Jump to content

Search the Community

Showing results for tags 'MoneyPak'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Downloaded and ran FRST and have Search.txt and FRST.txt. Can someone tell me how to remove this infection? Thanks for any help. FRST.txt Search.txt
  2. I'm at my wits end, I contracted the FBI Moneypak virus the other day and can't get rid of it. I have Symantec and ran a scan, no luck. Malwarebytes didn't pick up anything either. I can only run in safe mode. I have Windows 8. Please help. BTW can I safely backup my files to an external hard drive? JB
  3. Hello. Earlier this evening I opened a blog on Tumblr and it turned into a fake FBI warning thing saying I had to pay money via Moneypak because it was 'locking my internet' and I wouldn't be able to get on the internet anymore. It wouldn't let me use the browser X button to close so I used the Task Manager to shut off my Chrome browser. I ran a Malwarebytes full scan and it found nothing. I followed advice on the internet regarding getting into safe mode and doing a system restore, as well as checking various folders (like AppData) for suspicious files and even spent time looking for suspicious things in regedit from a list I found. Didn't see anything strange. Ran another scan while in safe mode and nothing. Cleared out everything (history, passwords, cache, the whole 9 yards) from Chrome, booted to normal mode. Ran Rkill and I'm mostly sure it didn't find anything either since it didn't say it did. Incidentally, I am using Chrome to type this and it isn't locked down. Is it safe to assume that I'm okay since nothing ever came up?
  4. I have an old desktop that runs WinXP that has the Department of Homeland Security ICE ransomeware. I can't boot into Safemode (Just restarts after hitting enter), It won't let me boot from USB and booting Last Known Good Config doesn't help either. I've tried to run OTLPENet.exe on a CD but it comes up an error with something like: "cda1000.sy_ (4096) at line 3540 d:\xpsrtm\base\boot\setup\setup.c " Can this be removed or am I basically up the creek without a paddle.. fighting giant aliens without a giant robot.. Clinton without a Monica? Am I doomed to reformat?
  5. I used the Kaspersky 10 Rescue Disk to remove the Ransomware and after being able to access the desktop I ran MBAM and DDS just to be safe but I want to know this system is good to go before all this happened as it's still being a bit sluggish. I've just attached the DDS logs but I can also post the MBAM if needed. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702Run by Owner at 11:37:02 on 2013-11-27Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.608 [GMT -7:00].AV: OMG Total Protection OMG Total Protection *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}.============== Running Processes ================.C:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\System32\alg.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalService.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, optimized for Bing and MSNmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1TCP: Interfaces\{D0F1D738-F426-4D3A-B448-799ECFCD6B5C} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\gbcac4do.default\.============= SERVICES / DRIVERS ===============.R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-27 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-27 701512]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-27 22856].=============== Created Last 30 ================.2013-11-27 09:51:15 -------- d--h--w- c:\documents and settings\all users\application data\Common Files2013-11-27 09:51:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\MFAData2013-11-27 09:51:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\Avg20142013-11-27 09:51:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData2013-11-27 09:48:11 -------- d-----w- c:\program files\MSECache2013-11-27 09:32:05 -------- d-----w- c:\program files\Microsoft ActiveSync2013-11-27 08:38:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer2013-11-27 08:08:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla2013-11-27 07:56:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)2013-11-27 07:51:50 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-11-27 07:43:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-27 07:43:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-11-25 23:29:53 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes2013-11-25 23:18:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple2013-11-18 19:23:49 -------- d-sh--w- c:\documents and settings\owner\IETldCache2013-11-18 11:49:02 -------- d-----w- c:\windows\tmp2013-11-05 03:00:58 -------- d---a-w- C:\Kaspersky Rescue Disk 10.02013-11-04 23:32:55 393 ----a-w- c:\documents and settings\all users\application data\w9qqfrbn.reg2013-10-31 00:13:39 1034240 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys2013-10-29 16:44:08 53299 ----a-w- c:\windows\system32\pthreadVC.dll2013-10-29 16:44:08 50704 ----a-w- c:\windows\system32\drivers\npf.sys2013-10-29 16:44:08 281104 ----a-w- c:\windows\system32\wpcap.dll2013-10-29 16:44:08 100880 ----a-w- c:\windows\system32\Packet.dll2013-10-29 16:43:48 -------- d-----w- c:\program files\NETGEAR.==================== Find3M ====================.2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec2013-09-20 15:38:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-20 15:38:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-09 08:52:46 632656 ----a-w- c:\windows\system32\msvcr80.dll2013-09-09 08:52:46 554832 ----a-w- c:\windows\system32\msvcp80.dll2013-09-09 08:52:46 479232 ----a-w- c:\windows\system32\msvcm80.dll.============= FINISH: 11:37:59.82 =============== _______________________________________________________________________________________________________________ .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 11/13/2012 12:52:26 PMSystem Uptime: 11/27/2013 11:27:19 AM (0 hours ago).Motherboard: Micro-Star Inc. | | MS-6534 Processor: Intel® Pentium® 4 CPU 1.60GHz | PGA478 | 1600/100mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 37 GiB total, 0.558 GiB free.D: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 11/18/2013 12:24:23 PM - System CheckpointRP2: 11/27/2013 1:38:09 AM - Installed Apple Application SupportRP3: 11/27/2013 2:09:54 AM - Software Distribution Service 3.0RP4: 11/27/2013 2:19:22 AM - Software Distribution Service 3.0RP5: 11/27/2013 2:29:37 AM - Installed Microsoft Office Professional Edition 2003RP6: 11/27/2013 2:49:08 AM - Installed Compatibility Pack for the 2007 Office system.==== Installed Programs ======================.Apple Application SupportCompatibility Pack for the 2007 Office systemHotfix for Windows Media Format 11 SDK (KB929399)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft Office Professional Edition 2003Mozilla Firefox 25.0.1 (x86 en-US)Mozilla Maintenance ServiceSecurity Update for Windows XP (KB2570947)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2862152)Security Update for Windows XP (KB2868626)Security Update for Windows XP (KB2876331)Security Update for Windows XP (KB2900986)Update for Windows XP (KB2467659)Update for Windows XP (KB898461)WebFldrs XPWinRAR 5.01 beta 1 (32-bit).==== Event Viewer Messages From Past Week ========.11/27/2013 3:01:42 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.11/27/2013 12:50:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MBAMScheduler service to connect.11/27/2013 12:50:30 AM, error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/25/2013 4:47:58 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s)..==== End Of File ===========================
  6. Hi, This has taken over my computer. Can't start in safe mode at all and regular mode is simply a static screen. Running Windows 7 64. What do I do first? Thanks T
  7. Hi, so i've recently caught the Moneypak virus...Again. last time this happend i was able to look up how to remove it my self, but this time the virus is a lot stronger. I can't go into my safemode in order to use any fixes. i read a post from back in May and it was said to download "Farbar" so you guys can take a look and advise further so i've taken the libertry of doing so. FRST.txt Please help me out it would be most appreciated.
  8. Hello MB, I have recently acquired the MoneyPak Virus. When it popped up i assumed virus and had to manually restart computer. From then on it would not allow me to sign into my account but it allows me to sign in either in temporary OR on my administrator. However, my account is where ALL my files and such are. I cannot seem to get to my data no matter what i do. It seems like the virus has locked me out of it. Also, i tried a system restore and no luck. AVG looks like its broken cause it will not scan and malwarebytes is currently scanning, it comes up with something new each time i scan. Ill post the log, i just have no clue really what i need to do and would love some assistance. Most Sincerely, David
  9. Hello, my laptop has contracted the FBI moneypak malware. I have encountered different renditions of this malware several times before and seemed to successfully remove it via step by step instructions according to a youtube video. The issue now is that I cannot log into safe mode or safe mode with command prompt to remove the malware. Every time that I try to sign in, a few seconds into the loading for the login I am logged off and the computer is automatically restarted. I have no option but a regular login where the ransomware appears and advertises its demands. What can I do to remove this kind of moneypak? It has probably been around two weeks since I've been able to use my laptop.
