Jump to content

Search the Community

Showing results for tags 'FBI Moneypak'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 13 results

  1. I'm at my wits end, I contracted the FBI Moneypak virus the other day and can't get rid of it. I have Symantec and ran a scan, no luck. Malwarebytes didn't pick up anything either. I can only run in safe mode. I have Windows 8. Please help. BTW can I safely backup my files to an external hard drive? JB
  2. I've used MalwareBytes many times in the past and it has never failed me. However, this recent virus I've managed to contract has got me stumped. I'm referring to the FBI Moneypak virus that it appears many other users have found themselves dealing with. After examining multiple threads, I've discovered that the developers of this virus are actively working to improve it's capabilities of limiting administrative usage of Windows features; such as safe mode (which automatically sets PCs into restart), and system restore (which always fails). Previously, users have been able to use either of the aforementioned methods to get rid of the FBI Moneypak virus. But as of June 15, 2013 these methods are useless. Many helpers on these forums have been successful in assisting users in removing this virus through use of Farbar Recovery Scan Tool. (FRST64.exe) However, each user is being directed by helpers to imput a unique notepad/command prompt code. Since I'd like to advert any kinds of further damage this could cause by improperly imputing commands, I'm requesting a kind soul to give me a step-by-step walkthrough on how to get rid of this virus. Keep in mind, I already have FRST.exe on my flashdrive, I'd just like to get further insight on how to progress from this point forward. I am running Windows 7 64-bit. Many, many thanks in advance, Max
  3. I have downloaded Fabar and run it from the command line. This is the report. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-05-2013 Ran by SYSTEM on 17-05-2013 11:05:07 Running from J:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-12-23] (IDT, Inc.) HKLM\...\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [292696 2012-02-02] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [x] HKLM-x32\...\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard) HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [1596096 2009-08-05] (Leader Technologies Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKU\Mark\...\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-26] (Google Inc.) HKU\Mark\...\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7065224 2012-08-20] () HKU\Mark\...\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHCA.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-7510 Series" [241280 2013-01-10] (SEIKO EPSON CORPORATION) HKU\Mark\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Mark\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\Mark\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKU\Mark\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Mark\Documents\137687c6.exe [27136 2013-05-17] () HKU\Mark\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION Startup: C:\ProgramData\Start Menu\Programs\Startup\desktop (1).ini () Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll [281016 2011-05-24] (Symantec Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [369952 2009-09-17] (SafeNet, Inc.) S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2009-09-17] (SafeNet, Inc.) S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84112 2012-08-22] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-16] (Symantec Corporation) S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [24496 2012-01-16] (Intel Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130516.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130517.002\ENG64.SYS [126192 2013-01-18] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130517.002\EX64.SYS [2087664 2013-01-18] (Symantec Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-05-23] (Symantec Corporation) S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1300000.080\ccSetx64.sys [x] S3 SRTSP; \SystemRoot\system32\drivers\NISx64\1300000.080\SRTSP64.SYS [x] S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS [x] S0 SymDS; system32\drivers\NISx64\1300000.080\SYMDS64.SYS [x] S0 SymEFA; system32\drivers\NISx64\1300000.080\SYMEFA64.SYS [x] S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1300000.080\Ironx64.SYS [x] S1 SymNetS; \SystemRoot\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-17 11:04 - 2013-05-17 11:04 - 00000000 ____D C:\FRST 2013-05-17 09:23 - 2013-05-17 09:23 - 00174373 ____A C:\Users\Mark\AppData\Roaming\2433f433 2013-05-17 09:23 - 2013-05-17 09:23 - 00174363 ____A C:\Users\Mark\AppData\Local\2433f433 2013-05-17 09:23 - 2013-05-17 09:23 - 00174339 ____A C:\ProgramData\2433f433 2013-05-17 09:23 - 2013-05-17 09:23 - 00027136 ____A C:\Users\Mark\Documents\137687c6.exe 2013-05-15 02:01 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 02:01 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 02:01 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-15 02:01 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 02:01 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 02:01 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-15 02:01 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 02:01 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 02:01 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 02:01 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-14 16:05 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-14 16:05 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-14 16:05 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-14 16:04 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-14 16:04 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-14 16:04 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-14 16:04 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-14 16:04 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-14 16:04 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-14 16:04 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-14 16:04 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-14 16:04 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-14 16:04 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-14 16:04 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-09 05:18 - 2013-05-09 05:18 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-05-09 05:18 - 2012-08-21 12:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys 2013-05-09 05:17 - 2013-05-09 05:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-09 05:17 - 2013-05-09 05:18 - 00000000 ____D C:\Program Files\iTunes 2013-05-09 05:17 - 2013-05-09 05:18 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-05-09 05:17 - 2013-05-09 05:17 - 00000000 ____D C:\Program Files\iPod 2013-05-08 18:27 - 2013-05-08 18:27 - 00000000 ____D C:\Program Files\Motorola Inc 2013-05-07 21:01 - 2013-05-10 05:35 - 00002048 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-05-07 21:01 - 2013-05-10 05:35 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-05-07 21:01 - 2013-05-07 21:01 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-04-30 05:41 - 2013-04-30 05:41 - 02138776 ____A (Solid State Networks) C:\Users\Mark\Downloads\install_flashplayer11x32au_mssa_aih.