Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FBI moneypak help me please
Message
<blockquote data-quote="lecohen123" data-source="post: 120498" data-attributes="member: 8211"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-05-2013</p><p>Ran by SYSTEM on 13-05-2013 16:27:22</p><p>Running from F:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet005</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [] [x]</p><p>HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [161304 2010-08-10] (Intel Corporation)</p><p>HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [386584 2010-08-10] (Intel Corporation)</p><p>HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [415256 2010-08-10] (Intel Corporation)</p><p>HKLM\...\Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [520760 2010-03-10] (Conexant Systems, Inc.)</p><p>HKLM\...\Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t [307768 2010-04-28] ()</p><p>HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)</p><p>HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2010-02-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]</p><p>HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess</p><p>HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)</p><p>HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2011-12-01] (SupportSoft, Inc.)</p><p>HKLM-x32\...\Run: [] [x]</p><p>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)</p><p>HKU\Sammy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-14] (Google Inc.)</p><p>HKU\Sammy\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4973456 2013-03-14] (Exent Technologies Ltd.)</p><p>HKU\Sammy\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-16] ()</p><p>HKU\Sammy\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [28467264 2013-01-20] (ooVoo LLC)</p><p>HKU\Sammy\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)</p><p>HKU\Sammy\...\Run: [Facebook Update] "C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-11-05] (Facebook Inc.)</p><p>HKU\Sammy\...\Run: [Akamai NetSession Interface] "C:\Users\Sammy\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)</p><p>HKU\Sammy\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)</p><p>HKU\Sammy\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)</p><p>HKU\Sammy\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)</p><p>HKU\Sammy\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sammy\Documents\44bfefeb.exe [30208 2013-05-11] ()</p><p>HKU\Sammy\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)</p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk</p><p>ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)</p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk</p><p>ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)</p><p>S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)</p><p>S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll [262584 2011-03-31] (Symantec Corporation)</p><p>S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)</p><p>S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)</p><p>S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)</p><p>S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-12-23] (Symantec Corporation)</p><p>S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-30] (Symantec Corporation)</p><p>S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSvia64.sys [488568 2012-01-13] (Symantec Corporation)</p><p>S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)</p><p>S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)</p><p>S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\ENG64.SYS [117880 2011-12-30] (Symantec Corporation)</p><p>S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\EX64.SYS [2048632 2011-12-30] (Symantec Corporation)</p><p>S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)</p><p>S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-13] (Symantec Corporation)</p><p>S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)</p><p>S1 bkmupewq; \??\C:\windows\system32\drivers\bkmupewq.sys [x]</p><p>S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]</p><p>S1 nnqstaba; \??