  10. Hi please help me - i Have read previous posts on this and have the following scan info from running FRST64 with command prompt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013 Ran by SYSTEM on MININT-2IAHU3H on 04-09-2013 21:39:52 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [synAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-15] (Realtek Semiconductor) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-17] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [sonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x] HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.) ==================== Services (Whitelisted) ================= S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 22:12 - 2013-09-03 22:12 - 00000272 ____H C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job 2013-08-19 19:32 - 2013-08-19 19:32 - 00000000 ____D C:\Windows\System32\MRT ==================== One Month Modified Files and Folders ======= 2013-09-04 21:38 - 2013-09-04 21:38 - 00000000 ____D C:\FRST 2013-09-03 22:51 - 2012-06-13 16:19 - 00001984 _____ C:\Windows\System32\AutoRunFilter.ini 2013-09-03 22:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-03 22:50 - 2009-07-13 20:51 - 00048883 _____ C:\Windows\setupact.log 2013-09-03 22:12 - 2013-09-03 22:12 - 00000272 ____H C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job 2013-09-03 22:09 - 2012-02-17 23:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-03 22:05 - 2012-11-15 10:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-03 22:03 - 2012-06-13 16:10 - 01922983 _____ C:\Windows\WindowsUpdate.log 2013-08-30 05:40 - 2013-04-25 09:04 - 00048384 _____ C:\Windows\IE9_main.log 2013-08-21 20:05 - 2012-11-15 10:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 20:05 - 2012-11-15 10:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-19 19:36 - 2009-07-13 21:13 - 00793204 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-19 19:34 - 2013-08-19 19:32 - 00000000 ____D C:\Windows\System32\MRT 2013-08-19 19:32 - 2012-11-15 09:01 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-14 17:03 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-14 17:03 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-05 17:49 - 2013-06-01 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-05 16:55 - 2012-11-06 20:00 - 00000000 ___HD C:\ASUS.DAT 2013-08-05 16:54 - 2013-04-03 06:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-05 16:54 - 2013-04-03 06:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-05 16:54 - 2012-02-17 23:15 - 00051132 _____ C:\Windows\PFRO.log Files to move or delete: ==================== C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-10 17:21:36 Restore point made on: 2013-08-14 16:59:13 Restore point made on: 2013-08-19 19:29:43 Restore point made on: 2013-08-21 19:55:53 Restore point made on: 2013-08-26 06:52:14 Restore point made on: 2013-08-28 18:35:59 Restore point made on: 2013-08-30 05:38:18 Restore point made on: 2013-09-02 12:28:04 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6048.13 MB Available physical RAM: 5347.14 MB Total Pagefile: 6046.27 MB Available Pagefile: 5348.2 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:70.41 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.76 GB) NTFS Drive f: (CORSAIR) (Removable) (Total:15.05 GB) (Free:14.73 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3102A4B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=119 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2013-08-28 20:11 ==================== End Of Log ============================ I dont know what to do from here please help Thank you
  11. Hello, I have been infected with the MoneyPak virus; I am unable to run Farbar from anything but System Repair in the advanced BIOS options. Here is the log from Farbar. Thank you, JJ FRST.txt
  12. I have Malwarebytes pro real-time protection running on a windows xp laptop (fully patched). The laptop was infected with the MoneyPak FBI NSA ransom. Once I used hitmanpro kickstart to unlock the laptop and ran a scan of malwarebytes, 33 infections were cleaned up. I'm just looking for advice on how this go through the real-time protection of malwarebytes. MWB was up to date with the latest definitions as well. It's concerning because I purchased the pro version of MWB for my friend so this sort of thing would not happen and it happened twice. Obviously, I question his browsing but still want to understand what i can do to better prevent this going forward.
  13. Why does Malwarebytes not block the FBI Moneypak virus? It removes it for the most part, I think, but I continue to have this pop up on my system even when MB is running and has been updated.
  14. I have MoneyPak FBI virus on machine running Wndows XP SP3 Cannot boot into SAFE MODE or SAFE MODE WITH NETWORKING (both result in blue screen of death) Cannot access any menus or System Manager on startup - the scumbags are in total control Have a memory stick available with yesterday's downloads of: FRST.exe tdsskiller.exe mbar-1.06.0.1004.zip SecurityCheck.exe ComboFix.exe I would surely appreciate any available help regaining control
  15. This sounds like quite a bargain, but not so sure about how to sign up for moneypad. Can anyone help? I get this on my XP pc and my W7 laptop. Actually, instead can you tell me where I can download the FRST or Farbar. I decide to fight and not fall victim to their extortion techniques.
  16. Okay so I got a really bad moneypak virus 2 dys ago and I cannot access any of the safe modes and my system restore points are deleted apparently. Ive been doing a little research and downloaded FRST64 and got to the step where you get some sort of log code or text and I don't think I can go any further. I could really use some help. Also I hope this is the right forum to post in, I was told the last one was wong. Ill post the log inf from FRST64 scan if it helps Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02 Ran by SYSTEM on 18-06-2013 15:16:51 Running from F:\ Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" [153624 2009-03-13] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [225816 2009-03-13] (Intel Corporation) HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [200216 2009-03-13] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1713448 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] "C:\Windows\system32\thpsrv" /logon [x] HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation) HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x] HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [304496 2009-03-17] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul [733648 2013-05-29] (Webroot) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.) HKU\Mcx1-OWNER-PC\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Mcx1-OWNER-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196096 2009-12-01] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1555968 2009-04-10] (Microsoft Corporation) HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-09-18] (BitTorrent, Inc.) HKU\Owner\...\Run: [spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-04] () HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Owner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe [58368 2013-06-16] (Mozilla Foundation) HKU\Owner\...\Policies\system: [DisableCMD] 0 HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0 HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0 HKU\Owner\...\Winlogon: [shell] cmd.exe [363008 2008-01-20] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe" <===== ATTENTION! Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) S2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [733648 2013-05-29] (Webroot) ==================== Drivers (Whitelisted) ==================== S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.) S3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112616 2013-06-12] (Webroot) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 motccgp; system32\DRIVERS\motccgp.sys [x] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 00:41 - 2013-06-16 00:42 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-13 23:54 - 2013-06-13 23:55 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:02 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 00:02 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 00:02 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 00:02 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 00:02 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 00:02 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 00:02 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 00:02 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-13 00:02 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-13 00:02 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-13 00:02 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-13 00:02 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-13 00:02 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 06:21 - 2013-05-07 20:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 06:21 - 2013-05-01 20:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 06:21 - 2013-04-23 18:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 06:21 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 06:21 - 2013-04-17 05:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 06:21 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-10 23:34 - 2013-06-10 23:36 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:33 - 2013-06-10 23:36 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:33 - 2013-06-10 23:36 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:53 - 2013-06-09 22:55 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:11 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:28 - 2013-05-28 00:39 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 19:58 - 2013-05-21 21:45 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== One Month Modified Files and Folders ======= 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 11:29 - 2011-11-08 16:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 11:27 - 2012-01-17 16:19 - 00000740 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk 2013-06-16 11:27 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:20 - 2011-09-28 10:12 - 02052521 ____A C:\Windows\WindowsUpdate.log 2013-06-16 10:45 - 2011-09-28 09:12 - 00000000 ____D C:\users\Owner 2013-06-16 10:45 - 2006-11-02 07:42 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-16 10:27 - 2012-11-13 13:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 09:49 - 2011-11-08 16:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 09:02 - 2012-01-20 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent 2013-06-16 00:42 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-15 12:24 - 2012-01-17 12:11 - 00000000 ____D C:\ProgramData\WRData 2013-06-13 23:55 - 2013-06-13 23:54 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-06-13 00:31 - 2011-11-10 01:24 - 00000000 ___RD C:\Users\Owner\Dropbox 2013-06-13 00:31 - 2011-11-10 01:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox 2013-06-13 00:09 - 2011-09-28 10:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 00:04 - 2006-11-02 04:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-12 15:40 - 2012-01-17 12:12 - 00150160 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll 2013-06-12 15:40 - 2012-01-17 12:12 - 00112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2013-06-12 15:40 - 2012-01-17 12:12 - 00102792 ____A (Webroot) C:\Windows\System32\WRusr.dll 2013-06-12 00:24 - 2012-11-13 13:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 00:24 - 2011-10-04 15:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-10 23:36 - 2013-06-10 23:34 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:36 - 2013-06-10 23:33 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:36 - 2013-06-10 23:33 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:55 - 2013-06-09 22:53 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-06-04 22:54 - 2011-10-24 00:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc 2013-06-02 03:42 - 2009-08-27 12:30 - 00002611 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk 2013-05-29 00:31 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-05-29 00:19 - 2012-05-06 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:13 - 2013-05-28 23:11 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:39 - 2013-05-28 00:28 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-28 00:26 - 2013-05-13 23:12 - 00000000 ____D C:\Users\Owner\Adventure Time 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 21:45 - 2013-05-21 19:58 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 3963.04 MB Available physical RAM: 3415.7 MB Total Pagefile: 3714.9 MB Available Pagefile: 3392.15 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:0.51 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS (Disk=0 Partition=1) Drive f: (USB DISK) (Removable) (Total:1.91 GB) (Free:0.37 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 630A7672) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=286 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 80286688) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-13 12:38 ==================== End Of Log ============================
  17. Okay so I got a really bad moneypak virus 2 dys ago and I cannot access any of the safe modes and my system restore points are deleted apparently. Ive been doing a little research and downloaded FRST64 and got to the step where you get some sort of log code or text and I don't think I can go any further. I could really use some help. Ill post the log inf from FRST64 scan if it helps Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02 Ran by SYSTEM on 18-06-2013 15:16:51 Running from F:\ Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" [153624 2009-03-13] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [225816 2009-03-13] (Intel Corporation) HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [200216 2009-03-13] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1713448 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] "C:\Windows\system32\thpsrv" /logon [x] HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation) HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x] HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [304496 2009-03-17] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul [733648 2013-05-29] (Webroot) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.) HKU\Mcx1-OWNER-PC\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Mcx1-OWNER-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196096 2009-12-01] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1555968 2009-04-10] (Microsoft Corporation) HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-09-18] (BitTorrent, Inc.) HKU\Owner\...\Run: [spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-04] () HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Owner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe [58368 2013-06-16] (Mozilla Foundation) HKU\Owner\...\Policies\system: [DisableCMD] 0 HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0 HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0 HKU\Owner\...\Winlogon: [shell] cmd.exe [363008 2008-01-20] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe" <===== ATTENTION! Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) S2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [733648 2013-05-29] (Webroot) ==================== Drivers (Whitelisted) ==================== S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.) S3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112616 2013-06-12] (Webroot) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 motccgp; system32\DRIVERS\motccgp.sys [x] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 00:41 - 2013-06-16 00:42 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-13 23:54 - 2013-06-13 23:55 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:02 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 00:02 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 00:02 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 00:02 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 00:02 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 00:02 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 00:02 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 00:02 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-13 00:02 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-13 00:02 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-13 00:02 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-13 00:02 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-13 00:02 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 06:21 - 2013-05-07 20:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 06:21 - 2013-05-01 20:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 06:21 - 2013-04-23 18:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 06:21 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 06:21 - 2013-04-17 05:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 06:21 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-10 23:34 - 2013-06-10 23:36 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:33 - 2013-06-10 23:36 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:33 - 2013-06-10 23:36 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:53 - 2013-06-09 22:55 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:11 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:28 - 2013-05-28 00:39 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 19:58 - 2013-05-21 21:45 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== One Month Modified Files and Folders ======= 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 11:29 - 2011-11-08 16:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 11:27 - 2012-01-17 16:19 - 00000740 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk 2013-06-16 11:27 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:20 - 2011-09-28 10:12 - 02052521 ____A C:\Windows\WindowsUpdate.log 2013-06-16 10:45 - 2011-09-28 09:12 - 00000000 ____D C:\users\Owner 2013-06-16 10:45 - 2006-11-02 07:42 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-16 10:27 - 2012-11-13 13:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 09:49 - 2011-11-08 16:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 09:02 - 2012-01-20 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent 2013-06-16 00:42 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-15 12:24 - 2012-01-17 12:11 - 00000000 ____D C:\ProgramData\WRData 2013-06-13 23:55 - 2013-06-13 23:54 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-06-13 00:31 - 2011-11-10 01:24 - 00000000 ___RD C:\Users\Owner\Dropbox 2013-06-13 00:31 - 2011-11-10 01:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox 2013-06-13 00:09 - 2011-09-28 10:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 00:04 - 2006-11-02 04:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-12 15:40 - 2012-01-17 12:12 - 00150160 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll 2013-06-12 15:40 - 2012-01-17 12:12 - 00112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2013-06-12 15:40 - 2012-01-17 12:12 - 00102792 ____A (Webroot) C:\Windows\System32\WRusr.dll 2013-06-12 00:24 - 2012-11-13 13:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 00:24 - 2011-10-04 15:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-10 23:36 - 2013-06-10 23:34 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:36 - 2013-06-10 23:33 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:36 - 2013-06-10 23:33 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:55 - 2013-06-09 22:53 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-06-04 22:54 - 2011-10-24 00:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc 2013-06-02 03:42 - 2009-08-27 12:30 - 00002611 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk 2013-05-29 00:31 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-05-29 00:19 - 2012-05-06 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:13 - 2013-05-28 23:11 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:39 - 2013-05-28 00:28 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-28 00:26 - 2013-05-13 23:12 - 00000000 ____D C:\Users\Owner\Adventure Time 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 21:45 - 2013-05-21 19:58 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 3963.04 MB Available physical RAM: 3415.7 MB Total Pagefile: 3714.9 MB Available Pagefile: 3392.15 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:0.51 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS (Disk=0 Partition=1) Drive f: (USB DISK) (Removable) (Total:1.91 GB) (Free:0.37 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 630A7672) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=286 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 80286688) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-13 12:38 ==================== End Of Log ============================
  18. My desktop is infected with the Moneypak malware and I could use some help in resolving. The PC is a DualBoot capable (XP and Windows 7 Home Premium 32bit OS). I have been reading some of the posts, and this looks like a nasty one. Right now, I am using my LAPTOP to communicate, and the affected PC is in a power down state.
  19. My brother has gotten the FBI Moneypak ransomware & I've been trying to fix it. Following some of the other directions I was able to get Farbar Recovery scan to run & this is what I got as a result. I've tried a couple of fixes including a System Restore to a previous version but the system restores come back as corrupted. Any ideas how I can fix this? FRST.txt
  20. I'm infected with the FBI Moneypak malware and can't log on to the infected account or in normal or safe mode, I'm on another account right now on the same computer. I've tried restoring to a previous date and deleting unknown programs on my computer through another administrator account. Can someone please help me with getting rid of this annoying malware?
