Jump to content

peacefrog

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by peacefrog

  1. That worked! Thank you. This is for a buddy of mine, I am going to suggest a donation... what is a fair amount?
  2. I have a machine infected by the moneypac. I have tried malwarebytes from the safemode command prompt. I have tried Kaspersky Recovery. Downloaded frst64 and here is the frst.txt. Can anyone help? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013 Ran by Susan (administrator) on 15-05-2013 20:10:28 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe (Farbar) E:\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [213856 2012-07-25] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1374864 2012-07-25] (Trend Micro Inc.) HKLM-x32\...\RunOnce: [*EvtMgr32] C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe [316416 2013-05-14] (Intuwave Ltd.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Winlogon: [shell] C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe [316416 2013-05-14] (Intuwave Ltd.) Winlogon\Notify\GoToAssist: HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-29] (Google Inc.) HKCU\...\RunOnce: [*EvtMgr32] C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe [316416 2013-05-14] (Intuwave Ltd.) HKLM-x32\...\RunOnce: [*EvtMgr32] C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe [316416 2013-05-14] (Intuwave Ltd.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Winlogon: [shell] C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe [316416 2013-05-14] (Intuwave Ltd.) <==== ATTENTION HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms [206064 2009-05-05] (SupportSoft, Inc.) HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [996616 2009-08-30] (Intuit Inc. All rights reserved.) HKU\Jamie\...\RunOnce: [*EvtMgr32] C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe [316416 2013-05-14] (Intuwave Ltd.) Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) BootExecute: .???0{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB26868272???2User-Agent: Mozilla/3.0 (compatible; Indy Library)???0No dangerous or unnecessary startup items found.e???0{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827g???2C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\???1C:\Program Files (x86)\Dell\DellDock\DellDock.exe program.???McCHSvc.exe is a component of McAfee Security Scan, which is software that scans the computer to determine if security software is installed and, if not, suggest McAfee products. This program can be installed separately, but is more commonly packaged with other applications such as Adobe Flash Player. This file provides online connectivity for the program.autocheck smrgdf C:\Users\Susan\AppData\Roaming\iolo\x entry ADS_3_~1.JS in index $I30 of file 144927 is incorrect.Repairing C:\ - Index entry ADS_3_~1.JS in index $I30 of file 144927 is incorrect.Repairing C:\ - Index entry ADS_3_~1.JS in index $I30 of file 144927 is incorrect.Repairing C:\ - Index entry ADS_3_~1.JS in index $I30 of file 144927 is incorrect.Repairing C:\ - Index entry ADS_3_~1.JS in index $I30 of file 144927 is incorrect.Repairing C:\ - Index entry ADS_3_~1.JS in index $I30 of file 144927 is incorrect.281886 index entries processed.Index verification completed.Errors found. CHKDSK cannot continue in read-only mode. ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=ED15A128-56EA-477B-852B-3EF39AEAF72E&ind=2012040419&n=77ed4ce3&psa=&st=sb&searchfor={searchTerms} HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {4E944813-A06B-4D5F-84D2-8BB8B4D7F2C9} URL = SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=ED15A128-56EA-477B-852B-3EF39AEAF72E&ind=2012040419&n=77ed4ce3&psa=&st=sb&searchfor={searchTerms} BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File PDF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab PDF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll No File CHR Plugin: (AVG Internet Security) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (TrendMicro BEP Extension) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1125_0 ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1070080 2013-03-17] (iolo technologies, LLC) S4 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2012-04-04] (COMPANYVERS_NAME) S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.) S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.) S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x] ==================== Drivers (Whitelisted) ==================== S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. ) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-16] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.) S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation) S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [106000 