Jump to content

FBI Malware Error


Recommended Posts

Folks,

I'm have a serious FBI malware error that I do not know how to resolve. I am completely locked out of my PC. I did search this site and followed the instructions for using FBST.exe. I have attached the results from this scan. Can someone share with me the next steps for cleaning this malware?

Thanks,

Joe

FRST.txt

Link to post
Share on other sites

Folks,

Sorry! Attached file. Here is the text:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2013 01

Ran by SYSTEM on 21-05-2013 08:35:24

Running from F:\

Windows 7 Professional (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-09-17] (LogMeIn, Inc.)

HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM\...\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1611784 2013-04-30] (Bitdefender)

HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~2\Datamngr\DATAMN~2.EXE [3365440 2013-05-11] (iMesh Inc.)

HKLM\...\Run: [Nuance PDF Create 8-reminder] "C:\Program Files\Nuance\PDF Create 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 8\Ereg\Ereg.ini" [375 2013-05-16] ()

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [] [x]

HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3478600 2013-05-11] (Adobe Systems Inc.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [295512 2013-03-27] (RealNetworks, Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]

HKU\BillWalker\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [ 2010-10-29] (Logitech Inc.)

HKU\BillWalker\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\BillWalker\...\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth [ 2011-03-02] (Adobe Systems, Inc.)

HKU\BillWalker\...\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe -tray [x]

HKU\BillWalker\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.)

HKU\BillWalker\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe" [x]

HKU\BillWalker\...\Run: [CloudBerry Drive] C:\Program Files\CloudBerryLab\CloudBerry Drive\CloudBerryDriveTray.exe [ 2013-04-30] (CloudBerry Lab)

HKU\BillWalker\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\BillWalker\Documents\63b9870c.exe [ 2013-05-20] ()

HKU\BillWalker\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION

Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Users\BillWalker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

SSODL: EldosMountNotificator-cbfs4 - {828FDF1D-C8D1-4D3B-8E3B-5AF55DE914B0} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)

BootExecute: autocheck autochk * sasnative32

========================== Services (Whitelisted) =================

S3 bddepsrv; C:\Windows\_BDDEP_\bddepsrv.exe [153571328 2011-04-12] (BitDefender S.R.L.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-04-01] (Bitdefender)

S2 BP_Agent; C:\PCBP\bpnetd.exe [565760 2012-12-18] (Unitrends)

S2 CloudBerry Backup Service; C:\Program Files\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe [38400 2013-04-17] (CloudBerry Lab Inc.)

S2 CloudBerry Drive Service; C:\Program Files\CloudBerryLab\CloudBerry Drive\CloudBerryDriveService.exe [336000 2013-04-30] (CloudBerry Lab)

S2 DatamngrCoordinator; C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe [3023936 2013-05-11] (iMesh Inc.)

S2 GladFileMonSvc; C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29592 2012-05-18] (Gladinet, INC)

S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.)

S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [55984 2013-04-01] (Bitdefender)

S2 VPNService; C:\Program Files\VPN Dialer\VpnDialer.exe [448512 2011-12-29] (Onsitehelp.com)

S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1345008 2013-04-30] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-30] (BitDefender)

S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-12-10] (BitDefender)

S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-30] (BitDefender)

S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-04-30] (BitDefender LLC)

S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66392 2013-01-29] (BitDefender SRL)

S1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [134136 2012-10-24] (BitDefender LLC)

S1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [321600 2013-03-01] (EldoS Corporation)

S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [162976 2013-04-01] (BitDefender LLC)

S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-09-17] (LogMeIn, Inc.)

S2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2010-09-17] (LogMeIn, Inc.)

S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()

S3 NTPASp50; C:\Windows\System32\Drivers\NTPASp50.sys [17536 2008-10-09] (Printing Communications Assoc., Inc. (PCAUSA))

S3 smbusp; C:\Windows\System32\DRIVERS\intelsmb.sys [22528 2010-06-10] (Intel Corporation)

S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [343456 2012-11-12] (BitDefender S.R.L.)