  21. At approx 9:11 yesterday, my computer was hit with the dreaded MoneyPak ransomware. Only one user profile was infected, I have created the dds.txt and attach.txt files from the other user profile. =================================================== ==================== DDS.TXT ===================== =================================================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Work at 12:49:14 on 2013-05-15 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8167.5906 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe E:\Programs\NetBalancer\SeriousBit.NetBalancer.Service.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\EscSvc64.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Work\AppData\Roaming\Spotify\spotify.exe C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe E:\Programs\LolReplay\LOLRecorder.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe E:\Programs\Adobe\Acrobat 10.0\Acrobat\acrotray.exe E:\Programs\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Razer\Lycosa\razertra.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: GetSavin 5.0: {31AD1549-432A-4EFD-88E8-FDB9FB22CE52} - C:\Users\Matt\AppData\Local\getsavin\ie\getsavin_1362897001.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [spotify] "C:\Users\Work\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Work\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "E:\Programs\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Programs\Gmail Notifier\gnotify.exe mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "E:\Programs\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - E:\Programs\LolReplay\LOLRecorder.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{30985231-1321-42DB-84E6-9859C7DBB100} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{30985231-1321-42DB-84E6-9859C7DBB100} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{5337C3D6-6489-4DBC-AC49-18F17BA0C30B} : DHCPNameServer = 192.168.42.129 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\q76xvt5f.default\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: E:\Programs\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin2.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin3.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin4.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin5.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin6.dll FF - plugin: E:\Programs\QuickTime\Plugins\npqtplugin7.dll . ============= SERVICES / DRIVERS =============== . R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-24 56208] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272] R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224] R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] R3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-14 25928] R3 Nbdrv;NetBalancer;C:\Windows\System32\drivers\nbdrv.sys [2013-3-16 41256] S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2012-7-20 31744] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-1-25 22016] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 59392] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="E:\Programs\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-05-15 06:33:05 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{943846F2-D9C6-47E5-B623-26640A2329A3}\mpengine.dll 2013-05-15 01:52:08 -------- d-----w- C:\Users\Work\AppData\Roaming\Malwarebytes 2013-05-15 01:52:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-15 01:52:02 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-15 01:52:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-15 01:51:51 -------- d-----w- C:\Users\Work\AppData\Local\Programs 2013-05-15 01:46:15 -------- d-----w- C:\Users\Work\AppData\Local\Apps 2013-05-14 20:07:17 -------- d-----w- C:\Users\Work\AppData\Roaming\LolClient 2013-05-07 14:44:11 -------- d-----w- C:\Users\Work\AppData\Local\CrashDumps 2013-05-06 22:55:46 -------- d-----w- C:\Users\Work\AppData\Local\Apple Computer 2013-05-06 22:55:28 -------- d-----w- C:\Users\Work\AppData\Local\Mozilla 2013-05-05 02:29:14 -------- d-----w- C:\ProgramData\NexonUS 2013-05-05 02:29:12 -------- d-----w- C:\ProgramData\Nexon 2013-05-03 14:02:22 -------- d-----w- C:\Users\Work\AppData\Roaming\NVIDIA 2013-05-03 13:46:25 -------- d-----w- C:\Users\Work\.gem 2013-04-29 19:52:26 -------- d-----w- C:\Users\Work\AppData\Local\Spotify 2013-04-29 19:52:16 -------- d-----w- C:\Users\Work\AppData\Roaming\Spotify 2013-04-29 19:43:06 -------- d-----w- C:\Users\Work\AppData\Roaming\JetBrains 2013-04-29 19:41:32 -------- d-----w- C:\Users\Work\.WebIde60 2013-04-25 00:24:55 22528 ----a-w- C:\Windows\System32\netutils.dll 2013-04-24 00:56:57 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-17 03:02:06 232832 ----a-w- C:\Windows\System32\WDMBL_AP1NC_2_2_0.dll . ==================== Find3M ==================== . 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-20 07:03:12 175616 ----a-w- C:\Windows\System32\msclmd.dll 2013-03-20 07:03:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-14 04:22:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 04:22:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll . ============= FINISH: 12:49:24.80 =============== =================================================== ==================== ATTACH.TXT ================== =================================================== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 11/21/2012 8:14:11 PM System Uptime: 5/15/2013 12:33:09 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz . ==== Disk Partitions ========================= . D: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . 7-Zip 9.22beta Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Creative Suite 6 Production Premium Adobe CS6 Design and Web Premium Adobe Flash Builder 4.6 Adobe Flash Media Live Encoder 3.2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Reader XI (11.0.01) Adobe Shockwave Player 12.0 Adobe Widget Browser Adobe® Content Viewer Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver Assassin's Creed ® III bl Bluetooth Win7 Suite (64) CameraHelperMsi Combat Arms Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dishonored Download Navigator EPSON Connect version 1.0 Epson Customer Participation Epson Event Manager EPSON NX510 Series Printer Uninstall Epson Print CD EPSON Scan EPSON XP-600 Series Printer Uninstall EpsonNet Print EpsonNet Setup erLT EVGA Precision 2.0.2 Fences 2 FileZilla Client 3.6.0.2 Forge Fraps (remove only) GetSavin Google Chrome Google Drive Google Gmail Notifier Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Guitar Pro 6 Intel® Management Engine Components Intel® Network Connections 15.6.25.0 Java 7 Update 11 Java 7 Update 11 (64-bit) Java SE Development Kit 7 Update 9 (64-bit) JetBrains PhpStorm 6.0 JetBrains WebStorm 6.0 JMicron JMB36X Driver Killing Floor Launchpad Enhanced League of Legends Leap Software Logitech Vid HD Logitech Webcam Software LOLReplay LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.75.0.1300 marvell 91xx driver Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MotoHelper 2.1.41 Driver 5.5.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.5.0 Mozilla Firefox 17.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 NetBalancer Nexon Game Manager NVIDIA 3D Vision Controller Driver 305.27 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0613 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Opera 12.11 Pando Media Booster Path of Exile PDF Settings CS6 ph PlanetSide 2 PunkBuster Services QuickTime Razer Lycosa RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 RPG MAKER VX Ace Lite Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Skype™ 6.3 Snake Spotify Star Wars Galaxies Star Wars: The Old Republic StarCraft II swMSM SyncToy 2.1 (x64) Torchlight II Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Uplay Ventrilo Client for Windows x64 Windows Driver Package - Cypress (CYUSB3) USB (08/08/2012 1.1.2.00) World of Warcraft XSplit . ==== End Of File ===========================