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-30 02:04 - 2013-04-30 02:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-30 02:04 - 2013-04-30 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-04-30 02:04 - 2013-04-30 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-04-30 02:04 - 2013-04-30 02:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-04-30 02:04 - 2013-04-30 02:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-04-30 02:04 - 2013-04-30 02:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-04-30 02:04 - 2013-04-30 02:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-04-30 02:04 - 2013-04-30 02:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-04-30 02:00 - 2013-04-30 02:07 - 00007294 ____A C:\Windows\IE10_main.log 2013-04-23 10:17 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2013-05-17 11:04 - 2013-05-17 11:04 - 00000000 ____D C:\FRST 2013-05-17 09:40 - 2012-05-23 13:25 - 00000000 ____D C:\ProgramData\PDFC 2013-05-17 09:40 - 2012-05-23 12:57 - 00000000 ____D C:\ProgramData\NVIDIA 2013-05-17 09:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-17 09:40 - 2009-07-13 20:51 - 00056384 ____A C:\Windows\setupact.log 2013-05-17 09:38 - 2012-09-15 07:41 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-17 09:32 - 2012-05-26 07:31 - 01408622 ____A C:\Windows\WindowsUpdate.log 2013-05-17 09:32 - 2009-07-13 20:45 - 00042976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-17 09:32 - 2009-07-13 20:45 - 00042976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-17 09:23 - 2013-05-17 09:23 - 00174373 ____A C:\Users\Mark\AppData\Roaming\2433f433 2013-05-17 09:23 - 2013-05-17 09:23 - 00174363 ____A C:\Users\Mark\AppData\Local\2433f433 2013-05-17 09:23 - 2013-05-17 09:23 - 00174339 ____A C:\ProgramData\2433f433 2013-05-17 09:23 - 2013-05-17 09:23 - 00027136 ____A C:\Users\Mark\Documents\137687c6.exe 2013-05-17 09:02 - 2012-09-15 07:41 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-17 08:49 - 2012-05-26 08:20 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558166772-1545593632-370192068-1000UA.job 2013-05-17 08:34 - 2012-05-26 08:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-17 02:49 - 2012-05-26 08:20 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558166772-1545593632-370192068-1000Core.job 2013-05-16 06:38 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-15 10:34 - 2012-05-26 08:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 10:34 - 2012-05-23 13:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-15 06:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-15 04:36 - 2012-05-27 15:18 - 00000000 ___RD C:\Users\Mark\Virtual Machines 2013-05-15 02:34 - 2009-07-13 21:13 - 00780650 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-15 02:29 - 2010-11-20 19:47 - 00062722 ____A C:\Windows\PFRO.log 2013-05-15 02:29 - 2009-07-13 20:45 - 00428576 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 02:10 - 2012-05-26 06:20 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 02:09 - 2012-06-05 18:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-12 06:21 - 2012-06-10 06:15 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-05-12 06:21 - 2012-05-27 07:11 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-05-12 06:20 - 2012-05-27 07:10 - 00000000 ____D C:\Users\Mark\AppData\Roaming\HP Support Assistant 2013-05-12 06:20 - 2012-05-27 07:09 - 00000000 ____D C:\Users\Mark\AppData\Roaming\HpUpdate 2013-05-10 05:35 - 2013-05-07 21:01 - 00002048 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-05-10 05:35 - 2013-05-07 21:01 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-05-09 05:18 - 2013-05-09 05:18 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-05-09 05:18 - 2013-05-09 05:17 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-09 05:18 - 2013-05-09 05:17 - 00000000 ____D C:\Program Files\iTunes 2013-05-09 05:18 - 2013-05-09 05:17 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-05-09 05:17 - 2013-05-09 05:17 - 00000000 ____D C:\Program Files\iPod 2013-05-09 05:17 - 2013-01-31 20:58 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-05-09 05:17 - 2011-06-17 16:33 - 00000000 ____D C:\ProgramData\Apple 2013-05-08 18:27 - 2013-05-08 18:27 - 00000000 ____D C:\Program Files\Motorola Inc 2013-05-07 21:03 - 2009-01-24 13:28 - 00000000 ____D C:\ProgramData\Adobe 2013-05-07 21:01 - 2013-05-07 21:01 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-05-05 10:11 - 2012-06-03 06:02 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForMark.job 2013-05-04 11:35 - 2013-01-06 19:35 - 00000000 ____D C:\Users\Mark\Desktop\SD-CLSA Secretary Files 2013-05-04 11:35 - 2012-05-23 13:30 - 00000000 ____D C:\ProgramData\Norton 2013-05-03 13:13 - 2013-03-18 23:43 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-05-02 07:29 - 2010-11-20 19:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-04-30 05:41 - 2013-04-30 05:41 - 02138776 ____A (Solid State Networks) C:\Users\Mark\Downloads\install_flashplayer11x32au_mssa_aih.exe 2013-04-30 02:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-04-30 02:07 - 2013-04-30 02:00 - 00007294 ____A C:\Windows\IE10_main.log 2013-04-30 02:04 - 2013-04-30 02:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-30 02:04 - 2013-04-30 02:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-30 02:04 - 2013-04-30 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-04-30 02:04 - 2013-04-30 02:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-04-30 02:04 - 2013-04-30 02:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-04-30 02:04 - 2013-04-30 02:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-04-30 02:04 - 2013-04-30 02:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-04-30 02:04 - 2013-04-30 02:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-04-30 02:04 - 2013-04-30 02:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-04-30 02:04 - 2013-04-30 02:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-04-30 02:04 - 2013-04-30 02:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-04-27 15:38 - 2011-02-27 17:29 - 00000000 ____D C:\Users\Mark\Documents\PAYMENTS 2013-04-19 08:38 - 2012-05-26 08:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-04 03:24:24 Restore point made on: 2013-05-05 18:00:17 Restore point made on: 2013-05-07 21:10:52 Restore point made on: 2013-05-11 06:16:27 Restore point made on: 2013-05-12 18:00:09 Restore point made on: 2013-05-14 21:45:52 Restore point made on: 2013-05-15 02:00:19 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 16326.3 MB Available physical RAM: 14798.96 MB Total Pagefile: 16324.5 MB Available Pagefile: 14789.82 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1845.37 GB) (Free:1678.79 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:17.43 GB) (Free:2.18 GB) NTFS (Disk=0 Partition=4) Drive j: () (Removable) (Total:3.72 GB) (Free:3.47 GB) FAT32 (Disk=5 Partition=1) Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 6BDF0D00) Partition: GPT Partition Type ======================================================== Disk: 5 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) Last Boot: 2013-05-13 23:42 ==================== End Of Log ============================ How do I disable it?