S3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-03-01] (EldoS Corporation)

S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-21 08:35 - 2013-05-21 08:35 - 00000000 ____D C:\FRST

2013-05-20 15:29 - 2013-05-21 04:31 - 00000336 ____A C:\Windows\setupact.log

2013-05-20 15:29 - 2013-05-20 15:29 - 00000320 ____A C:\Windows\PFRO.log

2013-05-20 15:29 - 2013-05-20 15:29 - 00000000 ____A C:\Windows\setuperr.log

2013-05-20 14:53 - 2013-05-20 14:53 - 01096065 ____A C:\Users\BillWalker\AppData\Roaming\2433f433

2013-05-20 14:53 - 2013-05-20 14:53 - 01096005 ____A C:\Users\BillWalker\AppData\Local\2433f433

2013-05-20 14:53 - 2013-05-20 14:53 - 01096002 ____A C:\ProgramData\2433f433

2013-05-20 14:52 - 2013-05-20 14:52 - 00033792 ____A C:\Users\BillWalker\Documents\63b9870c.exe

2013-05-20 14:52 - 2013-05-20 14:52 - 00033792 ____A C:\Users\BillWalker\Documents\63b9870c.dll

2013-05-17 06:45 - 2013-05-17 06:45 - 04811793 ____A (FileZilla Project) C:\Users\BillWalker\Downloads\FileZilla_3.7.0.1_win32-setup.exe

2013-05-16 15:09 - 2013-05-16 15:09 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk

2013-05-16 15:09 - 2013-05-16 15:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-05-16 15:09 - 2013-05-16 15:09 - 00000000 ____D C:\Program Files\iTunes

2013-05-16 15:09 - 2013-05-16 15:09 - 00000000 ____D C:\Program Files\iPod

2013-05-16 01:06 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 01:06 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 01:06 - 2013-04-04 21:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 01:06 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 01:06 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 01:06 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 01:06 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-15 09:12 - 2013-04-09 21:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 09:12 - 2013-04-09 21:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 09:12 - 2013-04-09 19:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 09:12 - 2013-03-18 20:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 09:12 - 2013-03-18 19:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 09:12 - 2013-02-26 21:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 09:12 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 09:12 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 09:12 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 09:12 - 2013-02-26 20:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-12 11:39 - 2013-05-12 11:39 - 00000000 ____D C:\ProgramData\Browser Manager

2013-05-12 08:40 - 2013-05-21 04:32 - 00000000 ____D C:\ProgramData\Datamngr

2013-05-12 08:40 - 2013-05-12 08:40 - 00000000 ____D C:\ProgramData\Wincert

2013-05-12 08:40 - 2013-05-12 08:40 - 00000000 ____D C:\Program Files\Search Results Toolbar

2013-05-12 08:39 - 2013-05-12 08:39 - 00000138 ____A C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url

2013-05-12 08:39 - 2013-05-12 08:39 - 00000000 ____D C:\Users\BillWalker\Documents\My Received Files

2013-05-12 08:36 - 2013-05-12 08:36 - 00000000 ____D C:\Users\BillWalker\AppData\Local\PackageAware

2013-05-07 10:19 - 2013-05-07 10:23 - 00000000 ____D C:\Users\BillWalker\Documents\20130507-Binational Health Week Testing(595645711)

2013-05-07 06:21 - 2013-05-07 06:21 - 00000000 ____D C:\Users\BillWalker\Documents\20130507-BHW Webinar Play Meeting(592053161)

2013-05-03 03:27 - 2013-05-21 04:21 - 00000000 ____D C:\ProgramData\CloudBerry Online Backup

2013-05-03 03:27 - 2013-05-03 03:27 - 00002251 ____A C:\Users\Public\Desktop\CloudBerry Online Backup.lnk

2013-05-03 03:27 - 2013-05-03 03:27 - 00000000 ____D C:\Users\BillWalker\AppData\Local\CloudBerry Online Backup

2013-05-03 03:24 - 2013-03-01 15:19 - 00216936 ____A (EldoS Corporation) C:\Windows\System32\cbfsNetRdr4.dll

2013-05-03 03:24 - 2013-03-01 15:18 - 00155496 ____A (EldoS Corporation) C:\Windows\System32\cbfsMntNtf4.dll

2013-05-03 03:24 - 2013-03-01 15:11 - 00321600 ____A (EldoS Corporation) C:\Windows\System32\Drivers\cbfs4.sys

