Claudius46
Members-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Claudius46
-
Moneypak Virused - Need Help
Claudius46 replied to Claudius46's topic in Resolved Malware Removal Logs
Yes. It appears to be running a little faster. Didn't catch anything on the scan. -
Moneypak Virused - Need Help
Claudius46 replied to Claudius46's topic in Resolved Malware Removal Logs
# AdwCleaner v3.004 - Report created 14/09/2013 at 21:53:20 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Bret - BRET-PC # Running from : C:\Users\Bret\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Bret\AppData\Local\Conduit Folder Deleted : C:\Users\Bret\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Bret\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Bret\AppData\LocalLow\PriceGong ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 ************************* AdwCleaner[R0].txt - [3124 octets] - [14/09/2013 21:38:06] AdwCleaner[s0].txt - [2917 octets] - [14/09/2013 21:53:20] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2977 octets] ########## -
Moneypak Virused - Need Help
Claudius46 replied to Claudius46's topic in Resolved Malware Removal Logs
Here you go. ComboFix 13-09-13.03 - Bret 09/13/2013 17:39:02.5.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2397 [GMT -4:00] Running from: c:\users\Bret\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bret\AppData\Local\Google\Chrome\User Data\Default\Preferences . . ((((((((((((((((((((((((( Files Created from 2013-08-13 to 2013-09-13 ))))))))))))))))))))))))))))))) . . 2013-09-13 21:49 . 2013-09-13 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-09-13 21:49 . 2013-09-13 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-13 21:49 . 2013-09-13 21:49 -------- d-----w- c:\users\Bret\AppData\Local\temp 2013-09-13 21:26 . 2013-09-13 21:35 -------- d-----w- c:\users\Bret\AppData\Roaming\HPAppData 2013-09-13 21:24 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EC86045-C426-41AA-B53B-133128FE73FD}\mpengine.dll 2013-09-12 00:58 . 2013-09-12 01:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-12 00:31 . 2013-09-12 00:31 -------- d-----w- C:\found.003 2013-09-08 23:09 . 2013-09-08 23:09 -------- d-----w- C:\FRST 2013-09-06 04:26 . 2013-09-11 00:26 -------- d-----w- C:\0749da118aea33367ab39412c7e9625e 2013-09-04 03:52 . 2013-09-11 00:26 -------- d-----w- c:\windows\system32\SPReview 2013-08-17 22:41 . 2013-08-17 22:41 -------- d-----w- c:\programdata\EPSON 2013-08-17 22:41 . 2007-12-06 21:08 108032 ----a-w- c:\windows\system32\E_ILMEMA.DLL 2013-08-17 22:41 . 2007-12-06 21:01 81408 ----a-w- c:\windows\system32\E_IBCBEMA.DLL 2013-08-17 04:54 . 2013-08-17 04:56 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-13 21:21 . 2012-04-04 00:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-13 21:21 . 2011-07-22 01:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-17 04:53 . 2009-12-09 02:15 78161360 ----a-w- c:\windows\system32\MRT.exe 2012-08-18 23:36 . 2012-08-18 23:37 48136192 ----a-w- c:\program files\NTI Backup Now EZ.msi . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-08 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "BackupNowEZtray"="c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2011-09-24 580632] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [x] S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe;c:\program files\TOSHIBA\rselect\RSelSvc.exe [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:21] . 2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 05:02] . 2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 05:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3229125945-3508983886-2451938384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3229125945-3508983886-2451938384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-13 17:56:23 ComboFix-quarantined-files.txt 2013-09-13 21:56 ComboFix2.txt 2013-01-08 03:35 ComboFix3.txt 2011-04-24 02:56 ComboFix4.txt 2011-03-23 14:20 ComboFix5.txt 2013-09-13 21:37 . Pre-Run: 162,060,095,488 bytes free Post-Run: 162,431,463,424 bytes free . - - End Of File - - A290FA3387E1F74351DD58670052DA90 5B5E648D12FCADC244C1EC30318E1EB9 -
Moneypak Virused - Need Help
Claudius46 replied to Claudius46's topic in Resolved Malware Removal Logs
Done and done. The root kit found nothing on the scan. Much appreciated. -
