09 11:25 - 2013-05-09 11:25 - 00034304 ____A C:\Users\Andrew\Documents\6ba0b90b.exe 2013-05-09 11:25 - 2013-05-09 10:50 - 107339160 ____A C:\Users\Andrew\Downloads\ROH.Best.of.Nigel.McGuinness.part2.rar.crdownload 2013-05-09 11:25 - 2011-12-15 19:22 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Azureus 2013-05-08 12:21 - 2012-11-04 21:52 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job 2013-05-08 09:12 - 2012-01-04 21:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc 2013-05-07 11:38 - 2013-05-07 11:38 - 00060557 ____A C:\Users\Andrew\Downloads\[kat.ph]intimidation.1960.dvdrip.xvid.wrd.torrent 2013-05-05 21:29 - 2013-05-05 16:18 - 889039366 ____A C:\Users\Andrew\Downloads\0013.mcSW_hd.mp4 2013-05-05 12:19 - 2013-05-05 10:54 - 260032894 ____A C:\Users\Andrew\Downloads\pc.avi 2013-05-05 11:36 - 2013-05-05 11:04 - 285620309 ____A C:\Users\Andrew\Downloads\Cum_Fart_Tsunami_2_Scene_2_dvd.wmv 2013-05-05 10:39 - 2013-05-05 10:15 - 220600207 ____A C:\Users\Andrew\Downloads\Wh11itney_brnntyscene3.wmv 2013-05-05 10:17 - 2013-05-05 09:31 - 1362826387 ____A C:\Users\Andrew\Downloads\fa-chelsea-taylor-1280x720-01.wmv 2013-05-04 19:09 - 2013-05-04 18:59 - 481675268 ____A C:\Users\Andrew\Downloads\olga-496x368-01.mpeg 2013-05-04 18:55 - 2013-05-04 18:15 - 1660101569 ____A C:\Users\Andrew\Downloads\fa-arianna-sky-1280x720-01.wmv 2013-05-04 18:23 - 2013-05-04 17:59 - 1091536530 ____A C:\Users\Andrew\Downloads\fa-alla-1280x720-01.wmv 2013-05-04 18:13 - 2013-05-04 17:38 - 1460323315 ____A C:\Users\Andrew\Downloads\fa-rikki-love-1280x720-01.wmv 2013-05-04 17:53 - 2013-05-04 17:18 - 1533892011 ____A C:\Users\Andrew\Downloads\fa-aaralyn-barra-1280x720-01.wmv 2013-05-04 17:23 - 2013-05-04 16:51 - 1345130219 ____A C:\Users\Andrew\Downloads\fa-kim-seoul-1280x720-01.wmv 2013-05-04 16:59 - 2013-05-04 16:36 - 1387826657 ____A C:\Users\Andrew\Downloads\fa-chrissie-summers-1280x720-01.wmv 2013-05-04 16:34 - 2013-05-04 16:09 - 1466723697 ____A C:\Users\Andrew\Downloads\fa-amor-vond-1280x720-01.wmv 2013-05-04 15:41 - 2013-05-04 15:09 - 1671413683 ____A C:\Users\Andrew\Downloads\fa-kali-michaels-1280x720-01.wmv 2013-05-04 15:06 - 2013-05-04 14:40 - 1245401328 ____A C:\Users\Andrew\Downloads\fa-rayna-1920x1080-01.wmv 2013-05-04 09:44 - 2013-04-05 16:56 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAndrew.job 2013-05-04 01:04 - 2012-10-05 07:27 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SoftGrid Client 2013-05-03 18:28 - 2013-05-03 17:15 - 1618540817 ____A C:\Users\Andrew\Downloads\fa-dolly-valentine-1280x720-01.wmv 2013-05-03 17:23 - 2013-05-03 16:29 - 973252593 ____A C:\Users\Andrew\Downloads\fa-maia-davis-1280x720-01.wmv 2013-05-03 17:14 - 2013-05-03 15:41 - 1680573767 ____A C:\Users\Andrew\Downloads\fa-francesca-1280x720-01.wmv 2013-05-03 13:44 - 2013-05-03 12:04 - 1697269591 ____A C:\Users\Andrew\Downloads\fa-vanessa-lee-1280x720-01.wmv 2013-05-03 13:30 - 2013-05-03 11:43 - 1788958431 ____A C:\Users\Andrew\Downloads\fa-needa-1280x720-01.wmv 2013-05-03 13:30 - 2013-05-03 11:33 - 1878167283 ____A C:\Users\Andrew\Downloads\fa-leena-sky-1280x720-01.wmv 2013-05-03 12:08 - 2013-05-03 11:36 - 557633540 ____A C:\Users\Andrew\Downloads\renee-496x368-01.mpeg 2013-05-03 11:31 - 2013-05-03 10:45 - 1479614333 ____A C:\Users\Andrew\Downloads\emma_heart-1280x720-01.wmv 2013-05-02 16:05 - 2013-05-02 16:05 - 00025788 ____A C:\Users\Andrew\Downloads\472A55D198ED0D896790F9EC7CC2549CC4E185E3.torrent 2013-05-02 15:26 - 2013-05-02 15:01 - 203958272 ____A C:\Users\Andrew\Downloads\nr131.avi 2013-05-02 15:05 - 2013-05-02 14:03 - 358282275 ____A C:\Users\Andrew\Downloads\Whitney_-_Britney_Stevens_-_Nice_Rack_15.mp4 2013-05-02 13:01 - 2013-05-02 10:30 - 464292992 ____A C:\Users\Andrew\Downloads\nr155.avi 2013-05-02 12:17 - 2013-05-02 10:34 - 312655214 ____A C:\Users\Andrew\Downloads\Whitney_Stevens_and_Britney_Stevens_-_fotb5_df.avi 2013-05-01 11:07 - 2013-05-01 10:42 - 408659972 ____A C:\Users\Andrew\Downloads\gigi-496x368-01.mpeg 2013-05-01 09:15 - 2013-05-01 08:21 - 236437176 ____A C:\Users\Andrew\Downloads\Britney_Stevens__Whitney_Stevens__Sledge_Hammer.wmv 2013-04-29 10:39 - 2013-04-29 10:15 - 209231092 ____A C:\Users\Andrew\Downloads\Britney_Stevens__MOC-_Britneys_Balloon_Party_.avi 2013-04-29 10:34 - 2013-04-29 10:34 - 00010809 ____A C:\Users\Andrew\Downloads\Mad_Men_S06E05_HDTV_x264-EVOLVE.8421721.TPB.torrent 2013-04-29 09:51 - 2013-04-28 21:22 - 1437665961 ____A C:\Users\Andrew\Desktop\Koreyoshi Kurahara – 1960 – The Warped Ones.mkv 2013-04-27 16:01 - 2013-04-27 16:01 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-04-26 12:43 - 2013-04-27 15:34 - 1185952375 ____A C:\Users\Andrew\Downloads\Whores on the 14th - Katie St. Ives.mp4 2013-04-25 22:13 - 2013-04-25 21:41 - 1896447487 ____A C:\Users\Andrew\Downloads\fa-cassie-hills-1280x720-01.wmv 2013-04-25 21:50 - 2013-04-25 21:41 - 117157954 ____A C:\Users\Andrew\Downloads\samantha-320x240_fla-01.wmv 2013-04-25 21:28 - 2013-04-25 21:15 - 964476299 ____A C:\Users\Andrew\Downloads\fa-jolee2-1280x720-01.wmv 2013-04-25 21:12 - 2013-04-25 20:48 - 1306905857 ____A C:\Users\Andrew\Downloads\fa-kylie-1280x720-01.wmv 2013-04-25 20:48 - 2013-04-25 20:17 - 1311777929 ____A C:\Users\Andrew\Downloads\fa-brittney-stevens-1280x720-01.wmv 2013-04-25 20:41 - 2013-04-25 20:08 - 1322884545 ____A C:\Users\Andrew\Downloads\jordan_james-1280x720-01.wmv 2013-04-25 20:11 - 2013-04-25 19:46 - 1814191063 ____A C:\Users\Andrew\Downloads\fa-amy-lee-1280x720-01.wmv 2013-04-25 19:29 - 2013-04-25 19:14 - 901435531 ____A C:\Users\Andrew\Downloads\fa-rosalyn-winter-1280x720-01.wmv 2013-04-25 11:17 - 2013-04-25 10:36 - 1616572821 ____A C:\Users\Andrew\Downloads\fa-allie-foster2-1280x720-01.wmv 2013-04-25 11:07 - 2013-04-25 10:46 - 1274729551 ____A C:\Users\Andrew\Downloads\fa-crissy-moon-1280x720-01.wmv 2013-04-24 18:26 - 2013-04-24 15:38 - 1856527477 ____A C:\Users\Andrew\Downloads\fa-zoe-holloway-1280x720-01.wmv 2013-04-24 18:23 - 2013-04-24 15:07 - 1558108241 ____A C:\Users\Andrew\Downloads\fa-mimi-rayne-1280x720-01.wmv 2013-04-24 18:22 - 2013-04-24 15:33 - 1408674853 ____A C:\Users\Andrew\Downloads\fa-beverly-hills-1280x720-01.wmv 2013-04-24 18:07 - 2013-04-24 14:56 - 1896214782 ____A C:\Users\Andrew\Downloads\fa-jordyn-peaks-1920x1080-01.wmv 2013-04-24 13:34 - 2013-04-24 13:34 - 00000000 ____D C:\Users\Andrew\Desktop\Spellbound.1945.720p.BluRay.X264-AMIABLE [PublicHD] 2013-04-23 18:53 - 2013-04-23 16:28 - 1546492213 ____A C:\Users\Andrew\Downloads\belle_bond-1280x720-01.wmv 2013-04-23 18:50 - 2013-04-23 16:33 - 1380522857 ____A C:\Users\Andrew\Downloads\fa-danica-dillon-1280x720-01.wmv 2013-04-23 18:39 - 2013-04-23 15:43 - 1523716249 ____A C:\Users\Andrew\Downloads\fa-the-sexxxtons-1280x720-01.wmv 2013-04-23 18:37 - 2013-04-23 15:32 - 1640605078 ____A C:\Users\Andrew\Downloads\fa-nala-1920x1080-01.wmv 2013-04-23 18:34 - 2013-04-23 15:50 - 1544572143 ____A C:\Users\Andrew\Downloads\maya_mckay-1280x720-01.wmv 2013-04-23 18:11 - 2013-04-23 16:31 - 954068345 ____A C:\Users\Andrew\Downloads\fa-danica-dillon2-1280x720-01.wmv 2013-04-23 09:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-04-22 18:26 - 2013-04-23 16:41 - 512794900 ____A C:\Users\Andrew\Downloads\last_minute_model_big.mp4 2013-04-22 17:51 - 2013-04-22 17:03 - 436125195 ____A C:\Users\Andrew\Downloads\Skye070.mp4 2013-04-21 17:14 - 2013-04-21 16:30 - 408468354 ____A C:\Users\Andrew\Downloads\massage_hi.wmv 2013-04-21 09:25 - 2013-04-21 08:57 - 227246080 ____A C:\Users\Andrew\Downloads\Big Tits Round Asses 3.avi 2013-04-21 08:54 - 2011-09-01 19:22 - 00000000 ____D C:\ProgramData\Adobe 2013-04-21 08:53 - 2012-04-01 14:01 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-04-21 08:53 - 2011-12-24 10:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-04-20 18:03 - 2013-04-20 17:24 - 302400998 ____A C:\Users\Andrew\Downloads\Brianna_Banks_-_Touch_Me_Sc_ 2013-04-20 16:04 - 2013-04-23 15:25 - 118276152 ____A C:\Users\Andrew\Downloads\FaceslapYourself.mov 2013-04-20 03:43 - 2013-04-21 20:08 - 855419541 ____A C:\Users\Andrew\Downloads\Madison Scott - Old Timer Happy Ending.wmv 2013-04-19 15:23 - 2013-04-19 14:23 - 539889664 ____A C:\Users\Andrew\Downloads\nr033.mpg 2013-04-19 13:53 - 2013-04-19 13:36 - 151476510 ____A C:\Users\Andrew\Downloads\nr032.avi 2013-04-19 13:15 - 2013-04-19 12:44 - 284239144 ____A C:\Users\Andrew\Downloads\nr049.mpg 2013-04-19 12:34 - 2013-04-19 11:55 - 356583424 ____A C:\Users\Andrew\Downloads\Rachel Roxxx - College Invasion 12 (Scene 6).avi 2013-04-19 11:36 - 2013-04-19 11:09 - 193642086 ____A C:\Users\Andrew\Downloads\nr070.avi 2013-04-19 11:01 - 2013-04-19 09:57 - 463495270 ____A C:\Users\Andrew\Downloads\Eva Angelina - Deviance scene 1.avi 2013-04-19 06:21 - 2013-04-19 06:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\{8B5DB727-358D-4852-930B-A5E2F39BBD00} 2013-04-19 06:21 - 2013-03-21 09:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\Windows Live 2013-04-17 10:07 - 2013-04-17 08:03 - 380371778 ____A C:\Users\Andrew\Downloads\Ta St - Pu man Aud 12 (1995).avi 2013-04-17 07:55 - 2013-04-17 07:55 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-04-17 