2013-05-03 03:23 - 2013-03-01 15:19 - 00009064 ____A (EldoS Corporation) C:\Windows\System32\elevtmsg.dll

2013-05-03 03:23 - 2013-03-01 15:11 - 00015936 ____A (EldoS Corporation) C:\Windows\System32\Drivers\vpnpbus.sys

2013-04-30 02:00 - 2013-04-30 02:00 - 00633344 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys

2013-04-30 02:00 - 2013-04-30 02:00 - 00486536 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys

2013-04-30 01:03 - 2013-04-30 01:03 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-30 01:03 - 2013-04-30 01:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-04-30 01:03 - 2013-04-30 01:03 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-04-30 01:03 - 2013-04-30 01:03 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-04-30 01:03 - 2013-04-30 01:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-04-30 01:02 - 2013-04-30 01:02 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-23 22:44 - 2013-04-12 05:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders ========

2013-05-21 08:35 - 2013-05-21 08:35 - 00000000 ____D C:\FRST

2013-05-21 04:32 - 2013-05-12 08:40 - 00000000 ____D C:\ProgramData\Datamngr

2013-05-21 04:32 - 2011-04-17 13:33 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-21 04:32 - 2011-04-12 12:45 - 00000000 ____D C:\Windows\System32\logishrd

2013-05-21 04:32 - 2009-07-13 18:04 - 00000781 ____A C:\Windows\win.ini

2013-05-21 04:31 - 2013-05-20 15:29 - 00000336 ____A C:\Windows\setupact.log

2013-05-21 04:31 - 2011-04-12 12:27 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs

2013-05-21 04:31 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-21 04:21 - 2013-05-03 03:27 - 00000000 ____D C:\ProgramData\CloudBerry Online Backup

2013-05-20 17:51 - 2012-04-06 05:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-20 17:38 - 2011-04-17 13:33 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-20 15:48 - 2011-07-01 06:19 - 01735224 ____A C:\Windows\WindowsUpdate.log

2013-05-20 15:29 - 2013-05-20 15:29 - 00000320 ____A C:\Windows\PFRO.log

2013-05-20 15:29 - 2013-05-20 15:29 - 00000000 ____A C:\Windows\setuperr.log

2013-05-20 14:57 - 2011-04-17 13:33 - 00000000 ____D C:\Users\BillWalker\AppData\Roaming\Skype

2013-05-20 14:53 - 2013-05-20 14:53 - 01096065 ____A C:\Users\BillWalker\AppData\Roaming\2433f433

2013-05-20 14:53 - 2013-05-20 14:53 - 01096005 ____A C:\Users\BillWalker\AppData\Local\2433f433

2013-05-20 14:53 - 2013-05-20 14:53 - 01096002 ____A C:\ProgramData\2433f433

2013-05-20 14:52 - 2013-05-20 14:52 - 00033792 ____A C:\Users\BillWalker\Documents\63b9870c.exe

2013-05-20 14:52 - 2013-05-20 14:52 - 00033792 ____A C:\Users\BillWalker\Documents\63b9870c.dll

2013-05-20 14:36 - 2011-04-12 12:21 - 00000000 ____D C:\Users\BillWalker\AppData\Roaming\FileZilla

2013-05-20 09:00 - 2011-04-12 12:19 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-05-20 06:05 - 2009-07-13 20:34 - 00017136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-20 06:05 - 2009-07-13 20:34 - 00017136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-20 00:00 - 2011-04-12 12:18 - 00000000 ____D C:\Users\BillWalker\AppData\Local\Adobe

2013-05-17 06:45 - 2013-05-17 06:45 - 04811793 ____A (FileZilla Project) C:\Users\BillWalker\Downloads\FileZilla_3.7.0.1_win32-setup.exe

2013-05-17 06:45 - 2011-04-12 12:16 - 00000000 ____D C:\Program Files\FileZilla FTP Client

2013-05-16 15:09 - 2013-05-16 15:09 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk

2013-05-16 15:09 - 2013-05-16 15:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-05-16 15:09 - 2013-05-16 15:09 - 00000000 ____D C:\Program Files\iTunes

