arnelld
Members-
Posts
8 -
Joined
-
Last visited
Reputation
0 Neutral-
I posted in PC help and they directed me here- I have a HP Elitebook8560p with Windows XP. I was trying to install a dell printer 3115cn through a router. I put the CD in that came with the printer and then I get a download error and it wouldn't install the printer. It says I can not copy delopd.ui.dll file. Not sure what is up, I have to Control Alt delete to get out of the copy files. Thanks two files are attached. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.17115 BrowserJavaVersion: 1.6.0_26 Run by tarnell at 21:39:08 on 2013-05-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.1625 [GMT -6:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\vcsFPService.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\IDT\WDM\STacSV.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Symantec AntiVirus\12.1.1101.401.105\Bin\ccSvcHst.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec AntiVirus\12.1.1101.401.105\Bin\Smc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CCM\SMSCliUI.exe C:\Program Files\Symantec AntiVirus\12.1.1101.401.105\Bin\ccSvcHst.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe C:\Documents and Settings\tarnell\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InfoBox24.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Documents and Settings\tarnell\Local Settings\Application Data\Akamai\netsession_win.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.williams.com uWindow Title = Windows Internet Explorer provided by Williams uDefault_Page_URL = hxxp://my.williams.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mStart Page = hxxp://my.williams.com mDefault_Page_URL = hxxp://my.williams.com uInternet Connection Wizard,ShellNext = iexplore uProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: SFCDisable = dword:4 BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec antivirus\12.1.1101.401.105\bin\ips\IPSBHO.dll BHO: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - <orphaned> BHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - c:\program files\price check by aol\aolpricecheck.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 uRun: [PPScheduler] c:\program files\scansoft\paperport\PPScheduler.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [HP Photosmart 7510 series (NET)] "c:\program files\hp\hp photosmart 7510 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BP3526N05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1 uRun: [Akamai NetSession Interface] "c:\documents and settings\tarnell\local settings\application data\akamai\netsession_win.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start mRun: [sEP11] <no file> StartupFolder: c:\documents and settings\all users\start menu\programs\startup\InfoBox24.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: DisableWindowsUpdateAccess = 1 uPolicies-Explorer: NoWindowsUpdate = dword:1 uPolicies-Explorer: NoAutoUpdate = dword:1 mPolicies-Explorer: disablewindowsupdateaccess = dword:1 mPolicies-Explorer: nodrivetypeautorun = dword:255 mPolicies-Explorer: nowindowsupdate = dword:1 mPolicies-System: dontdisplaylastusername = dword:1 mPolicies-System: LegalNoticeCaption = Warning: mPolicies-System: legalnoticetext = This system, including all related equipment, networks, and network devices (including Internet access), is provided for authorized users only. This system may be monitored for all lawful purposes, including to ensure authorized use, to facilitate protection against unauthorized access, for system maintenance, and to verify security procedures and operational security. There is no right of privacy in this system. All information, including personal information, placed on or sent to this system may be monitored. Information obtained through monitoring may be examined, recorded, copied and used for lawful purposes. Use of this system, authorized or unauthorized, constitutes consent to the monitoring of this system and to the lawful use of any information obtained through monitoring. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action, and use of this system constitutes consent to monitoring for these purposes.mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.williams.com/CACHE/stc/1/binaries/vpnweb.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229958089812 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245256796906 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{8065A06A-25D5-44AA-B595-AAE286197B5A} : DHCPNameServer = 192.168.1.254 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: NavLogon - <no file> Notify: SEP - c:\program files\symantec antivirus\12.1.1101.401.105\bin\WinLogoutNotifier.