jacksdharmabum Posted December 24, 2012 ID:626539 Share Posted December 24, 2012 i used the frst.exe that i saw in another post on my laptop. i just wanted to know what to do after i had teh both searches. any help would be greatly appreciated Link to post Share on other sites More sharing options...
Maniac Posted December 24, 2012 ID:626601 Share Posted December 24, 2012 Hello jacksdharmabum and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please post them in your next reply here. Link to post Share on other sites More sharing options...
jacksdharmabum Posted December 24, 2012 Author ID:626637 Share Posted December 24, 2012 ==================== Registry (Whitelisted) ===================HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-07-31] (Chicony)HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [75136 2007-09-28] ( TOSHIBA CORPORATION)HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]HKLM\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)HKLM\...\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [143360 2007-12-13] (CyberLink Corp.)HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [188416 2008-07-10] (CyberLink)HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [51048 2008-10-17] (Symantec Corporation)HKLM\...\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" [988512 2008-02-25] (Symantec Corporation)HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)HKLM\...\Run: [skytel] Skytel.exe [x]HKLM\...\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions [598016 2009-11-19] (Teleca Sweden AB)HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)HKLM\...\Run: [Nike+ Connect] "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [70656 2012-08-08] (Nike)HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)HKLM\...\Run: [AllShare Play] C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe [406944 2012-11-06] (Samsung Electronics)HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)HKU\zack\...\Run: [TOSCDSPD] TOSCDSPD.EXE [x]HKU\zack\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]HKU\zack\...\Run: [uTorrent] "C:\Users\zack\Downloads\uTorrent.exe" /MINIMIZED [968592 2012-11-12] (BitTorrent, Inc.)HKU\zack\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)HKU\zack\...\Run: [Amazon Cloud Drive] C:\Users\zack\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [646528 2012-11-12] ()HKU\zack\...\Run: [spotify Web Helper] "C:\Users\zack\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-12-10] (Spotify Ltd)HKU\zack\...\Run: [waofgrhyywna] C:\Users\zack\AppData\Roaming\nzqwwnh_ [x]HKU\zack\...\Policies\system: [DisableTaskMgr] 1HKLM\...\Winlogon: [shell] explorer.exe, C:\ProgramData\nzqwwnh_ [x ] ()Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Startup: C:\Users\All Users\Start Menu\Programs\Startup\iSyncr WiFi.lnkShortcutTarget: iSyncr WiFi.lnk -> C:\Windows\Installer\{40EDCE6B-2608-49AE-A544-5971A7073B22}\_DE29E446A7422EB0D6418F.exe ()Startup: C:\Users\zack\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)==================== Services (Whitelisted) ===================2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [406648 2012-10-23] (Samsung)2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" [238968 2008-02-21] (Symantec Corporation)2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)3 comHost; "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [55640 2007-08-21] (Symantec Corporation)2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2008-07-10] (TOSHIBA CORPORATION)3 LiveUpdate; "C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE" [3220856 2008-09-05] (Symantec Corporation)2 LiveUpdate Notice; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)3 SmartFaceVWatchSrv; "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe" [73728 2008-04-24] (Toshiba)3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1245064 2008-08-14] ()3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-29] (TOSHIBA Corporation)2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [431456 2008-02-06] (TOSHIBA Corporation)2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [126976 2007-12-03] (TOSHIBA Corporation)2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)==================== Drivers (Whitelisted) ====================3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)2 