Jump to content

Nasty Moneypak virus with no safemode types and no system restore


Recommended Posts

Okay so I got a really bad moneypak virus 2 dys ago and I cannot access any of the safe modes and my system restore points are deleted apparently.  Ive been doing a little research and downloaded FRST64 and got to the step where you get some sort of log code or text and I don't think I can go any further.  I could really use some help.  

 

Ill post the log inf from FRST64 scan if it helps

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02
Ran by SYSTEM on 18-06-2013 15:16:51
Running from F:\
Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" [153624 2009-03-13] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [225816 2009-03-13] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [200216 2009-03-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] "C:\Windows\system32\thpsrv" /logon [x]
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x]
HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [304496 2009-03-17] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul [733648 2013-05-29] (Webroot)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.)
HKU\Mcx1-OWNER-PC\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation)
HKU\Mcx1-OWNER-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196096 2009-12-01] (Microsoft Corporation) <==== ATTENTION
HKU\Owner\...\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1555968 2009-04-10] (Microsoft Corporation)
HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [1022352 2012-09-18] (BitTorrent, Inc.)
HKU\Owner\...\Run: [spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-04] ()
HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation)
HKU\Owner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe [58368 2013-06-16] (Mozilla Foundation)
HKU\Owner\...\Policies\system: [DisableCMD] 0
HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0
HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0
HKU\Owner\...\Winlogon: [shell] cmd.exe [363008 2008-01-20] (Microsoft Corporation) <==== ATTENTION
HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe" <===== ATTENTION!
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
S2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [733648 2013-05-29] (Webroot)

==================== Drivers (Whitelisted) ====================

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.)
S3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112616 2013-06-12] (Webroot)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST
2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433
2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433
2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433
2013-06-16 00:41 - 2013-06-16 00:42 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-06-13 23:54 - 2013-06-13 23:55 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4
2013-06-13 23:53 - 2013-06-13 23:54 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4
2013-06-13 23:53 - 2013-06-13 23:54 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4
2013-06-13 00:02 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 00:02 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 00:02 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 00:02 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 00:02 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 00:02 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 00:02 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 00:02 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 00:02 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 00:02 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 00:02 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 00:02 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 00:02 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 00:02 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 00:02 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 00:02 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 00:02 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 00:02 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 00:02 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 00:02 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 00:02 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 00:02 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 00:02 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 00:02 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 00:02 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 00:02 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 00:02 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 00:02 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 00:02 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 00:02 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 00:02 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 00:02 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 06:21 - 2013-05-07 20:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 06:21 - 2013-05-01 20:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 06:21 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 06:21 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2013-06-12 06:21 - 2013-04-23 20:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 06:21 - 2013-04-23 20:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 06:21 - 2013-04-23 20:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 06:21 - 2013-04-23 20:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 06:21 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 06:21 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 06:21 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 06:21 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 06:21 - 2013-04-23 18:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 06:21 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 06:21 - 2013-04-17 05:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 06:21 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-10 23:34 - 2013-06-10 23:36 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR
2013-06-10 23:33 - 2013-06-10 23:36 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4
2013-06-10 23:33 - 2013-06-10 23:36 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4
2013-06-09 22:53 - 2013-06-09 22:55 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4
2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC
2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC
2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02
2013-05-28 23:11 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR
2013-05-28 00:28 - 2013-05-28 00:39 - 00000000 ____D C:\Users\Owner\adventure time season 4
2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2013-05-21 19:58 - 2013-05-21 21:45 - 00000000 ____D C:\Users\Owner\Bobs.Burgers

==================== One Month Modified Files and Folders =======

2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST
2013-06-16 11:29 - 2011-11-08 16:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 11:27 - 2012-01-17 16:19 - 00000740 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2013-06-16 11:27 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-16 11:20 - 2011-09-28 10:12 - 02052521 ____A C:\Windows\WindowsUpdate.log
2013-06-16 10:45 - 2011-09-28 09:12 - 00000000 ____D C:\users\Owner
2013-06-16 10:45 - 2006-11-02 07:42 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 10:27 - 2012-11-13 13:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433
2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433
2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433
2013-06-16 09:49 - 2011-11-08 16:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 09:02 - 2012-01-20 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2013-06-16 00:42 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-06-15 12:24 - 2012-01-17 12:11 - 00000000 ____D C:\ProgramData\WRData
2013-06-13 23:55 - 2013-06-13 23:54 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4
2013-06-13 23:54 - 2013-06-13 23:53 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4
2013-06-13 23:54 - 2013-06-13 23:53 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4
2013-06-13 00:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2013-06-13 00:31 - 2011-11-10 01:24 - 00000000 ___RD C:\Users\Owner\Dropbox
2013-06-13 00:31 - 2011-11-10 01:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2013-06-13 00:09 - 2011-09-28 10:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 00:04 - 2006-11-02 04:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 15:40 - 2012-01-17 12:12 - 00150160 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2013-06-12 15:40 - 2012-01-17 12:12 - 00112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2013-06-12 15:40 - 2012-01-17 12:12 - 00102792 ____A (Webroot) C:\Windows\System32\WRusr.dll
2013-06-12 00:24 - 2012-11-13 13:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 00:24 - 2011-10-04 15:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 23:36 - 2013-06-10 23:34 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR
2013-06-10 23:36 - 2013-06-10 23:33 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4
2013-06-10 23:36 - 2013-06-10 23:33 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4
2013-06-09 22:55 - 2013-06-09 22:53 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4
2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC
2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC
2013-06-04 22:54 - 2011-10-24 00:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-06-02 03:42 - 2009-08-27 12:30 - 00002611 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
2013-05-29 00:31 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-29 00:19 - 2012-05-06 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02
2013-05-28 23:13 - 2013-05-28 23:11 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR
2013-05-28 00:39 - 2013-05-28 00:28 - 00000000 ____D C:\Users\Owner\adventure time season 4
2013-05-28 00:26 - 2013-05-13 23:12 - 00000000 ____D C:\Users\Owner\Adventure Time
2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2013-05-21 21:45 - 2013-05-21 19:58 - 00000000 ____D C:\Users\Owner\Bobs.Burgers

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3963.04 MB
Available physical RAM: 3415.7 MB
Total Pagefile: 3714.9 MB
Available Pagefile: 3392.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:0.51 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS (Disk=0 Partition=1)
Drive f: (USB DISK) (Removable) (Total:1.91 GB) (Free:0.37 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 630A7672)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 80286688)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-06-13 12:38

==================== End Of Log ============================

Link to post
Share on other sites

Hello and Welcome to Malwarebytes

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.