  22. My computer was hijacked by the Moneypak virus. After killing processes from another user account I have on the computer and then running Malwarebytes and TDSSKiller I can remove the files but they (and the virus) have been coming back as soon as I reboot even though all say there is no virus left on the computer. Also, Malwarebytes has protection disabled and I can not get it to enable again. I used System Mechanic and msconfig to stop the autostarts and to be able to post here. Thanks in advance for any help you can give me. Here are the requested cut/paste files from DDS.com per the AdvancedSetup topic : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.4.1 Run by Test at 15:56:45 on 2013-05-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16366.13248 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe C:\Program Files\Alienware\Command Center\AWCCServiceController.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe C:\Users\Test\Desktop\aswMBR.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uDefault_Page_URL = www.dell.com mWinlogon: Userinit = userinit.exe, BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Test\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{10290551-55E4-4BB1-8C70-448409C20C79} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2 TCP: Interfaces\{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}\C496D6563747F6E65602C4F6467656 : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-15 55856] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-2-15 21616] R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-4-17 31432] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-15 89600] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-10 15296] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-3-30 1070080] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-7-27 82160] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-2-15 27760] R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2012-2-15 71168] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2012-2-15 175104] R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2012-2-15 81920] R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-2-15 344616] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-15 172704] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-2-15 76912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-20 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-15 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-15 180736] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-5-16 121448] R3 SiBEAMSB92xxHostSerial;SiBEAMSB92xxHostSerial;C:\Windows\System32\drivers\SiBEAM_x64.sys [2012-2-15 62464] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/15 07:23:41;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;"\mbamscheduler.exe" --> \mbamscheduler.exe [?] S2 MBAMService;MBAMService;"\mbamservice.exe" --> \mbamservice.exe [?] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-3-5 118784] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2008-3-5 43032] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-15 335464] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-13 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S4 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] . =============== File Associations =============== . FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1" FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1" FileExt: .js: JSFile=NOTEPAD.EXE "%1" FileExt: .jse: JSEFile=NOTEPAD.EXE "%1" FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1" . =============== Created Last 30 ================ . 2013-05-21 20:48:49 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F3A2D00-3E1A-413B-AF60-64D31F9E0245}\offreg.dll 2013-05-21 00:14:43 -------- d-----w- C:\ProgramData\PC Tools 2013-05-21 00:14:42 -------- d-----w- C:\Users\Test\AppData\Roaming\TestApp 2013-05-21 00:12:37 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F3A2D00-3E1A-413B-AF60-64D31F9E0245}\mpengine.dll 2013-05-20 18:35:28 -------- d-----w- C:\Users\Test\AppData\Roaming\Dell 2013-05-20 18:35:25 -------- d-----w- C:\ProgramData\PCDr 2013-05-20 18:35:25 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2013-05-20 18:35:17 -------- d-----w- C:\Program Files\AlienAutopsy 2013-05-20 18:34:24 -------- d-----w- C:\Users\Test\AppData\Roaming\PCDr 2013-05-20 18:34:20 -------- d-----w- C:\temp 2013-05-20 13:59:12 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-20 12:24:03 -------- d-----w- C:\Users\Test\AppData\Roaming\Malwarebytes 2013-05-20 12:23:42 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-20 12:23:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-20 12:23:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-20 12:23:24 -------- d-----w- C:\Users\Test\AppData\Local\Programs 2013-05-19 18:20:31 65024 ----a-w- C:\Users\Test\javaw.dll 2013-05-15 11:38:48 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-26 04:39:05 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3485C91-A19A-47C4-93B4-2238A363DE88}\gapaengine.dll 2013-04-25 12:07:51 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys . ==================== Find3M ==================== . 2013-05-20 12:18:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-20 12:18:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-18 04:59:04 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe 2013-03-18 04:58:56 26184 ----a-w- C:\Windows\System32\smrgdf.exe 2013-03-18 04:43:58 2155688 ----a-w- C:\Windows\System32\Incinerator64.dll 2013-03-18 04:43:56 2097472 ----a-w- C:\Windows\SysWow64\Incinerator32.dll 2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe 2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll . ============= FINISH: 15:56:51.64 ===============. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 4/9/2012 2:51:40 PM System Uptime: 5/21/2013 3:47:33 PM (0 hours ago) . Motherboard: Alienware | | M17xR3 Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz | CPU1 | 2401/1600mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 238 GiB total, 87.544 GiB free. D: is FIXED (NTFS) - 699 GiB total, 345.473 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&1C3E1704&0&F40B93E720B8_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&1C3E1704&0&F40B93E720B8_C00000000 Service: . ==== System Restore Points =================== . RP124: 2/26/2013 11:06:07 PM - Windows Update RP125: 3/2/2013 10:19:50 AM - Windows Update RP126: 3/8/2013 11:20:23 PM - Windows Update RP127: 3/12/2013 5:59:05 PM - Windows Update RP128: 3/14/2013 9:45:09 AM - Windows Update RP129: 3/18/2013 11:09:31 AM - Windows Update RP130: 3/22/2013 2:22:39 PM - Windows Update RP131: 3/25/2013 9:44:03 PM - Windows Update RP132: 3/29/2013 1:12:59 PM - Windows Update RP133: 4/3/2013 10:23:59 AM - Windows Update RP134: 4/7/2013 7:50:23 AM - Windows Update RP135: 4/9/2013 3:52:57 PM - Windows Update RP136: 4/12/2013 9:20:02 PM - Windows Update RP137: 4/16/2013 7:22:19 PM - Windows Update RP138: 4/20/2013 8:24:57 AM - Windows Update RP139: 4/25/2013 11:38:46 PM - Windows Update RP140: 4/26/2013 8:31:21 AM - Windows Update RP141: 4/29/2013 10:00:35 AM - Windows Update RP142: 4/30/2013 12:04:24 AM - Windows Update RP143: 5/3/2013 2:04:18 PM - Windows Update RP144: 5/7/2013 6:53:26 AM - Windows Update RP145: 5/10/2013 4:59:22 PM - Windows Update RP146: 5/14/2013 8:58:03 PM - Windows Update RP147: 5/15/2013 7:50:12 PM - Windows Update RP148: 5/19/2013 7:47:46 AM - Windows Update RP149: 5/20/2013 3:27:57 PM - Malwarebytes Anti-Rootkit Restore Point RP150: 5/20/2013 5:04:51 PM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . Adobe AIR Adobe Reader X (10.1.7) Adobe Shockwave Player 11.6 Advanced Audio FX Engine Alienware On-Screen Display Apple Application Support Apple Software Update Command Center Corel PaintShop Pro X4 CyberLink PowerDVD 9.6 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Webcam Central Diablo II Digital Copy DirectX 9 Runtime EMSC Flixster Collections Free File Viewer 2011 ICA iolo technologies' System Mechanic Professional IPM_PSP_COM Java Auto Updater Java™ 7 Update 4 JavaFX 2.1.0 Juniper Networks, Inc. Setup Client Junk Mail filter update Live! Cam Avatar Creator Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft Save as PDF Add-in for 2007 Microsoft Office programs Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Controller Driver PhotoShowExpress PSPPContent PSPPHelp PSPPro64 QuickTime RBVirtualFolder64Inst RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Setup Sonic CinePlayer Decoder Pack Sprint SmartView swMSM Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Widevine Media Optimizer IE 6.0.0 WiHD Controller Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinZip 15.5 . ==== Event Viewer Messages From Past Week ======== . 5/21/2013 3:52:14 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The system cannot find the file specified. 5/21/2013 3:51:36 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The system cannot find the file specified. 5/21/2013 3:48:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 5/21/2013 3:47:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk 5/20/2013 7:35:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/20/2013 7:35:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173. 5/20/2013 7:33:09 PM, Error: volmgr [46] - Crash dump initialization failed! 5/20/2013 7:16:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JEANNES-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2F028FA4-460E-44ED-8F31-10DC4AF7AA60}. The master browser is stopping or an election is being forced. 5/20/2013 7:12:37 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 . ==== End Of File ===========================
