FBI Moneypack Virus - safe modes unavailable

[erosser]

Hi,

I got the fbi moneypack virus and tried the removal instructions that involve the safe mode restarts but the virus shuts them all down before any repairs can be made. I saw a previous thread from january for a man in a similar situation and am hoping that I can do a similar thing. I downloaded the FRST.exe item and did the initial scan but the expert helping this gentleman said each step after that is specific to the user and their computer.

I have a 32-bit system.

Please help!

erosser

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013

Ran by SYSTEM on 15-05-2013 15:36:05

Running from F:\

Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]

HKLM\...\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-03-03] (TOSHIBA CORPORATION)

HKLM\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [425984 2010-03-04] (TOSHIBA Electronics, Inc.)

HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [35440 2010-09-14] (TOSHIBA CORPORATION)

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2010-12-09] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-15] (TOSHIBA Corporation)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9874024 2010-11-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 [1522280 2010-11-11] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-10] (Synaptics Incorporated)

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1349032 2010-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295224 2010-07-01] (TOSHIBA Corporation)

HKLM\...\Run: [ToshibaAppPlace] "C:\Program Files\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)

HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba)

HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2011-03-30] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [467816 2010-04-23] (TOSHIBA Corporation)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)

HKU\Remily\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKU\Remily\...\Run: [Google Update] "C:\Users\Remily\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2012-09-26] (Google Inc.)

HKU\Remily\...\Run: [svñhîst] %USERPROFILE%\appdata\local\temp\055a50e9.exe [x]

HKU\Remily\...\CurrentVersion\Windows: [Load] C:\Users\Remily\LOCALS~1\Temp\msicntoo.exe

========================== Services (Whitelisted) =================

S2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)

S2 IconMan_R; C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

S2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [135608 2012-03-18] (Symantec Corporation)

S2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll [132984 2011-02-03] (Symantec Corporation)

S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51576 2010-07-01] (TOSHIBA Corporation)

S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189880 2010-11-11] (TOSHIBA Corporation)

S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-05] (TOSHIBA Corporation)

S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-08] ()

==================== Drivers (Whitelisted) ====================

S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)

S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [999016 2010-10-18] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-15 15:35 - 2013-05-15 15:35 - 00000000 ____D C:\FRST

2013-05-15 05:33 - 2013-05-15 05:33 - 00000000 ___AH C:\ProgramData\cm-lock

2013-05-14 19:26 - 2013-05-14 19:26 - 00006640 ____N C:\bootsqm.dat

2013-05-14 19:25 - 2013-05-14 19:25 - 00000000 __SHD C:\found.000

2013-05-14 18:49 - 2013-05-14 18:49 - 01096030 ____A C:\ProgramData\2433f433

2013-05-14 18:49 - 2013-05-14 18:49 - 01096022 ____A C:\Users\Remily\AppData\Local\2433f433

2013-05-14 18:49 - 2013-05-14 18:49 - 01096000 ____A C:\Users\Remily\AppData\Roaming\2433f433

2013-05-09 12:52 - 2011-05-11 16:17 - 366774680 ____A C:\Users\Remily\Desktop\Castle.2009.S03E23.HDTV.XviD-LOL.avi

2013-05-09 12:51 - 2011-06-01 13:31 - 366788314 ____A C:\Users\Remily\Desktop\Castle.2009.S03E24.HDTV.XviD-LOL.avi

2013-05-09 12:51 - 2011-05-11 16:07 - 366695584 ____A C:\Users\Remily\Desktop\Castle.2009.S03E22.HDTV.XviD-LOL.avi

2013-05-03 10:11 - 2013-05-03 10:11 - 14323200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-03 10:11 - 2013-05-03 10:11 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-03 10:10 - 2013-05-03 10:10 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-05-03 10:10 - 2013-05-03 10:10 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-05-03 10:10 - 2013-05-03 10:10 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-05-03 10:10 - 2013-05-03 10:10 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-05-03 10:06 - 2013-05-03 10:06 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-03 10:06 - 2013-05-03 10:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:06 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-03 10:00 - 2013-05-03 10:22 - 00010835 ____A C:\Windows\IE10_main.log

2013-04-25 14:32 - 2013-04-25 14:32 - 00000000 ____D C:\Users\Remily\Desktop\ThinkImpact

2013-04-25 14:31 - 2013-04-25 14:31 - 02446896 ____A C:\Users\Remily\Desktop\attachments.zip

2013-04-23 11:10 - 2013-04-23 11:10 - 00000000 ____A C:\Windows\System32\sho95C0.tmp

2013-04-23 10:48 - 2013-04-12 05:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders ========

2013-05-15 15:35 - 2013-05-15 15:35 - 00000000 ____D C:\FRST

2013-05-15 15:08 - 2011-09-26 11:34 - 00000000 ____D C:\Users\Remily\AppData\Roaming\vlc

2013-05-15 15:08 - 2011-06-21 14:25 - 00000000 ____D C:\users\Remily

2013-05-15 15:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp

2013-05-15 15:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore

2013-05-15 15:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration

2013-05-15 15:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\L2Schemas

2013-05-15 15:07 - 2012-05-19 02:43 - 00000000 ____D C:\Users\Remily\AppData\Roaming\Mozilla

2013-05-15 15:07 - 2011-06-21 14:32 - 00000000 ____D C:\Users\Remily\AppData\Local\Google

2013-05-15 05:33 - 2013-05-15 05:33 - 00000000 ___AH C:\ProgramData\cm-lock

2013-05-14 19:26 - 2013-05-14 19:26 - 00006640 ____N C:\bootsqm.dat

2013-05-14 19:25 - 2013-05-14 19:25 - 00000000 __SHD C:\found.000

2013-05-14 18:49 - 2013-05-14 18:49 - 01096030 ____A C:\ProgramData\2433f433

2013-05-14 18:49 - 2013-05-14 18:49 - 01096022 ____A C:\Users\Remily\AppData\Local\2433f433