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-08] (Symantec Corporation)1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-03-16] (Symantec Corporation)3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [101936 2009-03-16] (Symantec Corporation)1 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090520.001\IDSvix86.sys [272432 2009-03-18] (Symantec Corporation)1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [447024 2009-03-17] (Symantec Corporation)3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-01-31] (Symantec Corporation)3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-01-31] (Symantec Corporation)1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-01-31] (Symantec Corporation)3 SVRPEDRV; \??\C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-04-01] (Symantec Corporation)3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [x]3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090523.003\NAVENG.SYS [x]3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090523.003\NAVEX15.SYS [x]3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]3 Tosrfcom; [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2012-12-23 20:49 - 2012-12-22 23:00 - 00248916 ____A (Satonakas ) C:\Users\zack\AppData\Roaming\nzqwwnh_.exe2012-12-23 01:37 - 2012-12-23 00:11 - 00248916 ____A (Satonakas ) C:\Users\All Users\nzqwwnh_.exe2012-12-23 01:37 - 2012-12-22 23:04 - 00248916 ____A (Satonakas ) C:\Users\zack\AppData\Local\nzqwwnh_.exe2012-12-23 01:35 - 2012-12-23 01:35 - 00000000 ____D C:\FRST2012-12-22 01:00 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll2012-12-22 01:00 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll2012-12-19 01:41 - 2012-12-19 01:41 - 00000000 ____D C:\Users\All Users\pcdfdata2012-12-13 20:34 - 2012-12-13 20:35 - 00000000 ____D C:\Program Files\Mozilla Firefox2012-12-13 07:34 - 2012-11-12 17:36 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-12-13 07:34 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2012-12-13 07:34 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll2012-12-13 07:34 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe2012-12-13 07:34 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll2012-12-13 07:14 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-12-13 07:14 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-12-13 07:14 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-12-13 07:14 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-12-13 07:14 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-12-13 07:14 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-12-13 07:14 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-12-13 07:14 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-12-13 07:14 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-12-13 07:14 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-12-13 07:14 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2012-12-13 07:14 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2012-12-13 07:14 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-12-13 07:14 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-12-13 07:14 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-12-13 07:14 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-12-13 07:09 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll2012-12-13 07:09 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf2012-12-13 07:09 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf2012-12-13 07:08 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys2012-12-13 07:08 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys2012-12-13 07:08 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe2012-12-13 07:08 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll2012-12-13 07:08 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll2012-12-13 07:08 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll2012-12-13 07:08 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll2012-12-13 07:08 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys2012-12-13 07:08 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys2012-12-13 07:08 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll2012-12-12 06:29 - 2012-08-21 03:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys2012-12-11 10:22 - 2012-12-11 10:22 - 00000000 ____D C:\Program Files\Mozilla Firefox(2)2012-12-10 16:55 - 2012-12-10 16:55 - 00000000 ____D C:\Program Files\Skype(6)2012-12-10 16:55 - 2012-08-02 19:14 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk2012-12-10 04:07 - 2012-12-10 04:09 - 00000000 ____D C:\Users\All Users\F85E89F653502B450000F85D919D2FB32012-12-10 04:06 - 2012-12-10 04:21 - 00006527 ____A C:\Users\zack\AppData\Local\6189472f-6a7d-4e32-b2e5-1cf705bea66f.crx2012-12-07 21:34 - 2012-12-07 21:34 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)2012-11-24 15:29 - 2012-11-24 15:29 - 13480796 ____A C:\Users\zack\Downloads\Hotmail.zip==================== One Month Modified Files and Folders ========2012-12-23 20:51 - 2009-01-17 23:48 - 01275050 ____A C:\Windows\WindowsUpdate.log2012-12-23 20:50 - 2012-11-16 19:20 - 00000000 ___RD C:\Users\zack\Dropbox2012-12-23 20:50 - 2012-11-16 19:17 - 00000000 ____D C:\Users\zack\AppData\Roaming\Dropbox2012-12-23 20:49 - 2012-11-16 20:06 - 00000000 ____D C:\AllShare Play2012-12-23 20:22 - 2012-08-25 05:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2012-12-23 06:48 - 2011-09-14 22:25 - 00000000 ____D C:\Program Files\Opera2012-12-23 01:35 - 2012-12-23 01:35 - 00000000 ____D C:\FRST2012-12-23 00:19 - 2006-11-02 04:52 - 00052597 ____A C:\Windows\setupact.log2012-12-23 00:19 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02012-12-23 00:19 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02012-12-23 00:18 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-12-23 00:16 - 2012-04-17 20:57 - 00000000 ____D C:\Users\zack\AppData\Roaming\uTorrent2012-12-23 00:16 - 2006-11-02 05:01 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT2012-12-23 00:15 - 2010-09-16 06:34 - 00001356 ____A C:\Users\zack\AppData\Local\d3d9caps.dat2012-12-23 00:11 - 2012-12-23 01:37 - 00248916 ____A (Satonakas ) C:\Users\All Users\nzqwwnh_.exe2012-12-22 23:19 - 2006-11-02 02:33 - 00707520 ____A C:\Windows\System32\PerfStringBackup.INI2012-12-22 23:04 - 2012-12-23 01:37 - 00248916 ____A (Satonakas ) C:\Users\zack\AppData\Local\nzqwwnh_.exe2012-12-22 23:00 - 2012-12-23 20:49 - 00248916 ____A (Satonakas ) C:\Users\zack\AppData\Roaming\nzqwwnh_.exe2012-12-22 01:18 - 2006-11-02 04:47 - 00397992 ____A C:\Windows\System32\FNTCACHE.DAT2012-12-19 01:41 - 2012-12-19 01:41 - 00000000 ____D C:\Users\All Users\pcdfdata2012-12-16 21:56 - 2012-04-25 09:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2012-12-16 05:12 - 2012-12-22 01:00 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll2012-12-16 02:50 - 2012-12-22 01:00 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll2012-12-15 08:01 - 2011-08-16 18:18 - 00000000 ____D C:\Users\zack\AppData\Roaming\Spotify2012-12-15 07:30 - 2011-08-16 18:18 - 00000000 ____D C:\Users\zack\AppData\Local\Spotify2012-12-14 01:39 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache2012-12-13 20:35 - 2012-12-13 20:34 - 00000000 ____D C:\Program Files\Mozilla Firefox2012-12-13 08:23 - 2012-08-25 05:46 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2012-12-13 08:23 - 2011-05-25 11:14 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2012-12-13 07:13 - 2009-01-17 22:47 - 00000000 ____D C:\Users\All Users\Microsoft Help2012-12-13 06:51 - 2009-03-11 15:25 - 00000000 ____D C:\users\zack2012-12-13 06:51 - 2006-11-02 02:22 - 47710208 ____A C:\Windows\System32\config\software_previous2012-12-13 06:51 - 2006-11-02 02:22 - 36175872 ____A C:\Windows\System32\config\components_previous2012-12-13 06:51 - 2006-11-02 02:22 - 23592960 ____A C:\Windows\System32\config\system_previous2012-12-13 06:51 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous2012-12-13 06:51 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous2012-12-13 06:51 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous2012-12-13 06:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool2012-12-13 06:43 - 2012-08-02 19:14 - 00000000 ____D C:\Program Files\Common Files\Skype2012-12-13 06:43 - 2009-04-05 09:30 - 00000000 ___RD C:\Program Files\Skype2012-12-13 06:43 - 2009-04-05 09:30 - 00000000 ____D C:\Users\All Users\Skype2012-12-13 06:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration2012-12-11 20:31 - 2009-04-05 09:30 - 00000000 ____D C:\Users\zack\AppData\Roaming\Skype2012-12-11 10:22 - 2012-12-11 10:22 - 00000000 ____D C:\Program Files\Mozilla Firefox(2)2012-12-10 