  23. Howdy, I'm helping someone who got infected with the FBI Moneypak malware and can't boot into safemode (other users are fine.) I hope it is OK, but I took the liberty of downloading and running FRST64.exe from the command prompt in Windows repair. The system is running Windows 7 64 bit. Below are the logs. Please let me know if you need any more information and thanks in advance! Here is the FRST log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-05-2013 Ran by SYSTEM on 20-05-2013 16:07:15 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.) HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3329dffdf3f15768ddbef6efec66dca6\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-12-06] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [QuickBooksDB22] C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_EDI7_22 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M -x tcpip(BroadcastListener=NO;port=55348) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y [679936 2011-12-06] (Intuit, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKU\Administrator\...\Run: [Google Update] "C:\Users\administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x] HKU\EKeenan\...\Run: [{02DB3762-CAB8-4272-97C1-1C7035692DFF}] rundll32 "C:\Users\EKeenan\AppData\Local\LogMeIn\{02DB3762-CAB8-4272-97C1-1C7035692DFF}\vzonhcsvo.dll",DllGetClassObject [487424 2013-05-01] (ESET) HKU\EKeenan\...\Run: [Realtek] REGSVR32.EXE C:\Users\EKeenan\AppData\Local\Realtek\dilzrdya.dll [757760 2013-05-01] (SEIKO EPSON CORPORATION) HKU\EKeenan\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\EKeenan\Documents\35ecfd04.exe [25088 2013-05-15] () HKU\EKeenan\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION Startup: C:\ProgramData\Start Menu\Programs\Startup\Google Calendar Sync.lnk ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) Startup: C:\ProgramData\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.) Startup: C:\Users\EKeenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-11-03] (LogMeIn, Inc.) S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147888 2012-11-03] (LogMeIn, Inc.) S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () S4 QuickBooksDB22; C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe [679936 2011-12-06] (Intuit, Inc.) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.) S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.) S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.) S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.) S4 LMIRfsClientNP; No ImagePath S2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-20 16:07 - 2013-05-20 16:07 - 00000000 ____D C:\FRST 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\Users\edart\Application Data\Malwarebytes 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\Users\edart\AppData\Roaming\Malwarebytes 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes 2013-05-16 14:32 - 2013-05-16 14:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\edart\Downloads\mbam-setup-1.75.0.1300.exe 2013-05-15 16:26 - 2013-05-15 16:26 - 01096088 ____A C:\ProgramData\Application Data\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096088 ____A C:\ProgramData\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096071 ____A C:\Users\EKeenan\Local Settings\Application Data\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096071 ____A C:\Users\EKeenan\Local Settings\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096071 ____A C:\Users\EKeenan\AppData\Local\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096016 ____A C:\Users\EKeenan\Application Data\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096016 ____A C:\Users\EKeenan\AppData\Roaming\2433f433 2013-05-15 16:25 - 2013-05-15 16:25 - 00025088 ____A C:\Users\EKeenan\My Documents\35ecfd04.exe 2013-05-15 16:25 - 2013-05-15 16:25 - 00025088 ____A C:\Users\EKeenan\Documents\35ecfd04.exe 2013-05-15 08:05 - 2013-05-15 08:05 - 16948616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-05-15 02:01 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 02:01 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 02:01 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-15 02:01 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 02:01 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 02:01 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 02:01 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 02:01 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-15 02:01 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 02:01 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 02:01 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 02:01 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-14 23:11 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-14 23:11 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-14 23:11 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-14 23:11 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-14 23:11 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-14 23:11 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-14 23:11 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-14 23:11 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-14 23:11 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-14 23:11 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-14 23:11 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-14 23:11 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-14 23:11 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-14 23:11 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-13 08:43 - 2013-05-13 08:43 - 40384667 ____A C:\Users\EKeenan\My Documents\Box 5,6,7.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 40384667 ____A C:\Users\EKeenan\Documents\Box 5,6,7.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 14296631 ____A C:\Users\EKeenan\My Documents\Box 3-4.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 14296631 ____A C:\Users\EKeenan\Documents\Box 3-4.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 05763457 ____A C:\Users\EKeenan\My Documents\Box 8.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 05763457 ____A C:\Users\EKeenan\Documents\Box 8.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 02436870 ____A C:\Users\EKeenan\My Documents\Box 2.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 02436870 ____A C:\Users\EKeenan\Documents\Box 2.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 01433616 ____A C:\Users\EKeenan\My Documents\box 9.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 01433616 ____A C:\Users\EKeenan\Documents\box 9.rar 2013-05-10 13:42 - 2012-09-25 14:38 - 00024536 ____A C:\Users\EKeenan\My Documents\Book1 (Autosaved).xlsx 2013-05-10 13:42 - 2012-09-25 14:38 - 00024536 ____A C:\Users\EKeenan\Documents\Book1 (Autosaved).xlsx 2013-05-10 13:42 - 2012-06-21 08:00 - 02826240 ____A C:\Users\EKeenan\My Documents\Negotiating Licenses updated.ppt 2013-05-10 13:42 - 2012-06-21 08:00 - 02826240 ____A C:\Users\EKeenan\Documents\Negotiating Licenses updated.ppt 2013-05-10 13:42 - 2012-03-16 17:41 - 00010565 ____A C:\Users\EKeenan\My Documents\top 20 cust.xlsx 2013-05-10 13:42 - 2012-03-16 17:41 - 00010565 ____A C:\Users\EKeenan\Documents\top 20 cust.xlsx 2013-05-10 13:42 - 2012-02-28 15:32 - 00110599 ____A C:\Users\EKeenan\My Documents\How to convert your book from InDesign to Kindle in 10 minutes or less ZDNet.htm 2013-05-10 13:42 - 2012-02-28 15:32 - 00110599 ____A C:\Users\EKeenan\Documents\How to convert your book from InDesign to Kindle in 10 minutes or less ZDNet.htm 2013-05-10 13:41 - 2012-02-28 15:32 - 00000000 ____D C:\Users\EKeenan\My Documents\How to convert your book from InDesign to Kindle in 10 minutes or less ZDNet_files 2013-05-10 13:41 - 2012-02-28 15:32 - 00000000 ____D C:\Users\EKeenan\Documents\How to convert your book from InDesign to Kindle in 10 minutes or less ZDNet_files 2013-05-10 10:53 - 2013-05-10 10:53 - 00000000 ____D C:\Users\EKeenan\My Documents\box 9 2013-05-10 10:53 - 2013-05-10 10:53 - 00000000 ____D C:\Users\EKeenan\Documents\box 9 2013-05-10 10:32 - 2013-05-10 10:33 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 8 2013-05-10 10:32 - 2013-05-10 10:33 - 00000000 ____D C:\Users\EKeenan\Documents\Box 8 2013-05-10 10:15 - 2013-05-10 10:16 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 5,6,7 2013-05-10 10:15 - 2013-05-10 10:16 - 00000000 ____D C:\Users\EKeenan\Documents\Box 5,6,7 2013-05-09 15:49 - 2013-04-28 10:45 - 62775566 ____A C:\Users\EKeenan\Desktop\Beth Bat Mitzvah Slide Show.7z 2013-05-09 15:49 - 2013-02-12 13:34 - 00046592 ____A C:\Users\EKeenan\Desktop\Copy of bat mitzvah invite list.xls 2013-05-09 15:49 - 2012-12-19 14:53 - 00010475 ____A