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\tarnell\application data\mozilla\firefox\profiles\vf8f4zsa.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-amonetizetest1-chromesbox-en-us&tb_uuid=20120914030319109&tb_oid=10-10-1010&tb_mrud=10-10-1010 FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-amonetizetest1-ab-en-us&tb_uuid=20120914030319109&tb_oid=10-10-1010&tb_mrud=10-10-1010&query= FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll FF - ExtSQL: !HIDDEN! 2011-04-29 08:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extentions.y2layers.installId, 9506adf9-d925-443a-8967-cb39ed0e7f5f FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube . FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\SymDS.sys [2012-4-19 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\SymEFA.sys [2012-4-19 759416] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\bashdefs\20130502.011\BHDrvx86.sys [2013-5-7 1000024] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01044d\0191.105\x86\Ironx86.sys [2012-4-19 137336] R2 GobiQDLService;Sierra Wireless QDL Service;c:\program files\sierra wireless inc\gobi\qdlservice\GobiQDLService.exe [2011-3-16 308592] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2011-5-13 317496] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-18 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-18 701512] R2 MSSQL$OASYSHDB;SQL Server (OASYSHDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe --> c:\documents and settings\all users\application data\rpcnet\bin\rpcld.exe [?] R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec antivirus\12.1.1101.401.105\bin\ccSvcHst.exe [2012-4-19 137208] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-3-24 2762032] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-5-18 641464] R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2012-1-24 113664] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-1-24 101392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-3-20 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\ipsdefs\20130517.012\IDSXpx86.sys [2013-5-18 373728] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-1-24 44800] R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2012-1-24 23640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-18 22856] R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-24 41088] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\virusdefs\20130518.003\NAVENG.SYS [2013-5-18 93296] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1101.401.105\data\definitions\virusdefs\20130518.003\NAVEX15.SYS [2013-5-18 1603824] R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-1-24 7473152] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2012-1-24 62336] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2012-1-24 141440] R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\drivers\SPUVCBv.sys [2012-1-24 2468728] R3 swg3kflt02;Sierra Wireless USB Composite Device Filter Driver 02;c:\windows\system32\drivers\swg3kflt02.sys [2011-2-3 27264] R3 swg3knet02;Sierra Wireless QMI USB-NDIS miniport for HP;c:\windows\system32\drivers\swg3knet02.sys [2011-2-3 280064] R3 swg3kser02;Sierra Wireless QMI USB Device for Legacy Serial Communication - HP;c:\windows\system32\drivers\swg3kser02.sys [2011-2-3 213504] R3 swibus02;Sierra Wireless Bus Enumerator 02;c:\windows\system32\drivers\swibus02.sys [2011-2-3 59904] R3 swibusflt02;Sierra Wireless Bus Enumerator Filter 02;c:\windows\system32\drivers\swibusflt02.sys [2011-2-3 59904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2012-1-24 144984] S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec antivirus\12.1.1101.401.105\bin\SyDvCtrl32.sys [2012-4-19 23984] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-05-18 23:35:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-18 23:35:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-18 23:13:12 -------- d-----w- c:\program files\Dell Printers 2013-05-18 23:11:55 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll 2013-05-18 23:11:55 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll 2013-05-18 23:11:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe 2013-05-18 23:11:55 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll 2013-05-18 23:11:55 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll 2013-05-18 23:11:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll 2013-05-18 23:11:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll 2013-05-15 12:25:32 -------- d-----w- c:\program files\williams 2013-05-15 01:48:22 -------- d-----w- c:\program files\Dell Inc 2013-05-14 