\C:\windows\system32\drivers\nnqstaba.sys [x]</p><p>S1 rvqutugk; \??\C:\windows\system32\drivers\rvqutugk.sys [x]</p><p>S3 SRTSP; \SystemRoot\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS [x]</p><p>S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS [x]</p><p>S0 SymDS; system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]</p><p>S0 SymEFA; system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]</p><p>S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]</p><p>S1 SymNetS; \SystemRoot\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]</p><p>S1 ubfcdqou; \??\C:\windows\system32\drivers\ubfcdqou.sys [x]</p><p>S1 ukcvaboe; \??\C:\windows\system32\drivers\ukcvaboe.sys [x]</p><p>S1 vrfghvcz; \??\C:\windows\system32\drivers\vrfghvcz.sys [x]</p><p>S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]</p><p>S3 X6va005; \??\C:\Users\Sammy\AppData\Local\Temp\005421F.tmp [x]</p><p>S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-13 16:27 - 2013-05-13 16:27 - 00000000 ____D C:\FRST</p><p>2013-05-13 10:45 - 2013-05-13 10:45 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2013-05-13 09:01 - 2013-05-13 09:01 - 00000000 ____A C:\config.sys</p><p>2013-05-13 04:53 - 2013-05-13 04:53 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-05-12 22:17 - 2013-05-13 05:08 - 00000002 ____A C:\Users\Sammy\Desktop\Rkill.txt</p><p>2013-05-12 08:59 - 2013-05-13 10:45 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-11 11:31 - 2013-05-11 11:31 - 00000000 __SHD C:\found.000</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 01096081 ____A C:\Users\Sammy\AppData\Local\2433f433</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 01096064 ____A C:\Users\Sammy\AppData\Roaming\2433f433</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 01096048 ____A C:\ProgramData\2433f433</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 00030208 ____A C:\Users\Sammy\Documents\44bfefeb.exe</p><p>2013-05-04 05:35 - 2013-05-06 23:23 - 00000000 ____D C:\Users\Sammy\Desktop\music 2</p><p>2013-05-02 15:21 - 2013-05-02 15:23 - 90130256 ____A (Apple Inc.) C:\Users\Sammy\Downloads\iTunes64Setup.exe</p><p>2013-04-26 14:26 - 2013-04-26 14:27 - 86281098 ____A C:\Users\Sammy\Downloads\Lil Wayne & Young Money - YMCMB- The Mixtape[TapeJams.com].zip</p><p>2013-04-26 14:23 - 2013-04-26 14:23 - 81655197 ____A C:\Users\Sammy\Downloads\Soulja Boy - Foreign 2[TapeJams.com].zip</p><p>2013-04-26 14:18 - 2013-04-26 14:18 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com] (1).zip</p><p>2013-04-26 14:17 - 2013-04-26 14:17 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com].zip</p><p>2013-04-26 13:11 - 2013-04-26 13:16 - 88638064 ____A C:\Users\Sammy\Downloads\A$AP Rocky - Long Live A$AP - AlbumJams.zip</p><p>2013-04-24 10:38 - 2013-04-24 10:39 - 00920234 ____A (Solid State Networks) C:\Users\Sammy\Downloads\Unconfirmed 585497.crdownload</p><p>2013-04-23 13:14 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p>2013-04-21 03:48 - 2013-04-21 03:49 - 113130546 ____A C:\Users\Sammy\Documents\DMO_MP_v78_86_20130409.exe</p><p>2013-04-21 03:44 - 2013-04-21 03:44 - 00000701 ____A C:\Users\Sammy\Desktop\GDMO.lnk</p><p>2013-04-21 03:41 - 2013-04-21 03:41 - 00000000 ____D C:\Joymax</p><p>2013-04-21 03:23 - 2013-04-21 03:30 - 760347378 ____A C:\Users\Sammy\Documents\DMO_Install_20130409.exe</p><p>2013-04-16 11:35 - 2013-04-16 11:35 - 00006890 ____A C:\AdwCleaner[S2].txt</p><p>2013-04-16 11:35 - 2013-04-16 11:35 - 00000172 ____A C:\Windows\DeleteOnReboot.bat</p><p>2013-04-16 11:34 - 2013-04-16 11:34 - 00007202 ____A C:\AdwCleaner[R2].txt</p><p>2013-04-16 11:33 - 2013-04-16 11:34 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner (1).exe</p><p>2013-04-16 11:33 - 2013-04-16 11:33 - 00000320 ____A C:\AdwCleaner[S1].txt</p><p>2013-04-16 11:32 - 2013-04-16 11:33 - 00007079 ____A C:\AdwCleaner[R1].txt</p><p>2013-04-16 11:32 - 2013-04-16 11:32 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner.exe</p><p>2013-04-16 08:00 - 2013-04-16 08:00 - 00000000 ____D C:\TDSSKiller_Quarantine</p><p>2013-04-16 