C:\Users\EKeenan\Desktop\Book1pbp.xlsx 2013-05-09 15:49 - 2012-06-26 11:37 - 00019958 ____A C:\Users\EKeenan\Desktop\cust list 2-17-12 csv.csv 2013-05-09 15:49 - 2012-06-26 11:36 - 00020432 ____A C:\Users\EKeenan\Desktop\cust list 2-17-12.csv 2013-05-09 15:49 - 2012-06-11 07:39 - 00021021 ____A C:\Users\EKeenan\Desktop\marketing blog topics.xlsx 2013-05-09 15:49 - 2012-05-17 21:23 - 00011629 ____A C:\Users\EKeenan\Desktop\MCC Summer 2012 worksheet.xlsx 2013-05-09 15:49 - 2012-02-29 11:11 - 01167360 ____A C:\Users\EKeenan\Desktop\DD Promo Book Cover.indd 2013-05-09 15:49 - 2012-02-10 16:34 - 00045036 ____A C:\Users\EKeenan\Desktop\Copy of Copier_Analyst_12-10.xlsx 2013-05-09 15:49 - 2012-02-08 16:52 - 00044991 ____A C:\Users\EKeenan\Desktop\Copier_Analyst_12-10.xlsx 2013-05-09 15:47 - 2012-07-16 13:54 - 00012916 ____A C:\Users\EKeenan\Desktop\Sales Tax 06-12.xlsx 2013-05-09 15:47 - 2012-05-15 13:08 - 00012912 ____A C:\Users\EKeenan\Desktop\Sales Tax 04-12.xlsx 2013-05-09 15:47 - 2012-03-19 13:10 - 00012480 ____A C:\Users\EKeenan\Desktop\Sales Tax 02-12.xlsx 2013-05-09 15:33 - 2013-04-24 15:10 - 00000000 ____D C:\Users\EKeenan\Desktop\Beth Bat Mitzvah Slide Show 2013-05-09 15:33 - 2013-01-30 14:00 - 00000000 ____D C:\Users\EKeenan\Desktop\Lydia's Clip Art 2013-05-09 15:33 - 2012-09-13 07:27 - 00000000 ____D C:\Users\EKeenan\Desktop\New folder 2013-05-09 15:33 - 2012-09-03 12:57 - 00000000 ____D C:\Users\EKeenan\Desktop\Aurora Lists 2013-05-09 15:33 - 2012-06-16 11:44 - 00016725 ____A C:\Users\EKeenan\My Documents\05-2012.xlsx 2013-05-09 15:33 - 2012-06-16 11:44 - 00016725 ____A C:\Users\EKeenan\Documents\05-2012.xlsx 2013-05-09 15:33 - 2012-02-29 11:12 - 00000000 ____D C:\Users\EKeenan\Desktop\Pinnacle Managment 2013-05-09 15:33 - 2012-02-20 16:22 - 00001150 ____A C:\Users\EKeenan\Desktop\Yahoo! Games - Games And Online Games.lnk 2013-05-09 14:06 - 2013-05-09 14:07 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 3-4 2013-05-09 14:06 - 2013-05-09 14:07 - 00000000 ____D C:\Users\EKeenan\Documents\Box 3-4 2013-05-09 12:55 - 2013-05-09 17:07 - 00000000 ____D C:\Users\EKeenan\My Documents\Henry folder 2013-05-09 12:55 - 2013-05-09 17:07 - 00000000 ____D C:\Users\EKeenan\Documents\Henry folder 2013-05-09 11:47 - 2013-05-09 11:48 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 2 2013-05-09 11:47 - 2013-05-09 11:48 - 00000000 ____D C:\Users\EKeenan\Documents\Box 2 2013-05-08 16:05 - 2012-11-30 15:44 - 00003046 ____A C:\Users\EKeenan\Desktop\Around the World in 80 Days.lnk 2013-05-08 16:04 - 2012-06-11 07:35 - 00200704 ____A C:\Users\EKeenan\Desktop\cust list 2-17-12.xls 2013-05-08 16:04 - 2012-01-03 12:00 - 00200192 ____A C:\Users\EKeenan\Desktop\cust list 12-15-11.xls 2013-05-08 16:03 - 2012-09-25 14:38 - 00072704 ____A C:\Users\EKeenan\Desktop\PBP Distribution 8 25 10 CLEANED.xls 2013-05-08 16:03 - 2012-08-21 08:33 - 00071168 ____A C:\Users\EKeenan\Desktop\PBP Distribution 8 25 10 CLEANED (Autosaved).xls 2013-05-08 15:47 - 2013-02-04 15:08 - 00000000 ____D C:\Users\EKeenan\Desktop\New folder (2) 2013-05-08 15:47 - 2012-12-13 12:17 - 00000000 ____D C:\Users\EKeenan\Desktop\JS Schragger files 2013-05-08 15:47 - 2012-08-27 08:18 - 00000000 ____D C:\Users\EKeenan\Desktop\Irene's Safari Images 2013-05-08 14:54 - 2013-05-08 14:54 - 00000526 ____A C:\Users\EKeenan\Desktop\memo to self 5-9-13.txt 2013-05-08 14:21 - 2013-05-08 14:21 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 1 2013-05-08 14:21 - 2013-05-08 14:21 - 00000000 ____D C:\Users\EKeenan\Documents\Box 1 2013-05-08 12:55 - 2013-05-08 13:53 - 00000000 ____D C:\Users\EKeenan\My Documents\Folder 3 2013-05-08 12:55 - 2013-05-08 13:53 - 00000000 ____D C:\Users\EKeenan\Documents\Folder 3 2013-05-08 11:34 - 2013-05-08 11:34 - 00000000 ____D C:\Users\EKeenan\My Documents\folder misc 2013-05-08 11:34 - 2013-05-08 11:34 - 00000000 ____D C:\Users\EKeenan\Documents\folder misc 2013-05-08 11:29 - 2013-05-08 11:29 - 00000000 ____D C:\Users\EKeenan\My Documents\folder 2 2013-05-08 11:29 - 2013-05-08 11:29 - 00000000 ____D C:\Users\EKeenan\Documents\folder 2 2013-05-08 11:12 - 2013-05-08 11:13 - 00000000 ____D C:\Users\EKeenan\My Documents\Folder 1 2013-05-08 11:12 - 2013-05-08 11:13 - 00000000 ____D C:\Users\EKeenan\Documents\Folder 1 2013-05-08 10:52 - 2013-05-09 15:33 - 00000000 ____D C:\Users\EKeenan\Desktop\Personal Images 2013-05-08 10:51 - 2013-05-08 16:38 - 00000000 ____D C:\Users\EKeenan\Desktop\Lists 2013-05-08 10:50 - 2013-05-08 15:47 - 00000000 ____D C:\Users\EKeenan\Desktop\PBP Directory 2013-05-01 07:49 - 2013-05-08 16:05 - 00000000 ____D C:\Users\EKeenan\Local Settings\Realtek 2013-05-01 07:49 - 2013-05-08 16:05 - 00000000 ____D C:\Users\EKeenan\Local Settings\Application Data\Realtek 2013-05-01 07:49 - 2013-05-08 16:05 - 00000000 ____D C:\Users\EKeenan\AppData\Local\Realtek 2013-05-01 07:49 - 2013-05-01 07:49 - 00000000 ____D C:\Windows\Sun 2013-04-30 11:37 - 2013-04-30 11:37 - 06217372 ____A C:\Users\EKeenan\Downloads\0428131255-01.3gp 2013-04-30 02:03 - 2013-04-30 02:03 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-30 02:03 - 2013-04-30 02:03 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-30 02:03 - 2013-04-30 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-04-30 02:03 - 2013-04-30 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-04-30 02:03 - 2013-04-30 02:03 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-04-30 02:03 - 2013-04-30 02:03 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-04-30 02:03 - 2013-04-30 02:03 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-04-30 02:03 - 2013-04-30 02:03 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-04-30 02:03 - 2013-04-30 02:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-04-30 02:01 - 2013-04-30 02:06 - 00007201 ____A C:\Windows\IE10_main.log 2013-04-24 00:36 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2013-05-20 16:07 - 2013-05-20 16:07 - 00000000 ____D C:\FRST 2013-05-20 13:59 - 2012-06-26 11:08 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-20 13:59 - 2012-06-26 11:08 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-20 13:59 - 2012-06-11 15:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-20 13:59 - 2011-12-21 12:34 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2116675770-1839875849-2825196762-1000UA.job 2013-05-20 13:59 - 2011-12-21 12:34 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2116675770-1839875849-2825196762-1000Core.job 2013-05-20 13:59 - 2011-12-21 10:39 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2013-05-20 13:59 - 2011-11-08 08:54 - 01499861 ____A C:\Windows\WindowsUpdate.log 2013-05-20 13:59 - 2009-07-14 00:13 - 00798794 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-20 13:58 - 2011-12-23 14:52 - 00000000 ____D C:\ProgramData\LogMeIn 2013-05-20 13:58 - 2011-12-23 14:52 - 00000000 ____D C:\ProgramData\Application Data\LogMeIn 2013-05-17 13:56 - 2009-07-13 23:45 - 00026448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-17 13:56 - 2009-07-13 23:45 - 00026448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-17 13:49 - 2010-11-20 22:47 - 01281354 ____A C:\Windows\PFRO.log 2013-05-17 13:49 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-17 13:49 - 2009-07-13 23:51 - 00063673 ____A C:\Windows\setupact.log 2013-05-17 10:13 - 2011-12-21 12:36 - 00000336 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\Users\edart\Application Data\Malwarebytes 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\Users\edart\AppData\Roaming\Malwarebytes 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-16 15:12 - 2013-05-16 15:12 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes 2013-05-16 14:32 - 2013-05-16 14:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\edart\Downloads\mbam-setup-1.75.0.1300.exe 2013-05-16 12:54 - 2011-12-22 11:33 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl 2013-05-15 16:26 - 2013-05-15 16:26 - 01096088 ____A C:\ProgramData\Application Data\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096088 ____A C:\ProgramData\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096071 ____A C:\Users\EKeenan\Local Settings\Application Data\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096071 ____A C:\Users\EKeenan\Local Settings\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096071 ____A C:\Users\EKeenan\AppData\Local\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096016 ____A C:\Users\EKeenan\Application Data\2433f433 2013-05-15 16:26 - 2013-05-15 16:26 - 01096016 ____A C:\Users\EKeenan\AppData\Roaming\2433f433 2013-05-15 16:25 - 2013-05-15 16:25 - 00025088 ____A C:\Users\EKeenan\My Documents\35ecfd04.exe 2013-05-15 16:25 - 2013-05-15 16:25 - 00025088 ____A C:\Users\EKeenan\Documents\35ecfd04.exe 2013-05-15 08:22 - 2012-06-11 15:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 08:22 - 2011-11-08 08:56 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-15 08:05 - 2013-05-15 08:05 - 16948616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-05-15 03:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-05-15 02:29 - 2009-07-13 23:45 - 00477048 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 02:06 - 2011-12-23 12:02 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 02:05 - 2011-12-27 10:20 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 02:05 - 2011-12-27 10:20 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help 2013-05-13 12:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF 2013-05-13 08:43 - 2013-05-13 08:43 - 40384667 ____A C:\Users\EKeenan\My Documents\Box 5,6,7.