2013-05-16 15:09 - 2013-05-16 15:09 - 00000000 ____D C:\Program Files\iPod

2013-05-16 15:09 - 2011-05-07 13:52 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-05-16 08:18 - 2011-04-12 13:22 - 00000000 ____D C:\Windows\Panther

2013-05-16 04:04 - 2011-11-29 15:31 - 00000000 ___RD C:\Users\BillWalker\Dropbox

2013-05-16 04:04 - 2011-11-29 15:21 - 00000000 ____D C:\Users\BillWalker\AppData\Roaming\Dropbox

2013-05-16 02:02 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

2013-05-16 01:33 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-05-16 01:26 - 2009-07-13 20:33 - 03764480 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 01:05 - 2011-04-12 11:33 - 00797148 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-16 01:04 - 2011-04-12 12:08 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-16 01:01 - 2011-04-12 11:44 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 03:51 - 2012-04-06 05:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-05-15 03:51 - 2011-05-18 08:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-05-13 09:21 - 2011-04-13 04:48 - 00000967 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-13 09:21 - 2011-04-13 04:48 - 00000000 ____D C:\Program Files\CCleaner

2013-05-12 11:39 - 2013-05-12 11:39 - 00000000 ____D C:\ProgramData\Browser Manager

2013-05-12 08:40 - 2013-05-12 08:40 - 00000000 ____D C:\ProgramData\Wincert

2013-05-12 08:40 - 2013-05-12 08:40 - 00000000 ____D C:\Program Files\Search Results Toolbar

2013-05-12 08:40 - 2012-08-03 08:02 - 00000000 ____D C:\Program Files\Searchqu Toolbar

2013-05-12 08:39 - 2013-05-12 08:39 - 00000138 ____A C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.url

2013-05-12 08:39 - 2013-05-12 08:39 - 00000000 ____D C:\Users\BillWalker\Documents\My Received Files

2013-05-12 08:36 - 2013-05-12 08:36 - 00000000 ____D C:\Users\BillWalker\AppData\Local\PackageAware

2013-05-08 10:39 - 2011-07-27 10:03 - 00000000 __SHD C:\Users\BillWalker\Documents\cache

2013-05-08 08:40 - 2011-07-27 10:03 - 00000000 ____D C:\ProgramData\WebEx

2013-05-07 10:23 - 2013-05-07 10:19 - 00000000 ____D C:\Users\BillWalker\Documents\20130507-Binational Health Week Testing(595645711)

2013-05-07 06:37 - 2011-07-27 11:04 - 00000000 ____D C:\Users\BillWalker\AppData\Roaming\webex

2013-05-07 06:21 - 2013-05-07 06:21 - 00000000 ____D C:\Users\BillWalker\Documents\20130507-BHW Webinar Play Meeting(592053161)

2013-05-03 15:09 - 2012-11-05 12:57 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-03 05:41 - 2011-04-12 12:01 - 00000000 ____D C:\ProgramData\LogMeIn

2013-05-03 03:27 - 2013-05-03 03:27 - 00002251 ____A C:\Users\Public\Desktop\CloudBerry Online Backup.lnk

2013-05-03 03:27 - 2013-05-03 03:27 - 00000000 ____D C:\Users\BillWalker\AppData\Local\CloudBerry Online Backup

2013-05-03 03:27 - 2013-02-08 15:29 - 00000000 ____D C:\Program Files\CloudBerryLab

2013-05-03 03:26 - 2013-03-20 12:14 - 00002168 ____A C:\Users\Public\Desktop\CloudBerry Drive.lnk

2013-05-03 03:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore

2013-05-01 01:25 - 2011-04-17 13:32 - 00000000 ___RD C:\Program Files\Skype

2013-05-01 01:25 - 2011-04-17 13:32 - 00000000 ____D C:\ProgramData\Skype

2013-04-30 02:00 - 2013-04-30 02:00 - 00633344 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys

2013-04-30 02:00 - 2013-04-30 02:00 - 00486536 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR

2013-04-30 01:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE

2013-04-30 01:03 - 2013-04-30 01:03 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-30 01:03 - 2013-04-30 01:03 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-04-30 01:03 - 2013-04-30 01:03 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-04-30 01:03 - 2013-04-30 01:03 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-04-30 01:03 - 2013-04-30 01:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-04-30 01:03 - 2013-04-30 01:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-04-30 01:03 - 2013-04-30 01:03 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-04-30 01:02 - 2013-04-30 01:02 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-30 01:02 - 2013-04-30 01:02 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-24 06:26 - 2011-04-12 12:18 - 00000000 ____D C:\ProgramData\Adobe

Other Malware:

===========

C:\Users\BillWalker\g2mdlhlpx.exe

C:\ProgramData\emorhc.pad

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-03 03:24:04

Restore point made on: 2013-05-10 22:00:27

Restore point made on: 2013-05-16 01:00:33

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 4020.97 MB

Available physical RAM: 3536.04 MB

Total Pagefile: 4019.25 MB

Available Pagefile: 3538.15 MB

Total Virtual: 2047.88 MB

Available Virtual: 1960.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:100.01 GB) (Free:41.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Data) (Fixed) (Total:132.73 GB) (Free:93.55 GB) NTFS

Drive f: (USB DISK) (Removable) (Total:1.86 GB) (Free:0.56 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)

Partition 2: (Active) - (Size=100 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=133 GB) - (Type=OF Extended)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=2 GB) - (Type=0C)

Last Boot: 2013-05-13 22:04

==================== End Of Log ============================

Link to post
Share on other sites

Hello Joe! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKLM\...\Run: [] [x]

HKU\BillWalker\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\BillWalker\Documents\63b9870c.exe [ 2013-05-20] ()

HKU\BillWalker\...\Winlogon: [shell] cmd.exe [ 2010-11-20] (Microsoft Corporation)

2013-05-20 14:53 - 2013-05-20 14:53 - 01096065 ____A C:\Users\BillWalker\AppData\Roaming\2433f433

2013-05-20 14:53 - 2013-05-20 14:53 - 01096005 ____A C:\Users\BillWalker\AppData\Local\2433f433

2013-05-20 14:53 - 2013-05-20 14:53 - 01096002 ____A C:\ProgramData\2433f433

2013-05-20 14:52 - 2013-05-20 14:52 - 00033792 ____A C:\Users\BillWalker\Documents\63b9870c.exe

2013-05-20 14:52 - 2013-05-20 14:52 - 00033792 ____A C:\Users\BillWalker\Documents\63b9870c.dll

2013-05-12 11:39 - 2013-05-12 11:39 - 00000000 ____D C:\ProgramData\Browser Manager

2013-05-12 08:40 - 2013-05-21 04:32 - 00000000 ____D C:\ProgramData\Datamngr

2013-05-12 08:40 - 2013-05-12 08:40 - 00000000 ____D C:\ProgramData\Wincert

2013-05-12 08:40 - 2013-05-12 08:40 - 00000000 ____D C:\Program Files\Search Results Toolbar

C:\ProgramData\emorhc.pad

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Maniac,

Thanks! Here are the results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-05-2013 01

Ran by SYSTEM at 2013-05-21 14:23:30 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKEY_USERS\BillWalker\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.

HKEY_USERS\BillWalker\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\BillWalker\AppData\Roaming\2433f433 => Moved successfully.

C:\Users\BillWalker\AppData\Local\2433f433 => Moved successfully.

C:\ProgramData\2433f433 => Moved successfully.

C:\Users\BillWalker\Documents\63b9870c.exe => Moved successfully.

C:\Users\BillWalker\Documents\63b9870c.dll => Moved successfully.

C:\ProgramData\Browser Manager => Moved successfully.

C:\ProgramData\Datamngr => Moved successfully.

C:\ProgramData\Wincert => Moved successfully.

C:\Program Files\Search Results Toolbar => Moved successfully.

C:\ProgramData\emorhc.pad => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Maniac,

Looks like I'm clean! Thanks for the help! I do have the PRO version and it works awesome! I use BitDefender 2013 Internet Security. Can both these programs be on the PC simultaneously?

Thanks,

Joe

My results:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.21.10

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16576

BillWalker :: BILLWALKER-PC [administrator]

5/21/2013 3:39:09 PM

mbam-log-2013-05-21 (15-39-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217738

Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.