07:51 - 2013-04-16 07:51 - 00001945 ____A C:\Windows\epplauncher.mif</p><p>2013-04-16 07:49 - 2013-04-16 07:50 - 00000000 ____D C:\Program Files\Microsoft Security Client</p><p>2013-04-16 07:49 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client</p><p>2013-04-16 07:39 - 2013-04-16 07:39 - 00002085 ____A C:\Users\Public\Desktop\Play Free Games.lnk</p><p>2013-04-16 07:39 - 2013-04-16 07:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk</p><p>2013-04-16 07:38 - 2013-04-16 07:38 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk</p><p>2013-04-16 07:38 - 2013-04-16 07:38 - 00000000 ____D C:\Program Files (x86)\Adobe</p><p>2013-04-15 13:15 - 2013-04-16 07:35 - 00000000 ____A C:\ProgramData\as98213.txt</p><p>2013-04-15 13:15 - 2013-04-15 16:07 - 95023320 ___AT C:\ProgramData\1olvg.pad</p><p>2013-04-15 13:15 - 2013-04-15 13:15 - 00000151 ____A C:\ProgramData\1olvg.reg</p><p>2013-04-15 13:15 - 2013-04-15 13:15 - 00000055 ____A C:\ProgramData\1olvg.bat</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-13 16:27 - 2013-05-13 16:27 - 00000000 ____D C:\FRST</p><p>2013-05-13 13:58 - 2010-12-13 00:41 - 00000000 ____D C:\ProgramData\Norton</p><p>2013-05-13 13:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration</p><p>2013-05-13 11:12 - 2010-10-14 20:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-05-13 11:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-13 11:12 - 2009-07-13 20:51 - 00061136 ____A C:\Windows\setupact.log</p><p>2013-05-13 11:11 - 2010-12-13 00:15 - 01488795 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-13 11:06 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-13 11:06 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-13 10:45 - 2013-05-13 10:45 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2013-05-13 10:45 - 2013-05-12 08:59 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2013-05-13 10:32 - 2013-01-07 15:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-13 10:08 - 2011-02-05 12:47 - 00000000 ____D C:\users\Sammy</p><p>2013-05-13 09:01 - 2013-05-13 09:01 - 00000000 ____A C:\config.sys</p><p>2013-05-13 05:08 - 2013-05-12 22:17 - 00000002 ____A C:\Users\Sammy\Desktop\Rkill.txt</p><p>2013-05-13 04:53 - 2013-05-13 04:53 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-05-12 06:36 - 2012-11-05 13:31 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2794690405-3217660982-2928238901-1000UA.job</p><p>2013-05-11 11:31 - 2013-05-11 11:31 - 00000000 __SHD C:\found.000</p><p>2013-05-11 07:48 - 2010-10-14 20:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 01096081 ____A C:\Users\Sammy\AppData\Local\2433f433</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 01096064 ____A C:\Users\Sammy\AppData\Roaming\2433f433</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 01096048 ____A C:\ProgramData\2433f433</p><p>2013-05-11 07:18 - 2013-05-11 07:18 - 00030208 ____A C:\Users\Sammy\Documents\44bfefeb.exe</p><p>2013-05-11 07:02 - 2011-03-05 18:42 - 00000000 ___HD C:\Users\Sammy\AppData\Local\PMB Files</p><p>2013-05-11 07:02 - 2011-03-05 18:42 - 00000000 ____D C:\ProgramData\PMB Files</p><p>2013-05-10 22:54 - 2009-07-13 21:08 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2013-05-10 12:36 - 2012-11-05 13:31 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2794690405-3217660982-2928238901-1000Core.job</p><p>2013-05-10 01:17 - 2009-07-13 21:13 - 00741000 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-06 23:23 - 2013-05-04 05:35 - 00000000 ____D C:\Users\Sammy\Desktop\music 2</p><p>2013-05-06 19:53 - 2011-08-06 18:21 - 00000000 ____D C:\Program Files (x86)\Steam</p><p>2013-05-06 19:49 - 2010-10-14 20:32 - 00848996 ____A C:\Windows\PFRO.log</p><p>2013-05-02 15:23 - 2013-05-02 15:21 - 90130256 ____A (Apple Inc.) C:\Users\Sammy\Downloads\iTunes64Setup.exe</p><p>2013-05-02 15:08 - 2010-10-14 19:57 - 00000000 ____D C:\ProgramData\Adobe</p><p>2013-05-02 15:07 - 2011-02-05 14:21 - 00000000 ___HD C:\Users\Sammy\AppData\Local\Adobe</p><p>2013-05-02 15:07 - 2011-02-05 14:15 - 00000000 ____D C:\Users\Sammy\AppData\Roaming\Adobe</p><p>2013-05-02 13:24 - 2013-01-31 14:32 - 00000000 ____D C:\Users\Sammy\AppData\Local\Apple Computer</p><p>2013-05-02 13:24 - 2012-03-11 14:04 - 00000000 ____D C:\Users\Sammy\AppData\Roaming\Apple Computer</p><p>2013-05-02 07:29 - 2011-02-12 15:48 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe</p><p>2013-04-27 11:23 - 2011-02-05 12:49 - 00000000 ____D C:\Users\Sammy\AppData\Local\VirtualStore</p><p>2013-04-26 14:27 - 2013-04-26 14:26 - 86281098 ____A C:\Users\Sammy\Downloads\Lil Wayne & Young Money - YMCMB- The Mixtape[TapeJams.com].zip</p><p>2013-04-26 14:23 - 2013-04-26 14:23 - 81655197 ____A C:\Users\Sammy\Downloads\Soulja Boy - Foreign 2[TapeJams.com].zip</p><p>2013-04-26 14:18 - 2013-04-26 14:18 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com] (1).zip</p><p>2013-04-26 14:17 - 2013-04-26 14:17 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com].zip</p><p>2013-04-26 13:16 - 2013-04-26 13:11 - 88638064 ____A C:\Users\Sammy\Downloads\A$AP Rocky - Long Live A$AP - AlbumJams.zip</p><p>2013-04-24 10:39 - 2013-04-24 10:38 - 00920234 ____A (Solid State Networks) C:\Users\Sammy\Downloads\Unconfirmed 585497.crdownload</p><p>2013-04-21 03:49 - 2013-04-21 03:48 - 113130546 ____A C:\Users\Sammy\Documents\DMO_MP_v78_86_20130409.exe</p><p>2013-04-21 03:44 - 2013-04-21 03:44 - 00000701 ____A C:\Users\Sammy\Desktop\GDMO.lnk</p><p>2013-04-21 03:41 - 2013-04-21 03:41 - 00000000 ____D C:\Joymax</p><p>2013-04-21 03:30 - 2013-04-21 03:23 - 760347378 ____A C:\Users\Sammy\Documents\DMO_Install_20130409.exe</p><p>2013-04-16 11:35 - 2013-04-16 11:35 - 00006890 ____A C:\AdwCleaner[S2].txt</p><p>2013-04-16 11:35 - 2013-04-16 11:35 - 00000172 ____A C:\Windows\DeleteOnReboot.bat</p><p>2013-04-16 11:34 - 2013-04-16 11:34 - 00007202 ____A C:\AdwCleaner[R2].txt</p><p>2013-04-16 11:34 - 2013-04-16 11:33 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner (1).exe</p><p>2013-04-16 11:33 - 2013-04-16 11:33 - 00000320 ____A C:\AdwCleaner[S1].txt</p><p>2013-04-16 11:33 - 2013-04-16 11:32 - 00007079 ____A C:\AdwCleaner[R1].txt</p><p>2013-04-16 11:32 - 2013-04-16 11:32 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner.exe</p><p>2013-04-16 08:00 - 2013-04-16 08:00 - 00000000 ____D C:\TDSSKiller_Quarantine</p><p>2013-04-16 07:51 - 2013-04-16 07:51 - 00001945 ____A C:\Windows\epplauncher.mif</p><p>2013-04-16 07:50 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files\Microsoft Security Client</p><p>2013-04-16 07:49 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client</p><p>2013-04-16 07:39 - 2013-04-16 07:39 - 00002085 ____A C:\Users\Public\Desktop\Play Free Games.lnk</p><p>2013-04-16 07:39 - 2013-04-16 07:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk</p><p>2013-04-16 07:39 - 2012-01-01 11:05 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-04-16 07:39 - 2012-01-01 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-04-16 07:39 - 2011-03-18 12:42 - 00000064 ____A C:\Windows\GPlrLanc.dat</p><p>2013-04-16 07:39 - 2011-03-18 12:42 - 00000000 ____D C:\ProgramData\Free Ride Games</p><p>2013-04-16 07:39 - 2011-03-18 12:42 - 00000000 ____D C:\Program Files (x86)\Free Ride Games</p><p>2013-04-16 07:38 - 2013-04-16 07:38 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk</p><p>2013-04-16 07:38 - 2013-04-16 07:38 - 00000000 ____D C:\Program Files (x86)\Adobe</p><p>2013-04-16 07:35 - 2013-04-15 13:15 - 00000000 ____A C:\ProgramData\as98213.txt</p><p>2013-04-15 16:07 - 2013-04-15 13:15 - 95023320 ___AT C:\ProgramData\1olvg.pad</p><p>2013-04-15 13:15 - 2013-04-15 13:15 - 00000151 ____A C:\ProgramData\1olvg.reg</p><p>2013-04-15 13:15 - 2013-04-15 13:15 - 00000055 ____A C:\ProgramData\1olvg.bat</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-21-2794690405-3217660982-2928238901-1000\$d0d044e97abb0899018b0676cf8a906a</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-18\$d0d044e97abb0899018b0676cf8a906a</p><p></p><p>Other Malware:</p><p>===========</p><p>C:\ProgramData\1olvg.bat</p><p>C:\ProgramData\1olvg.pad</p><p>C:\ProgramData\1olvg.reg</p><p>C:\ProgramData\hash.dat</p><p>C:\ProgramData\pd6xyAbLq.dat</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-04-27 15:28:38</p><p>Restore point made on: 2013-05-01 12:20:39</p><p>Restore point made on: 2013-05-04 15:00:13</p><p>Restore point made on: 2013-05-07 16:48:11</p><p>Restore point made on: 2013-05-12 21:11:51</p><p>Restore point made on: 2013-05-13 10:43:31</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 14%</p><p>Total physical RAM: 3893.86 MB</p><p>Available physical RAM: 3321.43 MB</p><p>Total Pagefile: 3892.01 MB</p><p>Available Pagefile: 3318.06 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.88 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (TI106033W0C) (Fixed) (Total:284.9 GB) (Free:112.43 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (System) (Fixed) (Total:1.46 GB) (Free:0.96 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]</p><p>Drive e: (May 12 2013) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF</p><p>Drive f: (USB20FD) (Removable) (Total:1.87 GB) (Free:0.59 GB) FAT (Disk=1 Partition=1)</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 38A39E6A)</p><p>Partition 1: (Active) - (Size=1 GB) - (Type=27)</p><p>Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=12 GB) - (Type=17)</p><p></p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)</p><p>Partition 1: (Active) - (Size=2 GB) - (Type=06)</p><p></p><p></p><p>Last Boot: 2013-05-11 08:56</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="lecohen123, post: 120498, member: 8211"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-05-2013 Ran by SYSTEM on 13-05-2013 16:27:22 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet005 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] [x] HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [161304 2010-08-10] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [386584 2010-08-10] (Intel Corporation) HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [415256 2010-08-10] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t [307768 2010-04-28] () HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2011-12-01] (SupportSoft, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKU\Sammy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-14] (Google Inc.) HKU\Sammy\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4973456 2013-03-14] (Exent Technologies Ltd.) HKU\Sammy\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-16] () HKU\Sammy\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [28467264 2013-01-20] (ooVoo LLC) HKU\Sammy\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation) HKU\Sammy\...\Run: [Facebook Update] "C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-11-05] (Facebook Inc.) HKU\Sammy\...\Run: [Akamai NetSession Interface] "C:\Users\Sammy\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.) HKU\Sammy\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.) HKU\Sammy\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.) HKU\Sammy\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.) HKU\Sammy\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sammy\Documents\44bfefeb.exe [30208 2013-05-11] () HKU\Sammy\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Services (Whitelisted) ================= S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll [262584 2011-03-31] (Symantec Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.) S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-12-23] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-30] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSvia64.sys [488568 2012-01-13] (Symantec Corporation) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\ENG64.SYS [117880 2011-12-30] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\EX64.SYS [2048632 2011-12-30] (Symantec Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-13] (Symantec Corporation) S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S1 bkmupewq; \??\C:\windows\system32\drivers\bkmupewq.sys [x] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x] S1 nnqstaba; \??\C:\windows\system32\drivers\nnqstaba.sys [x] S1 rvqutugk; \??