03:41:45 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2013-05-14 03:41:45 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2013-05-14 03:24:00 -------- d-----w- c:\documents and settings\tarnell\local settings\application data\Akamai 2013-05-14 03:21:01 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll 2013-05-14 03:21:01 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll 2013-05-14 03:21:01 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe 2013-05-14 03:21:01 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll 2013-05-14 03:21:01 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll 2013-05-14 03:20:58 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll 2013-05-14 03:20:58 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll 2013-05-06 15:37:52 -------- d-----w- c:\documents and settings\tarnell\application data\Intel 2013-04-30 21:39:28 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-30 21:39:28 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys . ==================== Find3M ==================== . 2013-05-19 02:12:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2013-05-19 02:12:27 57776 ----a-w- c:\windows\system32\rpcnet.dll 2013-05-19 02:10:38 74752 ----a-w- c:\windows\system32\spoolss.dll 2013-05-19 02:10:38 57856 ----a-w- c:\windows\system32\spoolsv.exe 2013-04-16 13:31:40 17920 ----a-w- c:\windows\system32\rpcnetp.dll 2013-03-20 19:44:44 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-20 19:44:44 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll . ============= FINISH: 21:39:31.82 =============== attach.txt
-
Hello - Weird problem I can't seem to figure out. I have a hp Elitebook8560p with Windows XP. I am trying to install a Dell printer 3115cn through a router. I put in the CD that came with the printer and then I get a download error and it install the printer. it says can not copy dellopd.ui.dll file. I think it may be a virus or a conflict or a registry error- help. I have exhausted all my options. I have attached two files! Thanks so much!! attach.txt dds.txt
-
infected with FBI moneypak virus
arnelld replied to arnelld's topic in Resolved Malware Removal Logs
Here are the logs - It came back with no malware found!! I have meetings all day tomorrow, check back in the late afternoon! Thanks!! system-log.txt mbar-log-2013-05-14 (21-00-18).txt mbar-log-2013-05-14 (20-31-56).txt -
infected with FBI moneypak virus
arnelld replied to arnelld's topic in Resolved Malware Removal Logs
Sorry! Fixlog.txt -
infected with FBI moneypak virus
arnelld replied to arnelld's topic in Resolved Malware Removal Logs
Yea!! The computer boots normally now - is there anything else I need to do or clean? Thanks so much! -
infected with FBI moneypak virus
arnelld replied to arnelld's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013 Ran by Larry (administrator) on 14-05-2013 16:43:10 Running from E:\ Windows 7 Professional (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\cmd.exe (Farbar) e:\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-04-07] (IDT, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] () HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-10-04] (Dell Inc.) HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1311312 2010-05-18] (Logitech, Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" [2453504 2009-09-22] (Hewlett-Packard Company) HKLM\...\Run: [] [x] HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company) HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133456 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1374864 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X] HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-13] (Google Inc.) HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Larry\AppData\Roaming\skype.dat <==== ATTENTION HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-747825169-3136433216-3061428978-1000\$5a6b93952095872d74bf54c7b376c65c\n. ATTENTION! ====> ZeroAccess MountPoints2: {0d1f8c17-19d1-11e1-9667-f04da298ec73} - E:\LaunchU3.exe -a Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) HKCU SearchScopes: DefaultScope {04F031E9-5DD7-4EC0-9F36-E61AE8CD8762} URL = http://findgala.com/?&uid=2159&q={searchTerms} SearchScopes: HKCU - {04F031E9-5DD7-4EC0-9F36-E61AE8CD8762} URL = http://findgala.com/?&uid=2159&q={searchTerms} BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) PDF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab PDF: {315E206C-B37E-4F46-A144-5A82DBE79A9D} http://spyware.cymphonix.com/webdeploy.cab PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Hosts file not detected in the default directory Chrome: ======= CHR Extension: (Google Drive) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= S2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [4426384 2011-12-05] (Carbonite, Inc. (www.carbonite.com)) S2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-10-04] (Dell Inc.) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x] ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-03] (ST Microelectronics) S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-10-04] (Broadcom Corporation) S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.) S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-03-18] (Logitech, Inc.) S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-03-18] (Logitech, Inc.) S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37328 2010-03-18] (Logitech, Inc.) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-03-18] (Logitech, Inc.) S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [94200 2012-07-12] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [257928 2012-07-12] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [38328 2012-08-24] (Trend Micro Inc.) S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85816 2012-08-25] (Trend Micro Inc.) S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [75624 2012-07-12] (Trend Micro Inc.) S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171064 2012-07-05] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.) U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-14 17:12 - 2013-05-14 17:29 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-14 16:43 - 2013-05-14 16:43 - 00000000 ____D C:\FRST 2013-05-12 10:05 - 2013-05-14 16:34 - 00000004 ____A C:\Users\Larry\AppData\Roaming\skype.ini 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\vlcplayer.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\AppData\Roaming\skype.dat 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\winlogon.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\windowsupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\mstsc.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\jqs.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\googleupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\flashplayer.exe 2013-05-03 09:45 - 2013-05-03 09:46 - 00000000 ____D C:\Users\Larry\Documents\SWCCD 2013-05-02 10:22 - 2013-05-02 16:36 - 00000000 ____D C:\Users\Larry\Documents\Coal Culch Oxbow wetland 2013-05-01 17:03 - 2013-05-01 17:03 - 05190405 ____A C:\Users\Larry\Documents\Elk Crossing Out of baggs..MOV 2013-04-24 07:03 - 2013-04-12 07:58 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-15 09:36 - 2013-04-15 09:36 - 00000000 ____D C:\Users\Larry\Documents\New folder ==================== One Month Modified Files and Folders ======== 2013-05-14 17:29 - 2013-05-14 17:12 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-14 16:43 - 2013-05-14 16:43 - 00000000 ____D C:\FRST 2013-05-14 16:42 - 2010-10-04 21:25 - 00786564 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-14 16:34 - 2013-05-12 10:05 - 00000004 ____A C:\Users\Larry\AppData\Roaming\skype.ini 2013-05-14 16:34 - 2011-01-13 06:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-14 16:34 - 2009-07-13 22:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-14 16:34 - 2009-07-13 22:39 - 00051151 ____A C:\Windows\setupact.log 2013-05-14 15:52 - 2009-07-13 22:55 - 01551145 ____A C:\Windows\WindowsUpdate.log 2013-05-14 15:50 - 2009-07-13 22:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-14 15:50 - 2009-07-13 22:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-14 15:46 - 2012-10-29 07:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-14 15:44 - 2011-01-13 06:46 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\vlcplayer.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\AppData\Roaming\skype.dat 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\winlogon.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\windowsupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\mstsc.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\jqs.