Here is the Scan Result of FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013 Ran by SYSTEM on MININT-UNCN9JV on 08-09-2013 15:09:17 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation) HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET) HKLM\...\RunOnce: [*Restore] - C:\windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [backupNowEZtray] - C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [580632 2011-09-23] (NTI Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Adobe Photo Downloader] - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKU\Bret\...\Run: [MyTOSHIBA] - C:\Program Files (x86)\Toshiba\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA) HKU\Bret\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-07] (Google Inc.) Startup: C:\Users\Bret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdzjrjtmq.lnk ShortcutTarget: bdzjrjtmq.lnk -> C:\PROGRA~3\qmtjrjzdb.plz (Sumitomo Forestry Corporation) ==================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation) ==================== Drivers (Whitelisted) ==================== S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET) S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET) S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET) S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation ) S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\etavaresCF23338e\catchme.sys [x] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-07 23:36 - 2013-09-07 23:36 - 00003288 ____N C:\bootsqm.dat 2013-09-07 22:52 - 2013-09-07 22:52 - 00000000 _____ C:\ProgramData\nbcltt9.dat 2013-09-07 22:02 - 2013-09-07 23:39 - 95025368 ____T C:\ProgramData\bdzjrjtmq.pff 2013-09-07 22:02 - 2013-09-07 23:38 - 00000000 _____ C:\ProgramData\bdzjrjtmq.ctrl 2013-09-07 22:02 - 2013-09-07 22:02 - 00160260 _____ (Sumitomo Forestry Corporation) C:\ProgramData\qmtjrjzdb.plz 2013-09-07 22:02 - 2013-09-07 22:02 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\bdzjrjtmq.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 95025368 ____T C:\ProgramData\v3fr9mqa.pff 2013-09-07 21:29 - 2013-09-07 21:29 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\aqm9rf3v.plz 2013-09-07 21:29 - 2013-09-07 21:29 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\v3fr9mqa.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 00000000 _____ C:\ProgramData\v3fr9mqa.ctrl 2013-09-07 21:27 - 2013-09-07 21:29 - 95025368 ____T C:\ProgramData\dlczjrj6o.pff 2013-09-07 21:27 - 2013-09-07 21:27 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\o6jrjzcld.plz 2013-09-07 21:27 - 2013-09-07 21:27 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\dlczjrj6o.pzz 2013-09-07 21:27 - 2013-09-07 21:27 - 00000000 _____ C:\ProgramData\dlczjrj6o.ctrl 2013-09-07 21:24 - 2013-09-07 21:24 - 00012817 _____ C:\Users\Bret\Desktop\hs_err_pid10444.log 2013-09-07 21:16 - 2013-09-07 21:16 - 00012440 _____ C:\Users\Bret\Desktop\hs_err_pid9236.log 2013-09-05 20:26 - 2013-09-08 03:23 - 00000000 ____D C:\0749da118aea33367ab39412c7e9625e 2013-09-03 19:52 - 2013-09-08 03:23 - 00000000 ____D C:\Windows\System32\SPReview 2013-09-03 18:42 - 2013-09-03 18:43 - 17016828 _____ C:\Users\Bret\Downloads\www.3movs.com---british-mom-tia-layne-takes-it-doggy-style_lq.mp4 2013-09-03 18:18 - 2013-09-03 18:18 - 09716036 _____ C:\Users\Bret\Downloads\www.3movs.com---puma-swede-in-a-high-heels-riding-hard-pole-reverse-cowgirl_lq.mp4 2013-08-21 19:20 - 2013-08-21 19:20 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-17 14:41 - 2013-08-17 14:41 - 00000000 ____D C:\ProgramData\EPSON 2013-08-17 14:41 - 2007-12-06 13:08 - 00108032 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_ILMEMA.DLL 2013-08-17 14:41 - 2007-12-06 13:01 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_IBCBEMA.DLL 2013-08-16 20:54 - 2013-08-16 20:56 - 00000000 ____D C:\Windows\System32\MRT ==================== One Month Modified Files and Folders ======= 2013-09-08 03:23 - 2013-09-05 20:26 - 00000000 ____D C:\0749da118aea33367ab39412c7e9625e 2013-09-08 03:23 - 2013-09-03 19:52 - 00000000 ____D C:\Windows\System32\SPReview 2013-09-08 03:23 - 2009-11-10 18:05 - 00000000 ____D C:\Users\Bret\AppData\Local\TOSHIBA 2013-09-08 03:23 - 2009-11-10 18:02 - 00000000 ____D C:\users\Bret 2013-09-08 03:23 - 2009-09-03 17:17 - 00000000 ____D C:\ProgramData\Toshiba 2013-09-08 03:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-09-07 23:39 - 2013-09-07 22:02 - 95025368 ____T C:\ProgramData\bdzjrjtmq.pff 2013-09-07 23:38 - 2013-09-07 22:02 - 00000000 _____ C:\ProgramData\bdzjrjtmq.ctrl 2013-09-07 23:37 - 2010-02-11 21:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-07 23:37 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-07 23:37 - 2009-07-13 20:51 - 00108376 _____ C:\Windows\setupact.log 2013-09-07 23:36 - 2013-09-07 23:36 - 00003288 ____N C:\bootsqm.dat 2013-09-07 22:52 - 2013-09-07 22:52 - 00000000 _____ C:\ProgramData\nbcltt9.dat 2013-09-07 22:02 - 2013-09-07 22:02 - 00160260 _____ (Sumitomo Forestry Corporation) C:\ProgramData\qmtjrjzdb.plz 2013-09-07 22:02 - 2013-09-07 22:02 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\bdzjrjtmq.