\C:\windows\system32\drivers\rvqutugk.sys [x] S3 SRTSP; \SystemRoot\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS [x] S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS [x] S0 SymDS; system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x] S0 SymEFA; system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x] S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x] S1 SymNetS; \SystemRoot\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x] S1 ubfcdqou; \??\C:\windows\system32\drivers\ubfcdqou.sys [x] S1 ukcvaboe; \??\C:\windows\system32\drivers\ukcvaboe.sys [x] S1 vrfghvcz; \??\C:\windows\system32\drivers\vrfghvcz.sys [x] S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x] S3 X6va005; \??\C:\Users\Sammy\AppData\Local\Temp\005421F.tmp [x] S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-13 16:27 - 2013-05-13 16:27 - 00000000 ____D C:\FRST 2013-05-13 10:45 - 2013-05-13 10:45 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-05-13 09:01 - 2013-05-13 09:01 - 00000000 ____A C:\config.sys 2013-05-13 04:53 - 2013-05-13 04:53 - 00000000 ____D C:\Program Files\HitmanPro 2013-05-12 22:17 - 2013-05-13 05:08 - 00000002 ____A C:\Users\Sammy\Desktop\Rkill.txt 2013-05-12 08:59 - 2013-05-13 10:45 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-11 11:31 - 2013-05-11 11:31 - 00000000 __SHD C:\found.000 2013-05-11 07:18 - 2013-05-11 07:18 - 01096081 ____A C:\Users\Sammy\AppData\Local\2433f433 2013-05-11 07:18 - 2013-05-11 07:18 - 01096064 ____A C:\Users\Sammy\AppData\Roaming\2433f433 2013-05-11 07:18 - 2013-05-11 07:18 - 01096048 ____A C:\ProgramData\2433f433 2013-05-11 07:18 - 2013-05-11 07:18 - 00030208 ____A C:\Users\Sammy\Documents\44bfefeb.exe 2013-05-04 05:35 - 2013-05-06 23:23 - 00000000 ____D C:\Users\Sammy\Desktop\music 2 2013-05-02 15:21 - 2013-05-02 15:23 - 90130256 ____A (Apple Inc.) C:\Users\Sammy\Downloads\iTunes64Setup.exe 2013-04-26 14:26 - 2013-04-26 14:27 - 86281098 ____A C:\Users\Sammy\Downloads\Lil Wayne & Young Money - YMCMB- The Mixtape[TapeJams.com].zip 2013-04-26 14:23 - 2013-04-26 14:23 - 81655197 ____A C:\Users\Sammy\Downloads\Soulja Boy - Foreign 2[TapeJams.com].zip 2013-04-26 14:18 - 2013-04-26 14:18 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com] (1).zip 2013-04-26 14:17 - 2013-04-26 14:17 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com].zip 2013-04-26 13:11 - 2013-04-26 13:16 - 88638064 ____A C:\Users\Sammy\Downloads\A$AP Rocky - Long Live A$AP - AlbumJams.zip 2013-04-24 10:38 - 2013-04-24 10:39 - 00920234 ____A (Solid State Networks) C:\Users\Sammy\Downloads\Unconfirmed 585497.crdownload 2013-04-23 13:14 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-21 03:48 - 2013-04-21 03:49 - 113130546 ____A C:\Users\Sammy\Documents\DMO_MP_v78_86_20130409.exe 2013-04-21 03:44 - 2013-04-21 03:44 - 00000701 ____A C:\Users\Sammy\Desktop\GDMO.lnk 2013-04-21 03:41 - 2013-04-21 03:41 - 00000000 ____D C:\Joymax 2013-04-21 03:23 - 2013-04-21 03:30 - 760347378 ____A C:\Users\Sammy\Documents\DMO_Install_20130409.exe 2013-04-16 11:35 - 2013-04-16 11:35 - 00006890 ____A C:\AdwCleaner[S2].txt 2013-04-16 11:35 - 2013-04-16 11:35 - 00000172 ____A C:\Windows\DeleteOnReboot.bat 2013-04-16 11:34 - 2013-04-16 11:34 - 00007202 ____A C:\AdwCleaner[R2].txt 2013-04-16 11:33 - 2013-04-16 11:34 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner (1).exe 2013-04-16 11:33 - 2013-04-16 11:33 - 00000320 ____A C:\AdwCleaner[S1].txt 2013-04-16 11:32 - 2013-04-16 11:33 - 00007079 ____A C:\AdwCleaner[R1].txt 2013-04-16 11:32 - 2013-04-16 11:32 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner.exe 2013-04-16 08:00 - 2013-04-16 08:00 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-04-16 07:51 - 2013-04-16 07:51 - 00001945 ____A C:\Windows\epplauncher.mif 2013-04-16 07:49 - 2013-04-16 07:50 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-04-16 07:49 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-04-16 07:39 - 2013-04-16 07:39 - 00002085 ____A C:\Users\Public\Desktop\Play Free Games.lnk 2013-04-16 07:39 - 2013-04-16 07:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk 2013-04-16 