2013-05-14 18:49 - 2013-05-14 18:49 - 01096000 ____A C:\Users\Remily\AppData\Roaming\2433f433

2013-05-11 11:55 - 2011-05-24 17:03 - 01628731 ____A C:\Windows\WindowsUpdate.log

2013-05-11 11:50 - 2009-07-13 20:34 - 00016656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-11 11:50 - 2009-07-13 20:34 - 00016656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-11 11:44 - 2011-05-24 17:53 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-11 11:43 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-11 11:43 - 2009-07-13 20:39 - 00098378 ____A C:\Windows\setupact.log

2013-05-09 16:08 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF

2013-05-09 16:05 - 2010-11-20 13:01 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-09 16:04 - 2011-05-24 17:53 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-09 13:00 - 2012-12-09 09:06 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963207969-2316860199-264845447-1000UA.job

2013-05-09 11:47 - 2011-07-22 09:35 - 00000000 ____D C:\Users\Remily\AppData\Local\CrashDumps

2013-05-08 20:00 - 2012-12-09 09:06 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963207969-2316860199-264845447-1000Core.job

2013-05-06 14:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR

2013-05-03 20:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE

2013-05-03 10:22 - 2013-05-03 10:00 - 00010835 ____A C:\Windows\IE10_main.log

2013-05-03 10:11 - 2013-05-03 10:11 - 14323200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-03 10:11 - 2013-05-03 10:11 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-03 10:11 - 2013-05-03 10:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-03 10:11 - 2013-05-03 10:11 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-03 10:10 - 2013-05-03 10:10 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-05-03 10:10 - 2013-05-03 10:10 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-05-03 10:10 - 2013-05-03 10:10 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-05-03 10:10 - 2013-05-03 10:10 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-05-03 10:10 - 2013-05-03 10:10 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-05-03 10:10 - 2013-05-03 10:10 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-05-03 10:06 - 2013-05-03 10:06 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-03 10:06 - 2013-05-03 10:06 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-03 10:06 - 2013-05-03 10:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-03 10:05 - 2013-05-03 10:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-02 20:08 - 2012-11-21 05:07 - 00000227 ____A C:\Users\Remily\Desktop\songs.txt

2013-05-02 07:28 - 2011-07-22 23:17 - 00238872 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-04-26 09:02 - 2011-11-18 06:37 - 254250331 ____A C:\Windows\MEMORY.DMP

2013-04-25 14:32 - 2013-04-25 14:32 - 00000000 ____D C:\Users\Remily\Desktop\ThinkImpact

2013-04-25 14:31 - 2013-04-25 14:31 - 02446896 ____A C:\Users\Remily\Desktop\attachments.zip

2013-04-23 11:10 - 2013-04-23 11:10 - 00000000 ____A C:\Windows\System32\sho95C0.tmp

2013-04-21 11:15 - 2011-07-23 06:04 - 00000000 ____D C:\Users\Remily\AppData\Roaming\Skype

ZeroAccess:

C:\Users\Remily\AppData\Local\abff35a1

C:\Users\Remily\AppData\Local\abff35a1\@

C:\Users\Remily\AppData\Local\abff35a1\U

C:\Users\Remily\AppData\Local\abff35a1\U\80000000.@

C:\Users\Remily\AppData\Local\abff35a1\U\800000cb.@

C:\Users\Remily\AppData\Local\abff35a1\U\800000cf.@

Other Malware:

===========

C:\ProgramData\ezsidmv.dat

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe

[2011-03-31 16:58] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2011-03-31 16:58] - [2011-02-24 21:40] - 0246144 ____A (Microsoft Corporation) C37AEE5966EB5929E2051AC7409B5730

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-26 09:18:34

Restore point made on: 2013-04-01 14:32:25

Restore point made on: 2013-04-04 21:33:31

Restore point made on: 2013-04-10 12:13:10

Restore point made on: 2013-04-11 11:47:35

Restore point made on: 2013-04-12 10:21:32

Restore point made on: 2013-04-15 19:22:04

Restore point made on: 2013-04-20 19:25:45

Restore point made on: 2013-04-24 21:21:31

Restore point made on: 2013-04-26 08:57:05

Restore point made on: 2013-04-30 09:51:31

Restore point made on: 2013-05-03 09:59:49

Restore point made on: 2013-05-07 13:18:53

Restore point made on: 2013-05-11 11:56:10

==================== Memory info ===========================

Percentage of memory in use: 34%

Total physical RAM: 1013.42 MB

Available physical RAM: 663.05 MB

Total Pagefile: 1013.42 MB

Available Pagefile: 657.07 MB

Total Virtual: 2047.88 MB

Available Virtual: 1962.29 MB

==================== Drives ================================

Drive c: (TI106150W0C) (Fixed) (Total:222.09 GB) (Free:112.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (KINGSTON) (Removable) (Total:7.26 GB) (Free:2.21 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: A884B3F9)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7 GB) - (Type=0C)

Last Boot: 2013-05-06 14:22

==================== End Of Log ============================

[Firefox]

Hello and Welcome to Malwarebytes

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

[daledoc1]

Hello and welcome, erosser:

Malware cleanup is conducted in a dedicated area of the forum.

Please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

A qualified helper will guide you through the cleanup process.

>>>Since you've already run FRST, you'll want to post that log in your new topic over in the malware removal section >>HERE<<, and then please wait for an expert to further assist you.

Thanks,

daledoc1