  4. I've been hit with the FBI Moneypak ransomware on a Windows 7, x64. Rebooting in Safe Mode with Networking results in a white screen and the inability to do anything else. I have the run the Farbar Recovery Scan Tool and performed a search for services.exe. I understand I should provide the FRST scan log and the results of the search but before I do, I have a question. Should I be concerned about posting my log online? I'm only a mildy technical person, but given the nature of this ransomware I'm ultra sensitive, and am very concerned about additional damage caused by this breach. Should I scrub the log in anyway? Or, can someone provide a fixlist without the full log? Thanks in advance for any help! Thanks, John
  5. I was able to run the FRST.exe for the following logs, however could not get the DDS program to run a log. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2013 Ran by SYSTEM on 03-05-2013 14:02:50 Running from F:\ Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM\...\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13539872 2008-09-26] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-09-26] (NVIDIA Corporation) HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [updateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [updatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [updatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-09-11] (CyberLink Corp.) HKLM\...\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1152296 2008-10-17] (CyberLink Corp.) HKLM\...\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-10-17] (CyberLink) HKLM\...\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard) HKLM\...\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2007-10-11] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2013-05-02] () HKLM\...\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1085440 2008-05-29] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [86016 2007-12-21] (Brother Industries, Ltd.) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard) HKLM\...\Run: [] [x] HKLM\...\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.) HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1644680 2013-01-28] (Ask) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-12-06] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1151152 2013-02-18] () HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858456 2013-04-30] (AVAST Software) HKLM\...\Run: [PCFixSpeed] "C:\Program Files\PCFixSpeed\PCFixTray.exe" /startup [383648 2012-09-19] (Crawler.com) HKLM\...\Run: [24x7HELP] "C:\Program Files\24x7Help\App24x7Help.exe" /STARTUP [1685144 2012-07-18] (PCRx.com, LLC) HKU\Ben\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [ 2010-06-29] (Hewlett-Packard) HKU\Ben\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\Ben\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.) HKU\Default\...\Run: [HPADVISOR] [x] HKU\Default User\...\Run: [HPADVISOR] [x] HKU\jblow\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [ 2010-06-29] (Hewlett-Packard) HKU\jblow\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.) HKU\jblow\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation) HKU\jblow\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation) HKU\jblow\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\jblow\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [ 2012-12-17] (Apple Inc.) HKU\jblow\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [ 2012-12-17] (Apple Inc.) Startup: C:ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:ProgramData\Start Menu\Programs\Startup\PictureMover.lnk ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\jblow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ShortcutTarget: ctfmon.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation) Startup: C:\Users\jblow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ========================== Services (Whitelisted) ================= S2 24x7HelpSvc; C:\Program Files\24x7Help\App24x7Svc.exe [394392 2012-07-18] (PCRx.com, LLC) S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-04-30] (AVAST Software) S2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2012-12-06] (AVG Technologies CZ, s.r.o.) S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-04-08] (Just Develop It) S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] () S3 msiserver; %systemroot%\system32\msiexec /V [x] ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-04-30] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-04-30] (AVAST Software) S1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-04-30] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-04-30] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-04-30] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-04-30] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-04-30] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174536 2013-04-30] () S1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.) S1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2012-12-05] (AVG Technologies CZ, s.r.o.) S1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2012-12-05] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies) S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303 C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7 C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5 C:\Windows\System32\drivers\Afc.sys FE3EA6E9AFC1A78E6EDCA121E006AFB7 C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360 C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91 C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578 C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48 C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522 C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945 C:\Windows\System32\Drivers\aswFsBlk.sys 550259985ABED458FF68217A53F22BB6 C:\Windows\system32\drivers\aswMonFlt.sys 04E511EED27703CAEF02BF2384A1E79D C:\Windows\System32\Drivers\AswRdr.sys 8E7A2A1D1E57C6B50A88C9C526166EBF C:\Windows\System32\Drivers\aswRvrt.sys 75F1F051C590368F64130101AD6EF8C3 C:\Windows\System32\Drivers\aswSnx.sys AACA5A01342EE3490375B4B4A31B75EC C:\Windows\System32\Drivers\aswSP.sys 2DDBA1C67BFA2DD9263142A9EDC1FCF1 C:\Windows\System32\Drivers\aswTdi.sys CBB5F3E12632A2E79875899DAE00BE7D C:\Windows\System32\Drivers\aswVmm.sys F3104136C6C57DDA13C81A87CA1ECF7B C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1 C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\System32\Drivers\avgldx86.sys A9F4D19DE72C738759330D10D35C4398 C:\Windows\System32\Drivers\avgmfx86.sys 80FF2B1B7EEDA966394F0BAA895BBF4B C:\Windows\System32\Drivers\avgtdix.sys 9A7A93388F503A34E7339AE7F9997449 C:\Windows\system32\drivers\avgtpx86.sys CAE7B6E4D7EB17829C526153D19B9C95 C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132 C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629 C:\Windows\system32\drivers\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410 