07:38 - 2013-04-16 07:38 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-04-16 07:38 - 2013-04-16 07:38 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-04-15 13:15 - 2013-04-16 07:35 - 00000000 ____A C:\ProgramData\as98213.txt 2013-04-15 13:15 - 2013-04-15 16:07 - 95023320 ___AT C:\ProgramData\1olvg.pad 2013-04-15 13:15 - 2013-04-15 13:15 - 00000151 ____A C:\ProgramData\1olvg.reg 2013-04-15 13:15 - 2013-04-15 13:15 - 00000055 ____A C:\ProgramData\1olvg.bat ==================== One Month Modified Files and Folders ======= 2013-05-13 16:27 - 2013-05-13 16:27 - 00000000 ____D C:\FRST 2013-05-13 13:58 - 2010-12-13 00:41 - 00000000 ____D C:\ProgramData\Norton 2013-05-13 13:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-05-13 11:12 - 2010-10-14 20:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-13 11:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-13 11:12 - 2009-07-13 20:51 - 00061136 ____A C:\Windows\setupact.log 2013-05-13 11:11 - 2010-12-13 00:15 - 01488795 ____A C:\Windows\WindowsUpdate.log 2013-05-13 11:06 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-13 11:06 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-13 10:45 - 2013-05-13 10:45 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-05-13 10:45 - 2013-05-12 08:59 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-13 10:32 - 2013-01-07 15:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-13 10:08 - 2011-02-05 12:47 - 00000000 ____D C:\users\Sammy 2013-05-13 09:01 - 2013-05-13 09:01 - 00000000 ____A C:\config.sys 2013-05-13 05:08 - 2013-05-12 22:17 - 00000002 ____A C:\Users\Sammy\Desktop\Rkill.txt 2013-05-13 04:53 - 2013-05-13 04:53 - 00000000 ____D C:\Program Files\HitmanPro 2013-05-12 06:36 - 2012-11-05 13:31 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2794690405-3217660982-2928238901-1000UA.job 2013-05-11 11:31 - 2013-05-11 11:31 - 00000000 __SHD C:\found.000 2013-05-11 07:48 - 2010-10-14 20:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-11 07:18 - 2013-05-11 07:18 - 01096081 ____A C:\Users\Sammy\AppData\Local\2433f433 2013-05-11 07:18 - 2013-05-11 07:18 - 01096064 ____A C:\Users\Sammy\AppData\Roaming\2433f433 2013-05-11 07:18 - 2013-05-11 07:18 - 01096048 ____A C:\ProgramData\2433f433 2013-05-11 07:18 - 2013-05-11 07:18 - 00030208 ____A C:\Users\Sammy\Documents\44bfefeb.exe 2013-05-11 07:02 - 2011-03-05 18:42 - 00000000 ___HD C:\Users\Sammy\AppData\Local\PMB Files 2013-05-11 07:02 - 2011-03-05 18:42 - 00000000 ____D C:\ProgramData\PMB Files 2013-05-10 22:54 - 2009-07-13 21:08 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-10 12:36 - 2012-11-05 13:31 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2794690405-3217660982-2928238901-1000Core.job 2013-05-10 01:17 - 2009-07-13 21:13 - 00741000 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-06 23:23 - 2013-05-04 05:35 - 00000000 ____D C:\Users\Sammy\Desktop\music 2 2013-05-06 19:53 - 2011-08-06 18:21 - 00000000 ____D C:\Program Files (x86)\Steam 2013-05-06 19:49 - 2010-10-14 20:32 - 00848996 ____A C:\Windows\PFRO.log 2013-05-02 15:23 - 2013-05-02 15:21 - 90130256 ____A (Apple Inc.) C:\Users\Sammy\Downloads\iTunes64Setup.exe 2013-05-02 15:08 - 2010-10-14 19:57 - 00000000 ____D C:\ProgramData\Adobe 2013-05-02 15:07 - 2011-02-05 14:21 - 00000000 ___HD C:\Users\Sammy\AppData\Local\Adobe 2013-05-02 15:07 - 2011-02-05 14:15 - 00000000 ____D C:\Users\Sammy\AppData\Roaming\Adobe 2013-05-02 13:24 - 2013-01-31 14:32 - 00000000 ____D C:\Users\Sammy\AppData\Local\Apple Computer 2013-05-02 13:24 - 2012-03-11 14:04 - 00000000 ____D C:\Users\Sammy\AppData\Roaming\Apple Computer 2013-05-02 07:29 - 2011-02-12 15:48 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-04-27 11:23 - 2011-02-05 12:49 - 00000000 ____D C:\Users\Sammy\AppData\Local\VirtualStore 2013-04-26 14:27 - 2013-04-26 14:26 - 86281098 ____A C:\Users\Sammy\Downloads\Lil Wayne & Young Money - YMCMB- The Mixtape[TapeJams.com].zip 2013-04-26 14:23 - 2013-04-26 14:23 - 81655197 ____A C:\Users\Sammy\Downloads\Soulja Boy - Foreign 2[TapeJams.com].zip 2013-04-26 14:18 - 2013-04-26 14:18 