16:55 - 2012-12-10 16:55 - 00000000 ____D C:\Program Files\Skype(6)2012-12-10 04:37 - 2009-03-11 15:26 - 00000000 ____D C:\Users\zack\AppData\Local\PowerCinema2012-12-10 04:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc2012-12-10 04:21 - 2012-12-10 04:06 - 00006527 ____A C:\Users\zack\AppData\Local\6189472f-6a7d-4e32-b2e5-1cf705bea66f.crx2012-12-10 04:09 - 2012-12-10 04:07 - 00000000 ____D C:\Users\All Users\F85E89F653502B450000F85D919D2FB32012-12-07 21:34 - 2012-12-07 21:34 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)2012-11-28 13:19 - 2006-11-02 02:24 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe2012-11-28 13:03 - 2008-08-14 17:00 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared2012-11-24 15:29 - 2012-11-24 15:29 - 13480796 ____A C:\Users\zack\Downloads\Hotmail.zipZeroAccess:C:\$Recycle.Bin\S-1-5-21-737594619-1414829202-3786626943-1000\$482e0c653d90d9c2241f655afc31ceec==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2012-12-12 06:29] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2012-11-28 07:22:25Restore point made on: 2012-11-29 23:24:14Restore point made on: 2012-12-01 00:51:57Restore point made on: 2012-12-03 00:46:07Restore point made on: 2012-12-05 08:42:46Restore point made on: 2012-12-06 07:23:14Restore point made on: 2012-12-07 14:08:58Restore point made on: 2012-12-08 06:20:40Restore point made on: 2012-12-10 11:03:12Restore point made on: 2012-12-11 07:54:52Restore point made on: 2012-12-13 06:31:21Restore point made on: 2012-12-13 07:03:07Restore point made on: 2012-12-14 00:29:22Restore point made on: 2012-12-14 01:00:28Restore point made on: 2012-12-14 22:32:12Restore point made on: 2012-12-15 01:00:28Restore point made on: 2012-12-17 10:32:53Restore point made on: 2012-12-18 01:17:16Restore point made on: 2012-12-18 22:00:33Restore point made on: 2012-12-20 10:19:40Restore point made on: 2012-12-20 22:19:42Restore point made on: 2012-12-21 22:00:35Restore point made on: 2012-12-22 01:00:20Restore point made on: 2012-12-23 00:21:43==================== Memory info ===========================Percentage of memory in use: 13%Total physical RAM: 2939.25 MBAvailable physical RAM: 2538.72 MBTotal Pagefile: 2734.8 MBAvailable Pagefile: 2591.55 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1972.92 MB==================== Partitions =============================1 Drive c: (SQ004829V03) (Fixed) (Total:289.53 GB) (Free:89.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS4 Drive f: (KINGSTON) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 960 MB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 1500 MB 1024 KB Partition 2 Primary 290 GB 1501 MB Partition 3 Primary 7265 MB 291 GB=========================================================Disk: 0Partition 1Type : 27Hidden: YesActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 C SQ004829V03 NTFS Partition 290 GB Healthy =========================================================Disk: 0Partition 3Type : 17 (Suspicious Type)Hidden: YesActive: NoThere is no volume associated with this partition.=========================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 959 MB 124 KB=========================================================Disk: 1Partition 1Type : 06Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 F KINGSTON FAT Removable 959 MB Healthy =========================================================Last Boot: 2012-12-23 20:53==================== End Of Log ============================ Link to post Share on other sites More sharing options...
jacksdharmabum Posted December 24, 2012 Author ID:626638 Share Posted December 24, 2012 Farbar Recovery Scan Tool (x86) Version: 23-12-2012 01Ran by SYSTEM at 2012-12-23 02:27:41Running from F:\================== Search: "search.exe" ====================== End Of Search === Link to post Share on other sites More sharing options...
Maniac Posted December 24, 2012 ID:626726 Share Posted December 24, 2012 BACKDOOR WARNINGOne or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know. Link to post Share on other sites More sharing options...
Staff screen317 Posted January 1, 2013 Staff ID:629304 Share Posted January 1, 2013 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
LDTate Posted January 5, 2013 ID:630628 Share Posted January 5, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts