Jump to content

404lebowski

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by 404lebowski

  1. I'm updating Malwarebytes now and running a scan
  2. Looks like it is booting normally so far!!! Here is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01 Ran by SYSTEM at 2013-05-12 19:43:59 Run:1 Running from G:\ Boot Mode: Recovery ============================================== HKEY_USERS\Wes\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Wes\AppData\Roaming\skype.dat => Moved successfully. C:\Users\Wes\AppData\Roaming\skype.ini => Moved successfully. C:\Users\Wes\icq.exe => Moved successfully. C:\Users\Wes\ctfmon.exe => Moved successfully. C:\Users\Wes\teamviewer.exe => Moved successfully. C:\Users\Wes\conhost.exe => Moved successfully. C:\Users\Wes\winlogon.exe => Moved successfully. C:\Users\Wes\vlcplayer.exe => Moved successfully. C:\Users\Wes\spoolsv.exe => Moved successfully. C:\Users\Wes\jucheck.exe => Moved successfully. C:\Users\Wes\flashplayer.exe => Moved successfully. C:\Users\Wes\chrome.exe => Moved successfully. C:\Users\Wes\GoToAssistDownloadHelper.exe => Moved successfully. C:\ProgramData\ezsidmv.dat => Moved successfully. ==== End of Fixlog ====
  3. Here it is. Hope this makes sense to you. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01 Ran by SYSTEM on 12-05-2013 18:30:12 Running from G:\ Windows 7 Professional (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] TpShocks.exe [x] HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [869736 2010-01-06] (Lenovo Group Limited) HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated) HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-02-28] (McAfee, Inc.) HKLM\...\Run: [screwDrivers RDP Plugin] C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [45384 2011-04-28] () HKLM\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-02-28] (McAfee, Inc.) HKLM\...\Run: [] [x] HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.) HKLM\...\Winlogon: [system] HKU\Wes\...\Run: [] c:\users\wes\ctfmon.exe [ 2013-05-12] () HKU\Wes\...\Winlogon: [shell] explorer.exe,C:\Users\Wes\AppData\Roaming\skype.dat <==== ATTENTION Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) ========================== Services (Whitelisted) ================= S2 CLDTVHNService; C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] () S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S4 LENOVO.CAMMUTE; C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe [54632 2009-11-09] (Lenovo Group Limited) S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [44984 2009-11-17] (Lenovo Group Limited) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [287752 2013-03-01] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-04-06] (Memeo) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [632344 2012-10-06] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [168880 2012-12-26] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [171976 2012-12-26] (McAfee, Inc.) S2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.) S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) S3 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1659624 2011-02-04] (RealVNC Ltd) S2 RoxLiveShare10; "c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-12-26] (McAfee, Inc.) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147472 2012-05-28] (McAfee, Inc.) S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5946368 2009-09-22] (Intel Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132976 2012-12-26] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-12-26] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-12-26] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-12-26] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565416 2012-12-26] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [252200 2012-11-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81456 2012-11-01] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210168 2012-12-26] (McAfee, Inc.) S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.) S3 NetDirect; C:\Windows\System32\DRIVERS\NetDirect.sys [24576 2007-08-19] (The OpenVPN Project) S2 ntk_dtv; C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [119792 2009-09-17] (Cyberlink Corp.) S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-02-04] (RealVNC Ltd.) S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [x] S3 NT_NvcA; system32\DRIVERS\ntnvca.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-12 18:29 - 2013-05-12 18:29 - 00000000 ____D C:\FRST 2013-05-12 13:43 - 2013-05-12 13:44 - 00000004 ____A C:\Users\Wes\AppData\Roaming\skype.ini 2013-05-12 13:29 - 2013-05-12 13:29 - 00139264 ____A (EA Swiss-Digital LLC) C:\Users\Wes\icq.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00103301 ____A C:\Users\Wes\ctfmon.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\teamviewer.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\conhost.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\winlogon.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\vlcplayer.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\spoolsv.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\jucheck.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\flashplayer.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\chrome.exe 2013-05-05 07:55 - 2013-05-05 07:55 - 02373122 ____A C:\Users\Public\Documents\Stupid Conversation with Sam - trolling.pptx 2013-05-02 12:53 - 2013-05-02 12:53 - 00100352 ____A C:\Users\Wes\Downloads\tap_drill.xls 2013-05-02 12:53 - 2013-05-02 12:53 - 00025600 ____A C:\Users\Wes\Downloads\locknut threads.xls 2013-04-23 15:25 - 2013-04-12 05:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-18 17:07 - 2013-04-18 17:07 - 00134514 ____A C:\Users\Wes\Downloads\image(3).jpeg 2013-04-18 17:07 - 2013-04-18 17:07 - 00084691 ____A C:\Users\Wes\Downloads\image(5).jpeg 2013-04-18 17:07 - 2013-04-18 17:07 - 00080375 ____A C:\Users\Wes\Downloads\image(4).jpeg 2013-04-16 14:06 - 2013-04-16 14:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf ==================== One Month Modified Files and Folders ======== 2013-05-12 18:29 - 2013-05-12 18:29 - 00000000 ____D C:\FRST 2013-05-12 13:44 - 2013-05-12 13:43 - 00000004 ____A C:\Users\Wes\AppData\Roaming\skype.ini 2013-05-12 13:43 - 2010-12-24 18:41 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-12 13:43 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-12 13:43 - 2009-07-13 20:39 - 00161457 ____A C:\Windows\setupact.log 2013-05-12 13:29 - 2013-05-12 13:29 - 00139264 ____A (EA Swiss-Digital LLC) C:\Users\Wes\icq.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00103301 ____A C:\Users\Wes\ctfmon.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\teamviewer.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\conhost.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\winlogon.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\vlcplayer.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\spoolsv.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\jucheck.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\flashplayer.exe 2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\chrome.exe 2013-05-12 13:29 - 2010-02-10 11:58 - 00000000 ____D C:\users\Wes 2013-05-12 12:51 - 2010-12-24 18:41 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-12 12:34 - 2012-04-09 16:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-12 09:53 - 2010-07-14 18:13 - 00001854 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk 2013-05-12 07:12 - 2010-02-10 14:28 - 01324028 ____A C:\Windows\WindowsUpdate.log 2013-05-10 08:48 - 2009-07-13 20:34 - 00013456 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-10 08:48 - 2009-07-13 20:34 - 00013456 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-06 04:14 - 2012-04-09 16:39 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-06 04:14 - 2011-05-22 16:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-06 04:13 - 2010-02-10 12:38 - 00000000 ____D C:\ProgramData\Adobe 2013-05-06 04:10 - 2010-02-10 12:14 - 00132640 ____A C:\Windows\PFRO.log 2013-05-05 07:55 - 2013-05-05 07:55 - 02373122 ____A C:\Users\Public\Documents\Stupid Conversation with Sam - trolling.pptx 2013-05-02 12:53 - 2013-05-02 12:53 - 00100352 ____A C:\Users\Wes\Downloads\tap_drill.xls 2013-05-02 12:53 - 2013-05-02 12:53 - 00025600 ____A C:\Users\Wes\Downloads\locknut threads.xls 2013-04-30 03:46 - 2010-07-14 18:11 - 00000000 ____D C:\Program Files\McAfee 2013-04-23 23:18 - 2012-05-19 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-04-18 17:07 - 2013-04-18 17:07 - 00134514 ____A C:\Users\Wes\Downloads\image(3).jpeg 2013-04-18 17:07 - 2013-04-18 17:07 - 00084691 ____A C:\Users\Wes\Downloads\image(5).jpeg 2013-04-18 17:07 - 2013-04-18 17:07 - 00080375 ____A C:\Users\Wes\Downloads\image(4).jpeg 2013-04-17 03:48 - 2013-04-11 12:57 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-16 14:06 - 2013-04-16 14:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2013-04-16 13:50 - 2010-02-10 11:55 - 00731366 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-12 05:45 - 2013-04-23 15:25 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys Other Malware: =========== C:\Users\Wes\chrome.exe C:\Users\Wes\conhost.exe C:\Users\Wes\ctfmon.exe C:\Users\Wes\flashplayer.exe C:\Users\Wes\GoToAssistDownloadHelper.exe C:\Users\Wes\icq.exe C:\Users\Wes\jucheck.exe C:\Users\Wes\spoolsv.exe C:\Users\Wes\teamviewer.exe C:\Users\Wes\vlcplayer.exe C:\Users\Wes\winlogon.exe C:\Users\Wes\AppData\Roaming\skype.dat C:\Users\Wes\AppData\Roaming\skype.ini C:\Users\Wes\Application Data\skype.dat C:\Users\Wes\Application Data\skype.ini C:\ProgramData\ezsidmv.dat ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-14 00:01:28 Restore point made on: 2013-02-21 18:51:22 Restore point made on: 2013-03-02 14:34:28 Restore point made on: 2013-03-09 19:05:23 Restore point made on: 2013-03-12 23:01:13 Restore point made on: 2013-03-20 16:28:46 Restore point made on: 2013-03-25 23:00:35 Restore point made on: 2013-04-03 04:31:14 Restore point made on: 2013-04-09 23:00:58 Restore point made on: 2013-04-17 04:57:12 Restore point made on: 2013-04-23 23:00:27 Restore point made on: 2013-05-02 09:34:05 Restore point made on: 2013-05-10 14:28:47 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 2968.01 MB Available physical RAM: 2454.89 MB Total Pagefile: 2966.29 MB Available Pagefile: 2453.75 MB Total Virtual: 2047.88 MB Available Virtual: 1960.7 MB ==================== Drives ================================ Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:12.57 GB) NTFS Drive e: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.42 GB) NTFS Drive g: (USB20FD) (Removable) (Total:60.94 GB) (Free:55.39 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.69 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 62928F40) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 61 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=61 GB) - (Type=0C) Last Boot: 2013-05-03 20:07 ==================== End Of Log ============================
  4. Hello, my computer has become infected with the FBI Warning virus. I can't boot to safe mode with networking - it goes back to the warning screen. I've seen lots of HiJack This help on here. Hoping someone can help me as well. Thanks in advance!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.