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com] (1).zip 2013-04-26 14:17 - 2013-04-26 14:17 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com].zip 2013-04-26 13:16 - 2013-04-26 13:11 - 88638064 ____A C:\Users\Sammy\Downloads\A$AP Rocky - Long Live A$AP - AlbumJams.zip 2013-04-24 10:39 - 2013-04-24 10:38 - 00920234 ____A (Solid State Networks) C:\Users\Sammy\Downloads\Unconfirmed 585497.crdownload 2013-04-21 03:49 - 2013-04-21 03:48 - 113130546 ____A C:\Users\Sammy\Documents\DMO_MP_v78_86_20130409.exe 2013-04-21 03:44 - 2013-04-21 03:44 - 00000701 ____A C:\Users\Sammy\Desktop\GDMO.lnk 2013-04-21 03:41 - 2013-04-21 03:41 - 00000000 ____D C:\Joymax 2013-04-21 03:30 - 2013-04-21 03:23 - 760347378 ____A C:\Users\Sammy\Documents\DMO_Install_20130409.exe 2013-04-16 11:35 - 2013-04-16 11:35 - 00006890 ____A C:\AdwCleaner[S2].txt 2013-04-16 11:35 - 2013-04-16 11:35 - 00000172 ____A C:\Windows\DeleteOnReboot.bat 2013-04-16 11:34 - 2013-04-16 11:34 - 00007202 ____A C:\AdwCleaner[R2].txt 2013-04-16 11:34 - 2013-04-16 11:33 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner (1).exe 2013-04-16 11:33 - 2013-04-16 11:33 - 00000320 ____A C:\AdwCleaner[S1].txt 2013-04-16 11:33 - 2013-04-16 11:32 - 00007079 ____A C:\AdwCleaner[R1].txt 2013-04-16 11:32 - 2013-04-16 11:32 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner.exe 2013-04-16 08:00 - 2013-04-16 08:00 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-04-16 07:51 - 2013-04-16 07:51 - 00001945 ____A C:\Windows\epplauncher.mif 2013-04-16 07:50 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-04-16 07:49 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-04-16 07:39 - 2013-04-16 07:39 - 00002085 ____A C:\Users\Public\Desktop\Play Free Games.lnk 2013-04-16 07:39 - 2013-04-16 07:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk 2013-04-16 07:39 - 2012-01-01 11:05 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-16 07:39 - 2012-01-01 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-16 07:39 - 2011-03-18 12:42 - 00000064 ____A C:\Windows\GPlrLanc.dat 2013-04-16 07:39 - 2011-03-18 12:42 - 00000000 ____D C:\ProgramData\Free Ride Games 2013-04-16 07:39 - 2011-03-18 12:42 - 00000000 ____D C:\Program Files (x86)\Free Ride Games 2013-04-16 07:38 - 2013-04-16 07:38 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-04-16 07:38 - 2013-04-16 07:38 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-04-16 07:35 - 2013-04-15 13:15 - 00000000 ____A C:\ProgramData\as98213.txt 2013-04-15 16:07 - 2013-04-15 13:15 - 95023320 ___AT C:\ProgramData\1olvg.pad 2013-04-15 13:15 - 2013-04-15 13:15 - 00000151 ____A C:\ProgramData\1olvg.reg 2013-04-15 13:15 - 2013-04-15 13:15 - 00000055 ____A C:\ProgramData\1olvg.bat ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2794690405-3217660982-2928238901-1000\$d0d044e97abb0899018b0676cf8a906a ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$d0d044e97abb0899018b0676cf8a906a Other Malware: =========== C:\ProgramData\1olvg.bat C:\ProgramData\1olvg.pad C:\ProgramData\1olvg.reg C:\ProgramData\hash.dat C:\ProgramData\pd6xyAbLq.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-27 15:28:38 Restore point made on: 2013-05-01 12:20:39 Restore point made on: 2013-05-04 15:00:13 Restore point made on: 2013-05-07 16:48:11 Restore point made on: 2013-05-12 21:11:51 Restore point made on: 2013-05-13 10:43:31 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3893.86 MB Available physical RAM: 3321.43 MB Total Pagefile: 3892.01 MB Available Pagefile: 3318.06 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (TI106033W0C) (Fixed) (Total:284.9 GB) (Free:112.43 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:0.96 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] Drive e: (May 12 2013) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF Drive f: (USB20FD) (Removable) (Total:1.87 GB) (Free:0.59 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 38A39E6A) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=2 GB) - (Type=06) Last Boot: 2013-05-11 08:56 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