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\googleupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\flashplayer.exe 2013-05-12 09:55 - 2012-07-09 07:11 - 00181808 ____A C:\Windows\RegBootClean.exe 2013-05-12 09:55 - 2011-03-15 16:12 - 00000000 ____D C:\ProgramData\Trend Micro 2013-05-12 09:55 - 2010-12-05 18:17 - 00000000 ____D C:\users\Larry 2013-05-04 07:39 - 2012-05-03 10:53 - 00000410 _RASH C:\ProgramData\ntuser.pol 2013-05-03 09:46 - 2013-05-03 09:45 - 00000000 ____D C:\Users\Larry\Documents\SWCCD 2013-05-02 16:36 - 2013-05-02 10:22 - 00000000 ____D C:\Users\Larry\Documents\Coal Culch Oxbow wetland 2013-05-02 12:37 - 2013-03-08 14:23 - 00000000 ____D C:\Users\Larry\Documents\PFW Tour 2013-05-01 17:30 - 2012-04-30 14:50 - 00000000 ____D C:\Users\Larry\Documents\Outlook Files 2013-05-01 17:03 - 2013-05-01 17:03 - 05190405 ____A C:\Users\Larry\Documents\Elk Crossing Out of baggs..MOV 2013-04-30 09:46 - 2011-01-05 10:58 - 00000000 ____D C:\Users\Larry\Documents\LIP apl 2013-04-22 09:27 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\NDF 2013-04-19 07:28 - 2013-04-11 08:52 - 00000000 ____D C:\Users\Larry\Documents\Home Appraisal 2013-04-18 07:27 - 2013-04-13 13:43 - 01334920 ____A C:\Users\Larry\Desktop\taxReturn.tax2012 2013-04-18 07:16 - 2009-07-13 22:33 - 00475336 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-15 09:45 - 2013-04-13 13:54 - 00000000 ____D C:\Users\Larry\Documents\TurboTax 2013-04-15 09:37 - 2013-04-13 14:11 - 00000000 ____D C:\Users\Larry\Documents\2012 taxes 2013-04-15 09:36 - 2013-04-15 09:36 - 00000000 ____D C:\Users\Larry\Documents\New folder ZeroAccess: C:\$Recycle.Bin\S-1-5-21-747825169-3136433216-3061428978-1000\$5a6b93952095872d74bf54c7b376c65c Other Malware: =========== C:\Users\Larry\flashplayer.exe C:\Users\Larry\googleupdate.exe C:\Users\Larry\jqs.exe C:\Users\Larry\mstsc.exe C:\Users\Larry\vlcplayer.exe C:\Users\Larry\windowsupdate.exe C:\Users\Larry\winlogon.exe C:\Users\Larry\AppData\Roaming\skype.dat C:\Users\Larry\AppData\Roaming\skype.ini C:\Users\Larry\Application Data\skype.dat C:\Users\Larry\Application Data\skype.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-16 08:22] - [2012-09-06 10:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E Last Boot: 2013-05-04 09:57 ==================== End Of Log ============================ -
infected with FBI moneypak virus
arnelld replied to arnelld's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013 Ran by Larry (administrator) on 14-05-2013 16:43:10 Running from E:\ Windows 7 Professional (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\cmd.exe (Farbar) e:\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-04-07] (IDT, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] () HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-10-04] (Dell Inc.) HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1311312 2010-05-18] (Logitech, Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" [2453504 2009-09-22] (Hewlett-Packard Company) HKLM\...\Run: [] [x] HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company) HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133456 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1374864 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X] HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-13] (Google Inc.) HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Larry\AppData\Roaming\skype.dat <==== ATTENTION HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-747825169-3136433216-3061428978-1000\$5a6b93952095872d74bf54c7b376c65c\n. ATTENTION! ====> ZeroAccess MountPoints2: {0d1f8c17-19d1-11e1-9667-f04da298ec73} - E:\LaunchU3.exe -a Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) HKCU SearchScopes: DefaultScope {04F031E9-5DD7-4EC0-9F36-E61AE8CD8762} URL = http://findgala.com/?&uid=2159&q={searchTerms} SearchScopes: HKCU - {04F031E9-5DD7-4EC0-9F36-E61AE8CD8762} URL = http://findgala.com/?&uid=2159&q={searchTerms} BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) PDF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab PDF: {315E206C-B37E-4F46-A144-5A82DBE79A9D} http://spyware.cymphonix.com/webdeploy.cab PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Hosts file not detected in the default directory Chrome: ======= CHR Extension: (Google Drive) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= S2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [4426384 2011-12-05] (Carbonite, Inc. (www.carbonite.com)) S2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-10-04] (Dell Inc.) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x] ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-03] (ST Microelectronics) S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-10-04] (Broadcom Corporation) S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.) S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-03-18] (Logitech, Inc.) S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-03-18] (Logitech, Inc.) S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37328 2010-03-18] (Logitech, Inc.) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-03-18] (Logitech, Inc.) S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [94200 2012-07-12] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [257928 2012-07-12] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [38328 2012-08-24] (Trend Micro Inc.) S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85816 2012-08-25] (Trend Micro Inc.) S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [75624 2012-07-12] (Trend Micro Inc.) S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171064 2012-07-05] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.) U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-14 17:12 - 2013-05-14 17:29 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-14 16:43 - 2013-05-14 16:43 - 00000000 ____D C:\FRST 2013-05-12 10:05 - 2013-05-14 16:34 - 00000004 ____A C:\Users\Larry\AppData\Roaming\skype.ini 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\vlcplayer.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\AppData\Roaming\skype.dat 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\winlogon.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\windowsupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\mstsc.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\jqs.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\googleupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\flashplayer.exe 2013-05-03 09:45 - 2013-05-03 09:46 - 00000000 ____D C:\Users\Larry\Documents\SWCCD 2013-05-02 10:22 - 2013-05-02 16:36 - 00000000 ____D C:\Users\Larry\Documents\Coal Culch Oxbow wetland 2013-05-01 17:03 - 2013-05-01 17:03 - 05190405 ____A C:\Users\Larry\Documents\Elk Crossing Out of baggs..MOV 2013-04-24 07:03 - 2013-04-12 07:58 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-15 09:36 - 2013-04-15 09:36 - 00000000 ____D C:\Users\Larry\Documents\New folder ==================== One Month Modified Files and Folders ======== 2013-05-14 17:29 - 2013-05-14 17:12 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-14 16:43 - 2013-05-14 16:43 - 00000000 ____D C:\FRST 2013-05-14 16:42 - 2010-10-04 21:25 - 00786564 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-14 16:34 - 2013-05-12 10:05 - 00000004 ____A C:\Users\Larry\AppData\Roaming\skype.ini 2013-05-14 16:34 - 2011-01-13 06:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-14 16:34 - 2009-07-13 22:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-14 16:34 - 2009-07-13 22:39 - 00051151 ____A C:\Windows\setupact.log 2013-05-14 15:52 - 2009-07-13 22:55 - 01551145 ____A C:\Windows\WindowsUpdate.log 2013-05-14 15:50 - 2009-07-13 22:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-14 15:50 - 2009-07-13 22:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-14 15:46 - 2012-10-29 07:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-14 15:44 - 2011-01-13 06:46 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\vlcplayer.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\AppData\Roaming\skype.dat 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\winlogon.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\windowsupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\mstsc.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\jqs.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\googleupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\flashplayer.exe 2013-05-12 09:55 - 2012-07-09 07:11 - 00181808 ____A C:\Windows\RegBootClean.exe 2013-05-12 09:55 - 2011-03-15 16:12 - 00000000 ____D C:\ProgramData\Trend Micro 2013-05-12 09:55 - 2010-12-05 18:17 - 00000000 ____D C:\users\Larry 2013-05-04 07:39 - 2012-05-03 10:53 - 00000410 _RASH C:\ProgramData\ntuser.pol 2013-05-03 09:46 - 2013-05-03 09:45 - 00000000 ____D C:\Users\Larry\Documents\SWCCD 2013-05-02 16:36 - 2013-05-02 10:22 - 00000000 ____D C:\Users\Larry\Documents\Coal Culch Oxbow wetland 2013-05-02 12:37 - 2013-03-08 14:23 - 00000000 ____D C:\Users\Larry\Documents\PFW Tour 2013-05-01 17:30 - 2012-04-30 14:50 - 00000000 ____D C:\Users\Larry\Documents\Outlook Files 2013-05-01 17:03 - 2013-05-01 17:03 - 05190405 ____A C:\Users\Larry\Documents\Elk Crossing Out of baggs..MOV 2013-04-30 09:46 - 2011-01-05 10:58 - 00000000 ____D C:\Users\Larry\Documents\LIP apl 2013-04-22 09:27 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\NDF 2013-04-19 07:28 - 2013-04-11 08:52 - 00000000 ____D C:\Users\Larry\Documents\Home Appraisal 2013-04-18 07:27 - 2013-04-13 13:43 - 01334920 ____A C:\Users\Larry\Desktop\taxReturn.tax2012 2013-04-18 07:16 - 2009-07-13 22:33 - 00475336 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-15 09:45 - 2013-04-13 13:54 - 00000000 ____D C:\Users\Larry\Documents\TurboTax 2013-04-15 09:37 - 2013-04-13 14:11 - 00000000 ____D C:\Users\Larry\Documents\2012 taxes 2013-04-15 09:36 - 2013-04-15 09:36 - 00000000 ____D C:\Users\Larry\Documents\New folder ZeroAccess: C:\$Recycle.Bin\S-1-5-21-747825169-3136433216-3061428978-1000\$5a6b93952095872d74bf54c7b376c65c Other Malware: =========== C:\Users\Larry\flashplayer.exe C:\Users\Larry\googleupdate.exe C:\Users\Larry\jqs.exe C:\Users\Larry\mstsc.exe C:\Users\Larry\vlcplayer.exe C:\Users\Larry\windowsupdate.exe C:\Users\Larry\winlogon.exe C:\Users\Larry\AppData\Roaming\skype.dat C:\Users\Larry\AppData\Roaming\skype.ini C:\Users\Larry\Application Data\skype.dat C:\Users\Larry\Application Data\skype.