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 95025368 ____T C:\ProgramData\v3fr9mqa.pff 2013-09-07 21:29 - 2013-09-07 21:29 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\aqm9rf3v.plz 2013-09-07 21:29 - 2013-09-07 21:29 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\v3fr9mqa.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 00000000 _____ C:\ProgramData\v3fr9mqa.ctrl 2013-09-07 21:29 - 2013-09-07 21:27 - 95025368 ____T C:\ProgramData\dlczjrj6o.pff 2013-09-07 21:27 - 2013-09-07 21:27 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\o6jrjzcld.plz 2013-09-07 21:27 - 2013-09-07 21:27 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\dlczjrj6o.pzz 2013-09-07 21:27 - 2013-09-07 21:27 - 00000000 _____ C:\ProgramData\dlczjrj6o.ctrl 2013-09-07 21:24 - 2013-09-07 21:24 - 00012817 _____ C:\Users\Bret\Desktop\hs_err_pid10444.log 2013-09-07 21:16 - 2013-09-07 21:16 - 00012440 _____ C:\Users\Bret\Desktop\hs_err_pid9236.log 2013-09-05 20:25 - 2010-02-11 21:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-05 20:20 - 2012-04-03 16:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-05 18:41 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-05 18:41 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-05 18:36 - 2009-09-20 00:02 - 01781792 _____ C:\Windows\WindowsUpdate.log 2013-09-03 18:43 - 2013-09-03 18:42 - 17016828 _____ C:\Users\Bret\Downloads\www.3movs.com---british-mom-tia-layne-takes-it-doggy-style_lq.mp4 2013-09-03 18:18 - 2013-09-03 18:18 - 09716036 _____ C:\Users\Bret\Downloads\www.3movs.com---puma-swede-in-a-high-heels-riding-hard-pole-reverse-cowgirl_lq.mp4 2013-09-01 18:33 - 2010-02-18 18:12 - 00000000 ____D C:\Users\Bret\Documents\Targets 2013-08-21 19:20 - 2013-08-21 19:20 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-21 19:20 - 2012-04-03 16:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 19:20 - 2012-04-03 16:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 19:20 - 2011-07-21 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 19:11 - 2013-06-17 17:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-21 19:11 - 2013-06-17 17:40 - 00000000 ____D C:\Program Files\iTunes 2013-08-21 19:11 - 2012-02-16 17:26 - 00000000 ____D C:\Windows\System32\Macromed 2013-08-21 19:11 - 2010-12-18 21:06 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-21 19:09 - 2013-06-17 17:40 - 00000000 ____D C:\Program Files\iPod 2013-08-17 18:23 - 2010-02-18 18:12 - 00000000 ____D C:\Users\Bret\Documents\DD 2013-08-17 14:41 - 2013-08-17 14:41 - 00000000 ____D C:\ProgramData\EPSON 2013-08-17 10:40 - 2009-11-10 18:26 - 00000000 ____D C:\Users\Bret\AppData\Local\Google 2013-08-16 20:56 - 2013-08-16 20:54 - 00000000 ____D C:\Windows\System32\MRT 2013-08-16 20:56 - 2009-09-20 00:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-16 20:53 - 2009-12-08 18:15 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe Files to move or delete: ==================== C:\ProgramData\2582228.pad C:\ProgramData\aqm9rf3v.plz C:\ProgramData\bdzjrjtmq.ctrl C:\ProgramData\dlczjrj6o.ctrl C:\ProgramData\nbcltt9.dat C:\ProgramData\o6jrjzcld.plz C:\ProgramData\qmtjrjzdb.plz C:\ProgramData\v3fr9mqa.ctrl C:\Users\Bret\AppData\Local\Temp\byubolbtfvvblknaoeg.bfg C:\Users\Bret\AppData\Local\Temp\dvmnmimctxtncorwhpo.bfg C:\Users\Bret\AppData\Local\Temp\dyqompgpcgvcmbxnoje.bfg C:\Users\Bret\AppData\Local\Temp\jvflrnjgxsqbxxpxnyn.bfg C:\Users\Bret\AppData\Local\Temp\kmyxxoynaespglduwtw.bfg C:\Users\Bret\AppData\Local\Temp\lowproc.exe C:\Users\Bret\AppData\Local\Temp\stubhelper.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-09-05 20:29:00 Restore point made on: 2013-09-06 19:16:25 Restore point made on: 2013-09-07 21:41:26 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3963.99 MB Available physical RAM: 3373.95 MB Total Pagefile: 3962.14 MB Available Pagefile: 3376.89 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (TI102618W0G) (Fixed) (Total:287.57 GB) (Free:151.12 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (USB DISK) (Removable) (Total:57.63 GB) (Free:57.63 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: ED6E01AF) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 58 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=58 GB) - (Type=0C) LastRegBack: 2013-07-16 18:58 ==================== End Of Log ============================