C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\drivers\dxgkrnl.sys C68AC676B0EF30CFBB1080ADCE49EB1F C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6 C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61 C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8 C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\System32\DRIVERS\fssfltr.sys D909075FA72C090F27AA926C32CB4612 C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5 C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6 C:\Windows\System32\DRIVERS\HSX_DP.sys 78C88781FBD2FDD3BCBA09F58897FE45 C:\Windows\System32\DRIVERS\HSXHWBS2.sys 1E289F978D1E6F11DB88D4FCB2F9D92F C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4 C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHDA.sys 84ED2154239F9D013BBD3220755ADA8B C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718 C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1 C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614 C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\system32\drivers\kbdhid.sys 18247836959BA67E3511B62846B9C2E0 C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20 C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365 C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76 C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879 C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99 C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\system32\drivers\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6 C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 9BD4DCB5412921864A7AACDEDFBD1923 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 07C02C892E8E1A72D6BF35004F0E9C5E C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\system32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7 C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\System32\DRIVERS\netr73.sys 6CEE3BF2AB2839E6DCEE7C71D1C83E7B C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\System32\DRIVERS\nvmfdx32.sys D958A2B5F6AD5C3B8CCDC4D7DA62466C C:\Windows\System32\DRIVERS\nvlddmkm.sys 7BC6FB1F3AA696944CEB46D038FA90ED C:\Windows\System32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101 C:\Windows\system32\drivers\nvrd32.sys 085E88101D0D4B321ABF9C7E2B6EE99D C:\Windows\system32\drivers\nvsmu.sys 62754E376185EACBB73D06FEA0FFC54A C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177 C:\Windows\System32\DRIVERS\nvstor32.sys 1199B2052F7861C1D39C2318E70904C9 C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4 C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD C:\Windows\System32\DRIVERS\PS2.sys 390C204CED3785609AB24E9C52054A84 C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6 C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5 C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979 C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3 C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2 C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94 C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\serscan.sys EF70B3D22B4BFFDA6EA851ECB063EFAA C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 74E2D020C47BB2B2FCCBA29A518A7EB4 C:\Windows\System32\DRIVERS\tcpip.sys 74E2D020C47BB2B2FCCBA29A518A7EB4 C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206 C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27 C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9 C:\Windows\system32\drivers\usbccgp.sys ==> MD5 is legit C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42 C:\Windows\System32\DRIVERS\usbohci.sys CE697FEE0D479290D89BEC80DFE793B7 C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4 C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A C:\Windows\System32\DRIVERS\HSX_CNXT.sys 0869C31E0FF995BF00628AF8C1658E26 C:\Windows\system32\drivers\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Windows\System32\DRIVERS\xaudio.sys BFCC507ECA58F11C5FED96E192B878CB ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-03 13:55 - 2013-05-03 13:55 - 00000000 ____D C:\FRST 2013-05-02 19:38 - 2013-05-02 20:08 - 00000000 ____D C:\Users\Ben\Application Data\PCFixSpeed 2013-05-02 19:38 - 2013-05-02 20:08 - 00000000 ____D C:\Users\Ben\AppData\Roaming\PCFixSpeed 2013-05-02 19:37 - 2013-05-03 12:45 - 00000000 ____D C:\Program Files\MyPC Backup 2013-05-02 19:37 - 2013-05-02 21:41 - 00000000 ____D C:\Users\jblow\Application Data\PCFixSpeed 2013-05-02 19:37 - 2013-05-02 21:41 - 00000000 ____D C:\Users\jblow\AppData\Roaming\PCFixSpeed 2013-05-02 19:37 - 2013-05-02 19:37 - 00000886 ____A C:\Users\jblow\Desktop\MyPC Backup.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000861 ____A C:\Users\jblow\Desktop\Optimizer Pro.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000821 ____A C:ProgramData\Desktop\24x7 Help.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000821 ____A C:\Users\Public\Desktop\24x7 Help.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000774 ____A C:ProgramData\Desktop\Optimize Your PC.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000774 ____A C:\Users\Public\Desktop\Optimize Your PC.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000000 ____D C:ProgramData\PCFixSpeed 2013-05-02 19:37 - 2013-05-02 19:37 - 00000000 ____D C:ProgramData\Application Data\PCFixSpeed 2013-05-02 19:37 - 2013-05-02 19:37 - 00000000 ____D C:\Program Files\24x7Help 2013-05-02 19:36 - 2013-05-02 19:37 - 00000000 ____D C:\Program Files\PCFixSpeed 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Users\jblow\Local Settings\getsavin 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Users\jblow\Local Settings\Application Data\getsavin 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Users\jblow\AppData\Local\getsavin 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Program Files\Optimizer Pro 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____A C:\extensions.sqlite 2013-05-02 19:35 - 2013-05-02 19:35 - 00001831 ____A C:ProgramData\Desktop\avast! Free Antivirus.lnk 2013-05-02 19:35 - 2013-05-02 19:35 - 00001831 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-05-02 19:35 - 2013-04-30 05:19 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-05-02 19:35 - 2013-04-30 05:19 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-05-02 19:35 - 2013-04-30 05:19 - 00174536 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-05-02 19:35 - 2013-04-30 05:19 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-05-02 19:35 - 2013-04-30 05:19 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-05-02 19:35 - 2013-04-30 05:19 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys 2013-05-02 19:35 - 2013-04-30 05:19 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-05-02 19:35 - 2013-04-30 05:19 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-05-02 19:35 - 2013-04-30 05:18 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-05-02 19:34 - 2013-04-30 05:18 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr 2013-05-02 19:33 - 2013-05-02 19:33 - 00000000 ____D C:\Program Files\AVAST Software 2013-05-02 19:32 - 2013-05-02 19:33 - 00000000 ____D C:ProgramData\AVAST Software 2013-05-02 19:32 - 2013-05-02 19:33 - 00000000 ____D C:ProgramData\Application Data\AVAST Software 2013-05-02 19:03 - 2013-05-02 19:03 - 02042584 ____A (LiveSoftAction) C:\Users\Ben\Downloads\avast! Free Antivirus provided through GetNow.exe 2013-05-02 04:47 - 2013-05-02 17:01 - 00000181 ____A C:\Users\jblow\Desktop\avgrep.txt 2013-05-01 18:50 - 2013-05-01 18:50 - 00000000 ____D C:\sh4ldr 2013-05-01 18:50 - 2013-05-01 18:50 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-01 11:45 - 2013-05-01 11:45 - 00000000 ____D C:\Users\Ben\Local Settings\Application Data\Apple 2013-05-01 11:45 - 2013-05-01 11:45 - 00000000 ____D C:\Users\Ben\Local Settings\Apple 2013-05-01 11:45 - 2013-05-01 11:45 - 00000000 ____D C:\Users\Ben\AppData\Local\Apple 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:ProgramData\ztumnelk.oon 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:ProgramData\Application Data\ztumnelk.oon 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:\Users\jblow\Local Settings\nkvedzm.qeh 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:\Users\jblow\Local Settings\Application Data\nkvedzm.qeh 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:\Users\jblow\AppData\Local\nkvedzm.qeh 2013-04-17 21:48 - 2013-04-17 21:48 - 03895169 ____A C:\Users\jblow\Downloads\1004.wmv 2013-04-11 06:47 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-11 06:47 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-11 06:47 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-11 06:47 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-11 06:47 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-11 06:47 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-11 06:47 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-11 06:47 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-11 06:47 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-11 06:47 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-11 06:47 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-11 06:47 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-11 06:47 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-11 06:47 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-11 06:47 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-11 06:47 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-11 06:41 - 2013-04-11 06:47 - 00000000 ____D C:\963bb6f86dee5d1804315f5a323ae6 2013-04-10 07:13 - 2013-03-11 05:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-10 07:13 - 2013-03-11 05:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 07:13 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 07:13 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 07:13 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-04-10 07:13 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 07:13 - 2013-03-04 17:40 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 07:13 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======== 2013-05-03 13:55 - 2013-05-03 13:55 - 00000000 ____D C:\FRST 2013-05-03 12:49 - 2009-02-04 16:51 - 01979222 ____A C:\Windows\WindowsUpdate.log 2013-05-03 12:49 - 2006-11-02 05:01 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-03 12:49 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-03 12:45 - 2013-05-02 19:37 - 00000000 ____D C:\Program Files\MyPC Backup 2013-05-03 12:45 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-03 12:45 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-02 21:41 - 2013-05-02 19:37 - 00000000 ____D C:\Users\jblow\Application Data\PCFixSpeed 2013-05-02 21:41 - 2013-05-02 19:37 - 00000000 ____D C:\Users\jblow\AppData\Roaming\PCFixSpeed 2013-05-02 21:38 - 2011-09-25 17:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-02 21:29 - 2011-09-25 17:46 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-02 21:13 - 2012-07-15 12:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-02 20:08 - 2013-05-02 19:38 - 00000000 ____D C:\Users\Ben\Application Data\PCFixSpeed 2013-05-02 20:08 - 2013-05-02 19:38 - 00000000 ____D C:\Users\Ben\AppData\Roaming\PCFixSpeed 2013-05-02 19:37 - 2013-05-02 19:37 - 00000886 ____A C:\Users\jblow\Desktop\MyPC Backup.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000861 ____A C:\Users\jblow\Desktop\Optimizer Pro.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000821 ____A C:ProgramData\Desktop\24x7 Help.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000821 ____A C:\Users\Public\Desktop\24x7 Help.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000774 ____A C:ProgramData\Desktop\Optimize Your PC.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000774 ____A C:\Users\Public\Desktop\Optimize Your PC.lnk 2013-05-02 19:37 - 2013-05-02 19:37 - 00000000 ____D C:ProgramData\PCFixSpeed 2013-05-02 19:37 - 2013-05-02 19:37 - 00000000 ____D C:ProgramData\Application Data\PCFixSpeed 2013-05-02 19:37 - 2013-05-02 19:37 - 00000000 ____D C:\Program Files\24x7Help 2013-05-02 19:37 - 2013-05-02 19:36 - 00000000 ____D C:\Program Files\PCFixSpeed 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Users\jblow\Local Settings\getsavin 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Users\jblow\Local Settings\Application Data\getsavin 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Users\jblow\AppData\Local\getsavin 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____D C:\Program Files\Optimizer Pro 2013-05-02 19:36 - 2013-05-02 19:36 - 00000000 ____A C:\extensions.sqlite 2013-05-02 19:36 - 2013-02-24 11:37 - 00000000 ____A C:\END 2013-05-02 19:35 - 2013-05-02 19:35 - 00001831 ____A C:ProgramData\Desktop\avast! Free Antivirus.lnk 2013-05-02 19:35 - 2013-05-02 19:35 - 00001831 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-05-02 19:35 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt 2013-05-02 19:33 - 2013-05-02 19:33 - 00000000 ____D C:\Program Files\AVAST Software 2013-05-02 19:33 - 2013-05-02 19:32 - 00000000 ____D C:ProgramData\AVAST Software 2013-05-02 19:33 - 2013-05-02 19:32 - 00000000 ____D C:ProgramData\Application Data\AVAST Software 2013-05-02 19:05 - 2012-12-05 18:41 - 00000000 ____D C:\Windows\System32\Drivers\Avg 2013-05-02 19:03 - 2013-05-02 19:03 - 02042584 ____A (LiveSoftAction) C:\Users\Ben\Downloads\avast! Free Antivirus provided through GetNow.exe 2013-05-02 17:01 - 2013-05-02 04:47 - 00000181 ____A C:\Users\jblow\Desktop\avgrep.txt 2013-05-02 04:57 - 2009-03-06 21:54 - 00001356 ____A C:\Users\jblow\Local Settings\d3d9caps.dat 2013-05-02 04:57 - 2009-03-06 21:54 - 00001356 ____A C:\Users\jblow\Local Settings\Application Data\d3d9caps.dat 2013-05-02 04:57 - 2009-03-06 21:54 - 00001356 ____A C:\Users\jblow\AppData\Local\d3d9caps.dat 2013-05-02 04:22 - 2012-12-13 18:30 - 00000314 ____A C:\Windows\Tasks\HPCeeScheduleForBen.job 2013-05-01 