2012-07-12] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-07-12] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-09-10] (Trend Micro Inc.) S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76672 2012-07-12] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== Error(0) reading file: "C:\Windows\System32\ " 2013-05-15 20:10 - 2013-05-15 20:10 - 00000000 ____D C:\FRST 2013-05-15 17:38 - 2013-05-15 17:42 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-15 17:17 - 2013-05-14 11:54 - 00316416 ___SH (Intuwave Ltd.) C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe 2013-05-15 17:09 - 2013-05-15 17:09 - 00000020 ___SH C:\Users\Jamie\ntuser.ini 2013-05-15 17:09 - 2013-05-15 17:09 - 00000000 ____D C:\users\Jamie 2013-05-15 17:09 - 2012-12-08 01:21 - 00000000 ____D C:\Users\Jamie\AppData\Local\Microsoft Help 2013-05-15 17:09 - 2012-10-13 10:33 - 00000000 ____D C:\Users\Jamie\AppData\Roaming\TuneUp Software 2013-05-15 17:09 - 2010-11-29 13:43 - 00000000 ____D C:\Users\Jamie\AppData\Roaming\Macromedia 2013-05-15 17:09 - 2010-03-07 09:49 - 00000000 ____D C:\Users\Jamie\AppData\Local\SoftThinks 2013-04-27 10:46 - 2013-04-27 11:59 - 00000000 ____D C:\Users\Susan\AppData\Roaming\TeamViewer 2013-04-27 10:45 - 2013-04-27 10:45 - 00001164 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk 2013-04-27 10:44 - 2013-04-27 10:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-04-24 11:19 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-19 01:10 - 2013-04-19 01:10 - 00000000 ____A C:\Windows\DCEBOOT.LOG 2013-04-19 01:08 - 2013-04-19 01:09 - 00022064 ____A C:\Windows\DCEBoot64.exe ==================== One Month Modified Files and Folders ======= 2013-05-15 20:10 - 2013-05-15 20:10 - 00000000 ____D C:\FRST 2013-05-15 19:44 - 2010-11-29 13:42 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-15 19:43 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-15 19:43 - 2009-07-13 23:51 - 00129540 ____A C:\Windows\setupact.log 2013-05-15 18:48 - 2012-07-17 17:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-15 18:48 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-15 18:48 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-15 18:47 - 2009-07-14 00:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-15 18:44 - 2009-07-14 00:10 - 01732388 ____A C:\Windows\WindowsUpdate.log 2013-05-15 17:42 - 2013-05-15 17:38 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-15 17:42 - 2010-07-12 08:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-15 17:09 - 2013-05-15 17:09 - 00000020 ___SH C:\Users\Jamie\ntuser.ini 2013-05-15 17:09 - 2013-05-15 17:09 - 00000000 ____D C:\users\Jamie 2013-05-14 12:01 - 2010-11-29 13:42 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-14 11:56 - 2010-03-07 11:12 - 00779930 ____A C:\Windows\PFRO.log 2013-05-14 11:54 - 2013-05-15 17:17 - 00316416 ___SH (Intuwave Ltd.) C:\Windows\{34184A35-0401-272E-2D29-0C04050EC131}.exe 2013-05-14 09:09 - 2010-07-08 13:32 - 00000000 ____D C:\Users\Susan\AppData\Local\SoftThinks 2013-05-14 09:09 - 2010-07-08 13:32 - 00000000 ____D C:\users\Susan 2013-05-12 19:41 - 2013-04-14 12:43 - 00589824 ___RA C:\Users\Susan\Documents\Harland Medical Systems9.QBW.TLG 2013-05-12 19:41 - 2013-04-14 12:42 - 256917504 ___RA C:\Users\Susan\Documents\Harland Medical Systems9.QBW 2013-05-12 19:41 - 2013-04-14 12:42 - 00000355 ____A C:\Users\Susan\Documents\Harland Medical Systems9.QBW.ND 2013-04-27 11:59 - 2013-04-27 10:46 - 00000000 ____D C:\Users\Susan\AppData\Roaming\TeamViewer 2013-04-27 10:45 - 2013-04-27 10:45 - 00001164 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk 2013-04-27 10:44 - 2013-04-27 10:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-04-25 11:25 - 2009-07-14 00:08 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-04-23 01:13 - 2012-12-07 21:25 - 00234544 ____A C:\Windows\RegBootClean64.exe 2013-04-19 13:35 - 2012-12-07 12:35 - 00000000 ____D C:\ProgramData\iolo 2013-04-19 13:34 - 2012-12-07 12:41 - 00002221 ____A C:\Users\Susan\Desktop\System Mechanic.lnk 2013-04-19 01:10 - 2013-04-19 01:10 - 00000000 ____A C:\Windows\DCEBOOT.LOG 2013-04-19 01:09 - 2013-04-19 01:08 - 00022064 ____A C:\Windows\DCEBoot64.exe ZeroAccess: C:\Windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41} C:\Windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\L C:\Windows\Installer\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U ZeroAccess: C:\$Recycle.Bin\S-1-5-21-596367432-2982112876-384251979-1000\$887202d43af8888f30e5b3fb3c2a1f41 ZeroAccess: C:\Users\Susan\AppData\Local\{887202d4-3af8-888f-30e5-b3fb3c2a1f41} C:\Users\Susan\AppData\Local\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\L C:\Users\Susan\AppData\Local\{887202d4-3af8-888f-30e5-b3fb3c2a1f41}\U Other Malware: =========== C:\Users\Susan\195-INST-WIN7-A.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-14 11:13 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.