07:55 - 2013-03-21 13:27 - 00000000 ____D C:\Program Files (x86)\Java 2013-04-17 07:53 - 2013-04-17 07:53 - 00000000 ____D C:\ProgramData\McAfee 2013-04-16 21:52 - 2013-04-16 20:01 - 165259559 ____A C:\Users\Andrew\Downloads\nr181.mpg 2013-04-16 19:23 - 2013-04-16 18:57 - 220629566 ____A C:\Users\Andrew\Downloads\nr017.avi 2013-04-16 17:53 - 2013-04-16 15:48 - 890587219 ____A C:\Users\Andrew\Downloads\nr009.mp4 2013-04-16 17:39 - 2013-04-16 15:49 - 333072384 ____A C:\Users\Andrew\Downloads\NyleCaution.avi 2013-04-16 15:36 - 2013-04-16 14:54 - 319943015 ____A C:\Users\Andrew\Downloads\2890_03_big.mp4 2013-04-16 14:48 - 2013-04-16 14:22 - 228595084 ____A C:\Users\Andrew\Downloads\Jewel_DeNyle-Super_Sex_Girl.avi 2013-04-16 07:46 - 2013-04-17 09:28 - 382199434 ____A C:\Users\Andrew\Downloads\michaels.mp4 2013-04-12 13:03 - 2013-04-12 13:03 - 22816850 ____A C:\Users\Andrew\Downloads\AnalFanatic2.mov 2013-04-12 06:45 - 2013-04-23 10:12 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 22:58 - 2013-04-10 21:17 - 686689865 ____A C:\Users\Andrew\Downloads\Nicole.Ray-JC.jan10.700p_pornfactor.net_.wmv 2013-04-10 20:56 - 2013-04-10 19:58 - 502560537 ____A C:\Users\Andrew\Downloads\jc_alanahrae-wmvFullHigh-1.wmv 2013-04-10 16:32 - 2013-04-10 16:14 - 875562340 ____A C:\Users\Andrew\Downloads\cock-hits-the-spot-2-scene4.720p.mp4 ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-09 20:14:40 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 7657.91 MB Available physical RAM: 6778.26 MB Total Pagefile: 7656.11 MB Available Pagefile: 6770.93 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:680.98 GB) (Free:159.76 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:1.9 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive g: (50637) (CDROM) (Total:3.59 GB) (Free:0 GB) CDFS Drive h: (STORE N GO) (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5A01AB4C) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 9BAD4F6E) Partition 1: (Not Active) - (Size=4 GB) - (Type=0C) Last Boot: 2013-05-05 16:09 ==================== End Of Log ============================
- May 10, 2013
- 14 replies
Need help with Moneypak virus

Dogtooth posted a topic in Resolved Malware Removal Logs

My Windows 7 laptop was hit yesterday by the Moneypak virus and I'm unable to get into any of the safe modes to get rid of it. When I log in normally it locks up and when I try to log in with any of the safe modes it automatically logs off and reboots the computer. Any attempts at system restore didn't work either. Any help is much appreciated.
- May 10, 2013
- 14 replies

Sign In

Dogtooth

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Dogtooth

Moneypak Virus, need fixlist.txt

Moneypak Virus, need fixlist.txt

Need help with Moneypak virus

Need help with Moneypak virus

Need help with Moneypak virus

Need help with Moneypak virus

Need help with Moneypak virus

Need help with Moneypak virus

Need help with Moneypak virus

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information