21:10 - 2009-03-04 21:28 - 00000000 ____D C:ProgramData\Spybot - Search & Destroy 2013-05-01 21:10 - 2009-03-04 21:28 - 00000000 ____D C:ProgramData\Application Data\Spybot - Search & Destroy 2013-05-01 21:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool 2013-05-01 21:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc 2013-05-01 21:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration 2013-05-01 21:10 - 2006-11-02 02:22 - 53477376 ____A C:\Windows\System32\config\software_previous 2013-05-01 21:10 - 2006-11-02 02:22 - 33292288 ____A C:\Windows\System32\config\system_previous 2013-05-01 21:07 - 2006-11-02 02:22 - 41156608 ____A C:\Windows\System32\config\components_previous 2013-05-01 21:07 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous 2013-05-01 20:03 - 2006-11-02 02:22 - 03932160 ____A C:\Windows\System32\config\default_previous 2013-05-01 20:03 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous 2013-05-01 18:50 - 2013-05-01 18:50 - 00000000 ____D C:\sh4ldr 2013-05-01 18:50 - 2013-05-01 18:50 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-01 11:45 - 2013-05-01 11:45 - 00000000 ____D C:\Users\Ben\Local Settings\Application Data\Apple 2013-05-01 11:45 - 2013-05-01 11:45 - 00000000 ____D C:\Users\Ben\Local Settings\Apple 2013-05-01 11:45 - 2013-05-01 11:45 - 00000000 ____D C:\Users\Ben\AppData\Local\Apple 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:ProgramData\ztumnelk.oon 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:ProgramData\Application Data\ztumnelk.oon 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:\Users\jblow\Local Settings\nkvedzm.qeh 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:\Users\jblow\Local Settings\Application Data\nkvedzm.qeh 2013-04-30 21:02 - 2013-04-30 21:02 - 00055808 ____A C:\Users\jblow\AppData\Local\nkvedzm.qeh 2013-04-30 21:00 - 2013-03-10 13:40 - 00000464 ____A C:\Users\jblow\Desktop\MSN.com.website 2013-04-30 05:19 - 2013-05-02 19:35 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-04-30 05:19 - 2013-05-02 19:35 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-04-30 05:19 - 2013-05-02 19:35 - 00174536 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-04-30 05:19 - 2013-05-02 19:35 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-04-30 05:19 - 2013-05-02 19:35 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-04-30 05:19 - 2013-05-02 19:35 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys 2013-04-30 05:19 - 2013-05-02 19:35 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-04-30 05:19 - 2013-05-02 19:35 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-04-30 05:18 - 2013-05-02 19:35 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-04-30 05:18 - 2013-05-02 19:34 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr 2013-04-26 20:14 - 2009-07-29 18:48 - 00000000 ____D C:\Users\jblow\Application Data\HpUpdate 2013-04-26 20:14 - 2009-07-29 18:48 - 00000000 ____D C:\Users\jblow\AppData\Roaming\HpUpdate 2013-04-22 09:50 - 2009-05-25 09:13 - 00000052 ____A C:\Windows\System32\DOErrors.log 2013-04-17 21:48 - 2013-04-17 21:48 - 03895169 ____A C:\Users\jblow\Downloads\1004.wmv 2013-04-15 19:39 - 2009-03-04 19:12 - 00000322 ____A C:\Windows\Tasks\HPCeeScheduleForjblow.job 2013-04-14 17:37 - 2009-07-22 21:00 - 00000000 ____D C:ProgramData\Application Data\Adobe 2013-04-14 17:37 - 2009-07-22 21:00 - 00000000 ____D C:ProgramData\Adobe 2013-04-14 17:35 - 2012-04-03 17:08 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-04-14 17:35 - 2011-05-12 20:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-04-13 17:05 - 2009-03-06 21:54 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job 2013-04-11 08:02 - 2006-11-02 04:47 - 00336400 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-11 08:01 - 2008-01-20 18:47 - 00237616 ____A C:\Windows\PFRO.log 2013-04-11 06:47 - 2013-04-11 06:41 - 00000000 ____D C:\963bb6f86dee5d1804315f5a323ae6 2013-04-11 06:42 - 2006-11-02 02:24 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-04-10 12:30 - 2012-07-09 21:13 - 00001973 ____A C:ProgramData\Desktop\Google Chrome.lnk 2013-04-10 12:30 - 2012-07-09 21:13 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-02 19:33:52 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale en-US inherit {globalsettings} default {default} resumeobject {5db5f3cb-ac5b-11dd-98bc-0023543a840b} displayorder {default} toolsdisplayorder {memdiag} timeout 30 resume No customactions 0x1000085000001 0x54000001 custom:54000001 {863df33e-9817-11dc-b72e-001b24047e4e} Windows Boot Loader ------------------- identifier {current} device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description HP Recovery Manager osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale en-US inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {5db5f3cb-ac5b-11dd-98bc-0023543a840b} nx OptIn Windows Boot Loader ------------------- identifier {863df33e-9817-11dc-b72e-001b24047e4e} device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description F11 Boot from BCD osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes Resume from Hibernate --------------------- identifier {5db5f3cb-ac5b-11dd-98bc-0023543a840b} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes Windows Legacy OS Loader ------------------------ identifier {ntldr} device partition=C: path \ntldr description Earlier Version of Windows EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} extendedinput Yes Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk Device Options ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi Setup Ramdisk Options --------------------- identifier {ramdiskoptions} description RAM Disk Settings ramdisksdidevice partition=D: ramdisksdipath \boot\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2941.83 MB Available physical RAM: 2370.88 MB Total Pagefile: 2625.66 MB Available Pagefile: 2452.99 MB Total Virtual: 2047.88 MB Available Virtual: 1972.74 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:286.43 GB) (Free:240.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.66 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 1912 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 286 GB 32 KB Partition 2 Primary 12 GB 286 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C HP NTFS Partition 286 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D FACTORY_IMA NTFS Partition 12 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1912 MB 240 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F USB DISK FAT32 Removable 1912 MB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (Size: 298 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 2 GB) (Disk ID: F2128805) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) Last Boot: 2013-05-02 20:17 ==================== End Of Log ============================
  6. After looking at other threads, I have downloaded the FarBar and the program has been run. So I have the FRST.txt file.
