Jump to content

Need Help with variation of MoneyPac Virus

jimbigduke6
 Share

Recommended Posts

jimbigduke6

jimbigduke6

Posted
Posted

I was infected last week and thought that i had resolved the problem with Symantec Eraser and Malware bytes.  

The virus is back and worse now than ever.  

I will not allow me to enter the password for the admin account or any other account on the box.  When I go to these accounts the virus populates the password screen with the unlimited characters.  

I even got the machine to boot in Safe mode command line only and the virus enters an endless amount of zeros (0) at the command line and will not let me enter any commands.   Any help is appreciated.  Thanks

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, here's how we deal with that malware:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

You don't have to boot into safe mode, please follow these instructions:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites
jimbigduke6

jimbigduke6

Posted
  • Author
Posted

I just got it to boot and went to repair your computer, per your directions I selected the US keyboard option.  When I try to log into any of the accounts the password field is automatically populated.  seems as though the virus is entering the ramdom text to keep me from logging in?

Link to post
Share on other sites
jimbigduke6

jimbigduke6

Posted
  • Author
Posted
was able to run scan.  Computer will only start in safe mode.  If I try to start regular is beeps and windows will not load.  Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 01

Ran by Mike (administrator) on 29-07-2013 16:30:38

Running from E:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Intel Corporation) C:\windows\system32\igfxext.exe

(Intel Corporation) C:\windows\system32\igfxsrvc.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(Microsoft Corporation) C:\windows\system32\LogonUI.exe

(Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Intel Corporation) C:\windows\system32\igfxext.exe

(Intel Corporation) C:\windows\system32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Microsoft Corporation) C:\windows\system32\cmd.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgemc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)

HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-04] (Google Inc.)

MountPoints2: {f91f20f2-5fcf-11df-b0de-806e6f6e6963} - D:\autorun.exe

HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)

HKLM-x32\...\Run: [AVG9_TRAY] - C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKU\Mike_2\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-04] (Google Inc.)

HKU\Mike_2\...\RunOnce: [avg_spchecker] - C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe [406856 2011-11-24] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk

ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (No File)

Startup: C:\Users\Mike_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File

URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {BC134C4F-4261-481A-8A3F-F82393CB74ED} URL = http://search.avg.com/route/?d=4ecd1c1d&v=7.7.26.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us

BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation)

BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

Toolbar: HKLM-x32 - AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam01.snomtn.com/activex/AMC.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

Chrome: 

=======



CHR DefaultSearchURL: (AVG Secure Search) - http://search.avg.com/?d=4ecd1ca4&v=7.7.26.1&i=23&tp=ggl-chrome&q={searchTerms}

CHR DefaultSuggestURL: (AVG Secure Search) - http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] ()

R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)

R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-18] (AVG Technologies CZ, s.r.o.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [126392 2009-12-09] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-15] (AVG Technologies CZ, s.r.o.)

R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-11-23] (AVG Technologies CZ, s.r.o.)

R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)

R3 GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [120704 2005-02-18] (Gemplus)

S1 SRTSP; C:\Windows\system32\drivers\NISx64\1105000.07F\SRTSP64.SYS [504880 2009-12-03] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1105000.07F\SRTSPX64.SYS [32304 2009-12-03] (Symantec Corporation)

S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\ENG64.SYS [x]

S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\EX64.SYS [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ____D C:\FRST

2013-07-29 14:54 - 2013-07-29 16:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-07-29 14:54 - 2013-07-29 16:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2013-07-29 10:21 - 2013-07-29 10:21 - 00000000 ____D C:\Users\Michele\AppData\Roaming\Malwarebytes

2013-07-25 21:27 - 2013-07-29 14:44 - 00000000 ____D C:\Users\Mike\AppData\Local\NPE

2013-07-25 19:03 - 2013-07-25 19:06 - 00000000 ____D C:\ProgramData\PC Utility Kit

2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\PC Utility Kit

2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\DriverCure

2013-07-25 18:23 - 2013-07-29 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-25 18:23 - 2013-07-25 18:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe

2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes

2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-07-25 18:11 - 2013-07-25 18:11 - 00322988 _____ C:\Users\Michele\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-19 14:33 - 2013-07-19 14:33 - 00000000 ___HD C:\windows\AxInstSV

2013-07-12 09:19 - 2013-07-12 09:24 - 00000000 ____D C:\3b420703db25a6519debe6a7

2013-07-12 09:16 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-07-12 09:16 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-07-12 09:16 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-07-12 09:16 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-07-12 09:16 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-07-12 09:16 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-07-12 09:16 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-07-12 09:16 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-07-12 09:16 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-07-12 09:16 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-07-12 09:16 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-07-12 09:16 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-07-12 09:16 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-07-12 09:16 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-07-12 09:16 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-07-12 09:16 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-07-12 09:16 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-07-12 09:16 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-12 09:16 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-07-12 09:16 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-07-12 09:16 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-07-12 09:15 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-07-12 09:15 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-07-11 09:22 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2013-07-11 09:22 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll

2013-07-11 09:22 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll

2013-07-11 09:22 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL

2013-07-11 09:22 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL

2013-07-11 09:21 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll

2013-07-11 09:21 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

 

==================== One Month Modified Files and Folders =======

 

2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ____D C:\FRST

2013-07-29 16:26 - 2010-07-18 14:36 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-07-29 16:23 - 2010-07-18 14:39 - 00000000 ____D C:\windows\system32\Drivers\Avg

2013-07-29 16:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-29 16:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-29 16:19 - 2009-07-14 01:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI

2013-07-29 16:18 - 2010-07-18 14:36 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-29 16:18 - 2010-07-18 10:15 - 00001428 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-07-29 16:18 - 2010-07-18 10:15 - 00000000 ___RD C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-07-29 16:18 - 2010-07-18 10:13 - 00000000 ___RD C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-07-29 16:15 - 2009-07-14 00:51 - 00094286 _____ C:\windows\setupact.log

2013-07-29 16:13 - 2011-03-27 10:00 - 00000000 ____D C:\Users\Michele

2013-07-29 16:13 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-07-29 16:09 - 2013-07-29 14:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-07-29 16:09 - 2013-07-29 14:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2013-07-29 16:09 - 2013-07-25 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-29 16:09 - 2011-11-23 12:15 - 00000000 ____D C:\ProgramData\AVG Security Toolbar

2013-07-29 16:09 - 2010-12-01 20:08 - 00000000 ____D C:\Program Files (x86)\Veetle

2013-07-29 16:09 - 2010-07-18 15:10 - 00000000 ____D C:\Users\Mike_2

2013-07-29 16:09 - 2010-07-18 14:37 - 00000000 ____D C:\ProgramData\avg9

2013-07-29 16:09 - 2010-07-18 10:13 - 00000000 ____D C:\Users\Mike

2013-07-29 16:09 - 2010-05-14 23:27 - 00000000 ____D C:\ProgramData\Norton

2013-07-29 16:08 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration

2013-07-29 14:44 - 2013-07-25 21:27 - 00000000 ____D C:\Users\Mike\AppData\Local\NPE

2013-07-29 12:25 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-07-29 10:21 - 2013-07-29 10:21 - 00000000 ____D C:\Users\Michele\AppData\Roaming\Malwarebytes

2013-07-26 09:53 - 2011-03-27 10:08 - 00000000 ____D C:\Users\Michele\Documents\Outlook Files

2013-07-25 19:06 - 2013-07-25 19:03 - 00000000 ____D C:\ProgramData\PC Utility Kit

2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\PC Utility Kit

2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\DriverCure

2013-07-25 18:23 - 2013-07-25 18:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe

2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes

2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-07-25 18:15 - 2010-07-18 14:29 - 00000000 ____D C:\Users\Mike\AppData\Local\Google

2013-07-25 18:11 - 2013-07-25 18:11 - 00322988 _____ C:\Users\Michele\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-24 18:24 - 2010-05-14 23:00 - 01731514 _____ C:\windows\WindowsUpdate.log

2013-07-24 18:00 - 2012-04-01 17:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2013-07-19 14:33 - 2013-07-19 14:33 - 00000000 ___HD C:\windows\AxInstSV

2013-07-14 18:29 - 2013-02-14 17:35 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-07-14 18:21 - 2010-07-18 14:36 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-07-14 18:21 - 2010-07-18 14:36 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-07-12 09:39 - 2009-07-14 00:45 - 00429456 _____ C:\windows\system32\FNTCACHE.DAT

2013-07-12 09:37 - 2013-03-13 18:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-12 09:37 - 2013-03-13 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-12 09:37 - 2010-04-04 01:36 - 00343586 _____ C:\windows\PFRO.log

2013-07-12 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-12 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-12 09:35 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-12 09:32 - 2010-05-14 23:05 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-07-12 09:24 - 2013-07-12 09:19 - 00000000 ____D C:\3b420703db25a6519debe6a7

2013-07-12 09:19 - 2011-03-14 21:00 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-06-17 17:42

 

==================== End Of Log ============================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

The scan was taken in ------>Boot Mode: Normal ????

 

I don't see anything wrong in the log.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

MrC

Link to post
Share on other sites
jimbigduke6

jimbigduke6

Posted
  • Author
Posted
ran the RK64 scan results below:  TY!

 

 

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Mike [Admin rights]

Mode : Scan -- Date : 07/29/2013 17:35:42

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST9250315AS +++++

--- User ---

[MBR] a32c698fd3b2a4486ac2bcfd6cbfe899

[bSP] b9818e7a885bcd3eec8b6b3757018fc4 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: ST9250315AS +++++

--- User ---

[MBR] ad33a3a547bba123744a073c3fd010a6

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14883 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_07292013_173542.txt >>
Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.