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 40384667 ____A C:\Users\EKeenan\Documents\Box 5,6,7.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 14296631 ____A C:\Users\EKeenan\My Documents\Box 3-4.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 14296631 ____A C:\Users\EKeenan\Documents\Box 3-4.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 05763457 ____A C:\Users\EKeenan\My Documents\Box 8.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 05763457 ____A C:\Users\EKeenan\Documents\Box 8.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 02436870 ____A C:\Users\EKeenan\My Documents\Box 2.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 02436870 ____A C:\Users\EKeenan\Documents\Box 2.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 01433616 ____A C:\Users\EKeenan\My Documents\box 9.rar 2013-05-13 08:43 - 2013-05-13 08:43 - 01433616 ____A C:\Users\EKeenan\Documents\box 9.rar 2013-05-10 10:53 - 2013-05-10 10:53 - 00000000 ____D C:\Users\EKeenan\My Documents\box 9 2013-05-10 10:53 - 2013-05-10 10:53 - 00000000 ____D C:\Users\EKeenan\Documents\box 9 2013-05-10 10:33 - 2013-05-10 10:32 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 8 2013-05-10 10:33 - 2013-05-10 10:32 - 00000000 ____D C:\Users\EKeenan\Documents\Box 8 2013-05-10 10:16 - 2013-05-10 10:15 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 5,6,7 2013-05-10 10:16 - 2013-05-10 10:15 - 00000000 ____D C:\Users\EKeenan\Documents\Box 5,6,7 2013-05-10 08:23 - 2013-03-12 14:13 - 00000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk 2013-05-10 08:23 - 2013-03-12 14:13 - 00000936 ____A C:\ProgramData\Desktop\EPSON Scan.lnk 2013-05-09 17:07 - 2013-05-09 12:55 - 00000000 ____D C:\Users\EKeenan\My Documents\Henry folder 2013-05-09 17:07 - 2013-05-09 12:55 - 00000000 ____D C:\Users\EKeenan\Documents\Henry folder 2013-05-09 17:07 - 2012-04-12 16:14 - 00000000 ____D C:\Users\EKeenan\My Documents\Outlook Files 2013-05-09 17:07 - 2012-04-12 16:14 - 00000000 ____D C:\Users\EKeenan\Documents\Outlook Files 2013-05-09 15:33 - 2013-05-08 10:52 - 00000000 ____D C:\Users\EKeenan\Desktop\Personal Images 2013-05-09 14:07 - 2013-05-09 14:06 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 3-4 2013-05-09 14:07 - 2013-05-09 14:06 - 00000000 ____D C:\Users\EKeenan\Documents\Box 3-4 2013-05-09 11:48 - 2013-05-09 11:47 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 2 2013-05-09 11:48 - 2013-05-09 11:47 - 00000000 ____D C:\Users\EKeenan\Documents\Box 2 2013-05-09 11:00 - 2011-12-21 10:39 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2013-05-08 16:38 - 2013-05-08 10:51 - 00000000 ____D C:\Users\EKeenan\Desktop\Lists 2013-05-08 16:05 - 2013-05-01 07:49 - 00000000 ____D C:\Users\EKeenan\Local Settings\Realtek 2013-05-08 16:05 - 2013-05-01 07:49 - 00000000 ____D C:\Users\EKeenan\Local Settings\Application Data\Realtek 2013-05-08 16:05 - 2013-05-01 07:49 - 00000000 ____D C:\Users\EKeenan\AppData\Local\Realtek 2013-05-08 15:47 - 2013-05-08 10:50 - 00000000 ____D C:\Users\EKeenan\Desktop\PBP Directory 2013-05-08 14:54 - 2013-05-08 14:54 - 00000526 ____A C:\Users\EKeenan\Desktop\memo to self 5-9-13.txt 2013-05-08 14:21 - 2013-05-08 14:21 - 00000000 ____D C:\Users\EKeenan\My Documents\Box 1 2013-05-08 14:21 - 2013-05-08 14:21 - 00000000 ____D C:\Users\EKeenan\Documents\Box 1 2013-05-08 13:53 - 2013-05-08 12:55 - 00000000 ____D C:\Users\EKeenan\My Documents\Folder 3 2013-05-08 13:53 - 2013-05-08 12:55 - 00000000 ____D C:\Users\EKeenan\Documents\Folder 3 2013-05-08 11:34 - 2013-05-08 11:34 - 00000000 ____D C:\Users\EKeenan\My Documents\folder misc 2013-05-08 11:34 - 2013-05-08 11:34 - 00000000 ____D C:\Users\EKeenan\Documents\folder misc 2013-05-08 11:29 - 2013-05-08 11:29 - 00000000 ____D C:\Users\EKeenan\My Documents\folder 2 2013-05-08 11:29 - 2013-05-08 11:29 - 00000000 ____D C:\Users\EKeenan\Documents\folder 2 2013-05-08 11:13 - 2013-05-08 11:12 - 00000000 ____D C:\Users\EKeenan\My Documents\Folder 1 2013-05-08 11:13 - 2013-05-08 11:12 - 00000000 ____D C:\Users\EKeenan\Documents\Folder 1 2013-05-01 07:49 - 2013-05-01 07:49 - 00000000 ____D C:\Windows\Sun 2013-05-01 07:49 - 2011-12-23 14:53 - 00000000 ____D C:\Users\EKeenan\Local Settings\LogMeIn 2013-05-01 07:49 - 2011-12-23 14:53 - 00000000 ____D C:\Users\EKeenan\Local Settings\Application Data\LogMeIn 2013-05-01 07:49 - 2011-12-23 14:53 - 00000000 ____D C:\Users\EKeenan\AppData\Local\LogMeIn 2013-04-30 11:37 - 2013-04-30 11:37 - 06217372 ____A C:\Users\EKeenan\Downloads\0428131255-01.3gp 2013-04-30 08:05 - 2011-12-22 11:36 - 00000000 ____D C:\users\EKeenan 2013-04-30 08:04 - 2011-12-22 11:36 - 00000250 ___SH C:\Users\EKeenan\ntuser.ini 2013-04-30 02:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-04-30 02:06 - 2013-04-30 02:01 - 00007201 ____A C:\Windows\IE10_main.log 2013-04-30 02:03 - 2013-04-30 02:03 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-30 02:03 - 2013-04-30 02:03 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-30 02:03 - 2013-04-30 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-04-30 02:03 - 2013-04-30 02:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-04-30 02:03 - 2013-04-30 02:03 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-04-30 02:03 - 2013-04-30 02:03 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-04-30 02:03 - 2013-04-30 02:03 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-04-30 02:03 - 2013-04-30 02:03 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-04-30 02:03 - 2013-04-30 02:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-04-30 02:03 - 2013-04-30 02:03 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-04-30 02:03 - 2013-04-30 02:03 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-04-28 10:45 - 2013-05-09 15:49 - 62775566 ____A C:\Users\EKeenan\Desktop\Beth Bat Mitzvah Slide Show.7z 2013-04-24 15:10 - 2013-05-09 15:33 - 00000000 ____D C:\Users\EKeenan\Desktop\Beth Bat Mitzvah Slide Show 2013-04-20 14:08 - 2012-06-20 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$3329dffdf3f15768ddbef6efec66dca6 C:\$Recycle.Bin\S-1-5-18\$3329dffdf3f15768ddbef6efec66dca6\L C:\$Recycle.Bin\S-1-5-18\$3329dffdf3f15768ddbef6efec66dca6\U ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3061599363-1681478998-4133388720-1108\$3329dffdf3f15768ddbef6efec66dca6 C:\$Recycle.Bin\S-1-5-21-3061599363-1681478998-4133388720-1108\$3329dffdf3f15768ddbef6efec66dca6\L C:\$Recycle.Bin\S-1-5-21-3061599363-1681478998-4133388720-1108\$3329dffdf3f15768ddbef6efec66dca6\U ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$3329dffdf3f15768ddbef6efec66dca6 ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-24 02:00:32 Restore point made on: 2013-04-30 02:00:47 Restore point made on: 2013-05-07 23:00:36 Restore point made on: 2013-05-10 08:24:45 Restore point made on: 2013-05-15 02:00:38 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8086.17 MB Available physical RAM: 7289.8 MB Total Pagefile: 8084.37 MB Available Pagefile: 7281.61 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:679 GB) (Free:594.78 GB) NTFS (Disk=0 Partition=3) Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.21 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive e: (PENDRIVE) (Removable) (Total:3.72 GB) (Free:3.44 GB) FAT32 (Disk=1 Partition=1) Drive f: (SliTaz ophcrack) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 699 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 07077CDE) Partition 1: (Active) - (Size=4 GB) - (Type=0B) Last Boot: 2013-05-14 08:29 ==================== End Of Log ============================ Here is the Search log for services.exe Farbar Recovery Scan Tool (x64) Version: 16-05-2013 Ran by SYSTEM at 2013-05-20 16:10:40 Running from E:\ Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  24. i have white screen and cannot do the usual steps ... can anyone reply ? need to have my laptop fixed to finish work.. quick!!!
  25. Hello, Well somehow my desktop has been infected with the FBI MoneyPak virus and I need your help. It is a WinXP 32bit system and I have MalwareBytes Pro and NOD32 on the system. Please help. Thanks, Gary
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.