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-16 08:22] - [2012-09-06 10:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E Last Boot: 2013-05-04 09:57 ==================== End Of Log ============================ And the addition log - Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013 Ran by Larry (administrator) on 14-05-2013 16:43:10 Running from E:\ Windows 7 Professional (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\cmd.exe (Farbar) e:\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-04-07] (IDT, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] () HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-10-04] (Dell Inc.) HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1311312 2010-05-18] (Logitech, Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" [2453504 2009-09-22] (Hewlett-Packard Company) HKLM\...\Run: [] [x] HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company) HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133456 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1374864 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X] HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-13] (Google Inc.) HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Larry\AppData\Roaming\skype.dat <==== ATTENTION HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-747825169-3136433216-3061428978-1000\$5a6b93952095872d74bf54c7b376c65c\n. ATTENTION! ====> ZeroAccess MountPoints2: {0d1f8c17-19d1-11e1-9667-f04da298ec73} - E:\LaunchU3.exe -a Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) HKCU SearchScopes: DefaultScope {04F031E9-5DD7-4EC0-9F36-E61AE8CD8762} URL = http://findgala.com/?&uid=2159&q={searchTerms} SearchScopes: HKCU - {04F031E9-5DD7-4EC0-9F36-E61AE8CD8762} URL = http://findgala.com/?&uid=2159&q={searchTerms} BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) PDF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab PDF: {315E206C-B37E-4F46-A144-5A82DBE79A9D} http://spyware.cymphonix.com/webdeploy.cab PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Hosts file not detected in the default directory Chrome: ======= CHR Extension: (Google Drive) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= S2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [4426384 2011-12-05] (Carbonite, Inc. (www.carbonite.com)) S2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-10-04] (Dell Inc.) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x] ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-03] (ST Microelectronics) S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-10-04] (Broadcom Corporation) S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.) S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40912 2010-03-18] (Logitech, Inc.) S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10448 2010-03-18] (Logitech, Inc.) S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37328 2010-03-18] (Logitech, Inc.) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-03-18] (Logitech, Inc.) S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [94200 2012-07-12] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [257928 2012-07-12] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [38328 2012-08-24] (Trend Micro Inc.) S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85816 2012-08-25] (Trend Micro Inc.) S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [75624 2012-07-12] (Trend Micro Inc.) S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171064 2012-07-05] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.) U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-14 17:12 - 2013-05-14 17:29 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-14 16:43 - 2013-05-14 16:43 - 00000000 ____D C:\FRST 2013-05-12 10:05 - 2013-05-14 16:34 - 00000004 ____A C:\Users\Larry\AppData\Roaming\skype.ini 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\vlcplayer.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\AppData\Roaming\skype.dat 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\winlogon.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\windowsupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\mstsc.