  7. Hello Folks! So my Fiancee was browsing around on Pintrest the other night, and she clicked a pin to show it in a bigger view. Then after you have the option to click the pin again and it will take you to the website associated with that pin. As soon as she clicked and her computer navigated to that website she saw a quick download flash across her screen and then it went black. When it came back on a moment later she had the FBI Moneypak Virus and she wasn't able to go into any recovery or safemode with the exception of the command prompt. Really just be careful with what you see posted and what you're clicking. If possible try and have some sort of virus protection that can scan the webpages you're about to visit and give you a heads up. -David
  8. Hi, My laptop was infected with the FBI Moneypak virus a couple days ago. At first I saw the typical screen that other people reported, and now it's just a blank white screen (could this be because I disconnected the Wifi?). The same thing happens when I try to start in safe mode, and safe mode with networking. I tried to restore the system using safe mode with command prompt, but it turns out the system restore wasn't turned on. Other background info: The laptop is a used laptop I purchased off the internet about 3 weeks ago. The laptop appears to have been wiped clean before it was sold. I do not have the installation discs that came with the laptop. Please help!
  9. MrC, Attached are the txt logs you requested. Thanks again for the help here. FRST.txt Search.txt
  10. Alrighty MrC, i started a new topic just as you requested. the files are attached below. hope that this can help you solve the problem... Thanks, -Mr. Sun FRST.txt Search.txt
  11. I have FBI MoneyPak on laptop running Win 7 x64, and can't find a solution to remove it. It won't allow access to normal mode and won't boot to Safe Mode. Would someone please help me... Thank you.
  12. Followed instructions found in other posts: Started in Repair mode Ran Farbar Recovery Scan Ran Search on services.exe. Results of scans. Thanks in advance for help/assistance. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2013 Ran by SYSTEM at 15-02-2013 17:45:51 Running from H:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.) HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.) HKU\Christina Bunn\...\Run: [AdobeBridge] [x] HKU\Christina Bunn\...\Winlogon: [shell] explorer.exe,C:\Users\Christina Bunn\AppData\Roaming\skype.dat [122880 2011-11-16] () HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, HKLM-x32\...\Winlogon: [userinit] c:\windows\syswow64\userinit.exe, [x] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54 Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Christina Bunn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) =================== 3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) 3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-15] (McAfee, Inc.) 2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-24] (DigitalPersona, Inc.) 4 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) 2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.) 4 HP ProtectTools Service; "C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe" [36864 2009-11-18] (Hewlett-Packard Development Company, L.P) 2 HpFkCryptService; "C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [281192 2009-12-15] (McAfee, Inc.) 4 hpHotkeyMonitor; "C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe" [280120 2010-10-01] (Hewlett-Packard Company) 2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375728 2012-11-03] (LogMeIn, Inc.) 2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147888 2012-11-03] (LogMeIn, Inc.) 2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.) 4 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [378952 2012-11-22] (McAfee, Inc.) 2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.) 2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.) 2 mfevtp; "C:\windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.) 2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) 2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) ==================== Drivers (Whitelisted) ===================== 3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.) 3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) 3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) 2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.) 3 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.) 3 mfencrk; C:\Windows\System32\Drivers\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.) 1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-15] (McAfee, Inc.) 1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-15] (McAfee, Inc.) 3 rtsuvc; C:\Windows\System32\Drivers\rtsuvc.sys [96384 2010-05-20] (Realtek Semiconductor Corp.) 0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-15] (McAfee, Inc.) 0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-15] (McAfee, Inc.) 0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) 0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-15] (McAfee, Inc.) 0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-15] (McAfee, Inc.) 0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-15] (McAfee, Inc.) 4 LMIRfsClientNP; [x] 3 mfeavfk01; [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-02-12 16:56 - 2013-02-15 16:35 - 00000004 ____A C:\Users\Christina Bunn\AppData\Roaming\skype.ini 2013-02-12 16:51 - 2013-02-12 16:51 - 00122880 ____A C:\Users\Christina Bunn\wgsdgsdgdsgsd.exe 2013-01-27 13:43 - 2013-01-27 13:43 - 00278304 ____A C:\Windows\Minidump\012713-14414-01.dmp 2013-01-27 13:43 - 2013-01-27 13:43 - 00000000 ____D C:\Windows\Minidump ==================== One Month Modified Files and Folders ======= 2013-02-15 17:25 - 2013-02-15 17:25 - 00000000 ____D C:\FRST 2013-02-15 16:35 - 2013-02-12 16:56 - 00000004 ____A C:\Users\Christina Bunn\AppData\Roaming\skype.ini 2013-02-15 16:35 - 2010-12-20 01:57 - 02016849 ____A C:\Windows\WindowsUpdate.log 2013-02-15 16:35 - 2009-07-13 20:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-15 16:35 - 2009-07-13 20:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-15 16:33 - 2012-09-28 08:19 - 00000000 ___RD C:\Users\Christina Bunn\Dropbox 2013-02-15 16:33 - 2012-09-28 07:59 - 00000000 ____D C:\Users\Christina Bunn\AppData\Roaming\Dropbox 2013-02-15 16:33 - 2011-05-05 06:29 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-15 16:30 - 2012-04-09 10:16 - 00032702 ____A C:\Windows\setupact.log 2013-02-15 16:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-15 16:27 - 2011-12-17 09:31 - 00000000 ____D C:\Users\Christina Bunn\AppData\Local\Adobe 2013-02-15 16:25 - 2011-05-05 06:29 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-15 16:22 - 2009-07-13 21:13 - 00821768 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-15 16:21 - 2012-04-09 11:49 - 00001844 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk 2013-02-15 16:21 - 2011-04-30 20:38 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-02-15 16:15 - 2012-04-01 13:25 - 00000000 ____D C:\ProgramData\LogMeIn 2013-02-12 16:51 - 2013-02-12 16:51 - 00122880 ____A C:\Users\Christina Bunn\wgsdgsdgdsgsd.exe 2013-02-12 16:51 - 2011-04-29 17:17 - 00000000 ____D C:\users\Christina Bunn 2013-02-12 16:39 - 2012-04-03 06:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-12 06:42 - 2012-04-03 06:35 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-02-12 06:42 - 2011-07-06 09:58 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-02-09 18:17 - 2009-07-27 08:14 - 00000000 ____D C:\swsetup 2013-02-05 16:21 - 2011-05-06 07:14 - 00000000 ____D C:\Users\Christina Bunn\AppData\Local\CrashDumps 2013-02-02 17:10 - 2011-12-29 12:02 - 00000000 ____D C:\Users\Christina Bunn\Documents\Semira's! 2013-02-02 06:32 - 2012-09-28 08:19 - 00001006 ____A C:\Users\Christina Bunn\Desktop\Dropbox.lnk 2013-01-27 13:43 - 2013-01-27 13:43 - 00278304 ____A C:\Windows\Minidump\012713-14414-01.dmp 2013-01-27 13:43 - 2013-01-27 13:43 - 00000000 ____D C:\Windows\Minidump 2013-01-27 13:43 - 2012-06-14 05:56 - 330860171 ____A C:\Windows\MEMORY.DMP 2013-01-25 06:15 - 2012-04-09 11:48 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-01-25 06:15 - 2012-04-09 10:16 - 00016428 ____A C:\Windows\PFRO.log ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-17 18:26:17 Restore point made on: 2013-01-25 08:05:13 Restore point made on: 2013-02-01 08:41:08 Restore point made on: 2013-02-08 19:46:33 Restore point made on: 2013-02-09 17:56:25 Restore point made on: 2013-02-09 17:56:46 ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 3887.43 MB Available physical RAM: 3081.93 MB Total Pagefile: 3885.58 MB Available Pagefile: 3197.44 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:448.47 GB) (Free:378.49 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.89 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32 4 Drive g: (Manners Minder Remote Reward Tra) (CDROM) (Total:3.48 GB) (Free:0 GB) UDF 5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 7633 MB 0 B Partitions of Disk 0: =============== Disk ID: 5410EA30 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 300 MB 1024 KB Partition 2 Primary 448 GB 301 MB Partition 3 Primary 15 GB 448 GB Partition 4 Primary 2043 MB 463 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 300 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 448 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E HP_RECOVERY NTFS Partition 15 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 2043 MB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7633 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 7633 MB Healthy ========================================================= Last Boot: 2013-02-03 15:56 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x64) Version: 15-02-2013 Ran by SYSTEM at 2013-02-15 17:42:21 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  13. I encountered a nasty version of the FBI Moneypak trojan on Oct 12. I ended up having to run chkdsk /f before I could roll back the registry, but that was successful and Malwarebytes removed the trojan afterwards. THE PROBLEM: I'm not sure if the following string is related to FBI Moneypak, but it shows up every time I run a Malwarebytes scan. Rebooting after a successful scan/delete tells me that a file is hiding in some sector of the HDD. Here's the string I get within the mbam log (see bold text): Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.12.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Pete :: BADBOY [administrator] 10/15/2012 12:25:02 PM mbam-log-2012-10-15 (12-25-02).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 437276 Time elapsed: 52 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|4501 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msyufim.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ______________________________________________________________________ Running a hdd search for msyufim.bat turned up nothing. I saved logs from several different utilities as suggested by a Malwarebytes moderator within a forum on this site, so I'll attach the logs to this post. I also ran the registry cleaner by Iobit after running the scans and creating these logs. The above-referenced string still comes up after scanning with Malwarebytes. Avast detects nothing, even misses the FBI Moneypak after it's infected the PC. Any help would be appreciated. Thanks. AdwCleanerS2.txt aswMBR.txt Extras.Txt mbam-log-2012-10-12 (13-03-00).txt mbam-log-2012-10-15 (16-39-26).txt OTL.Txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.