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\jqs.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\googleupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\flashplayer.exe 2013-05-03 09:45 - 2013-05-03 09:46 - 00000000 ____D C:\Users\Larry\Documents\SWCCD 2013-05-02 10:22 - 2013-05-02 16:36 - 00000000 ____D C:\Users\Larry\Documents\Coal Culch Oxbow wetland 2013-05-01 17:03 - 2013-05-01 17:03 - 05190405 ____A C:\Users\Larry\Documents\Elk Crossing Out of baggs..MOV 2013-04-24 07:03 - 2013-04-12 07:58 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-15 09:36 - 2013-04-15 09:36 - 00000000 ____D C:\Users\Larry\Documents\New folder ==================== One Month Modified Files and Folders ======== 2013-05-14 17:29 - 2013-05-14 17:12 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-05-14 16:43 - 2013-05-14 16:43 - 00000000 ____D C:\FRST 2013-05-14 16:42 - 2010-10-04 21:25 - 00786564 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-14 16:34 - 2013-05-12 10:05 - 00000004 ____A C:\Users\Larry\AppData\Roaming\skype.ini 2013-05-14 16:34 - 2011-01-13 06:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-14 16:34 - 2009-07-13 22:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-14 16:34 - 2009-07-13 22:39 - 00051151 ____A C:\Windows\setupact.log 2013-05-14 15:52 - 2009-07-13 22:55 - 01551145 ____A C:\Windows\WindowsUpdate.log 2013-05-14 15:50 - 2009-07-13 22:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-14 15:50 - 2009-07-13 22:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-14 15:46 - 2012-10-29 07:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-14 15:44 - 2011-01-13 06:46 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\vlcplayer.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00097280 ____A (EA Swiss-Digital LLC) C:\Users\Larry\AppData\Roaming\skype.dat 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\winlogon.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\windowsupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\mstsc.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\jqs.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\googleupdate.exe 2013-05-12 09:55 - 2013-05-12 09:55 - 00000000 ____A C:\Users\Larry\flashplayer.exe 2013-05-12 09:55 - 2012-07-09 07:11 - 00181808 ____A C:\Windows\RegBootClean.exe 2013-05-12 09:55 - 2011-03-15 16:12 - 00000000 ____D C:\ProgramData\Trend Micro 2013-05-12 09:55 - 2010-12-05 18:17 - 00000000 ____D C:\users\Larry 2013-05-04 07:39 - 2012-05-03 10:53 - 00000410 _RASH C:\ProgramData\ntuser.pol 2013-05-03 09:46 - 2013-05-03 09:45 - 00000000 ____D C:\Users\Larry\Documents\SWCCD 2013-05-02 16:36 - 2013-05-02 10:22 - 00000000 ____D C:\Users\Larry\Documents\Coal Culch Oxbow wetland 2013-05-02 12:37 - 2013-03-08 14:23 - 00000000 ____D C:\Users\Larry\Documents\PFW Tour 2013-05-01 17:30 - 2012-04-30 14:50 - 00000000 ____D C:\Users\Larry\Documents\Outlook Files 2013-05-01 17:03 - 2013-05-01 17:03 - 05190405 ____A C:\Users\Larry\Documents\Elk Crossing Out of baggs..MOV 2013-04-30 09:46 - 2011-01-05 10:58 - 00000000 ____D C:\Users\Larry\Documents\LIP apl 2013-04-22 09:27 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\System32\NDF 2013-04-19 07:28 - 2013-04-11 08:52 - 00000000 ____D C:\Users\Larry\Documents\Home Appraisal 2013-04-18 07:27 - 2013-04-13 13:43 - 01334920 ____A C:\Users\Larry\Desktop\taxReturn.tax2012 2013-04-18 07:16 - 2009-07-13 22:33 - 00475336 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-15 09:45 - 2013-04-13 13:54 - 00000000 ____D C:\Users\Larry\Documents\TurboTax 2013-04-15 09:37 - 2013-04-13 14:11 - 00000000 ____D C:\Users\Larry\Documents\2012 taxes 2013-04-15 09:36 - 2013-04-15 09:36 - 00000000 ____D C:\Users\Larry\Documents\New folder ZeroAccess: C:\$Recycle.Bin\S-1-5-21-747825169-3136433216-3061428978-1000\$5a6b93952095872d74bf54c7b376c65c Other Malware: =========== C:\Users\Larry\flashplayer.exe C:\Users\Larry\googleupdate.exe C:\Users\Larry\jqs.exe C:\Users\Larry\mstsc.exe C:\Users\Larry\vlcplayer.exe C:\Users\Larry\windowsupdate.exe C:\Users\Larry\winlogon.exe C:\Users\Larry\AppData\Roaming\skype.dat C:\Users\Larry\AppData\Roaming\skype.ini C:\Users\Larry\Application Data\skype.dat C:\Users\Larry\Application Data\skype.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-16 08:22] - [2012-09-06 10:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E Last Boot: 2013-05-04 09:57 ==================== End Of Log ============================ -
I am unable to boot my bosses computer in normal or safe mode. he told me that he was getting the popup with the FBI you owe me money page. The computer is running windows 7 with 32 bit Thanks for any help!