Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
fbi moneypak virus
Message
<blockquote data-quote="pfeifwa" data-source="post: 121548" data-attributes="member: 8398"><p>here is the scan</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013</p><p>Ran by SYSTEM on 20-05-2013 13:06:19</p><p>Running from E:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)</p><p>HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)</p><p>HKLM\...\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [314880 2009-09-16] (PixArt Imaging Incorporation)</p><p>HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$1730a923dc455de520baeecb8e25b4b7\n. ATTENTION! ====> ZeroAccess</p><p>HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] ()</p><p>HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS)</p><p>HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)</p><p>HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)</p><p>HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244608 2009-09-11] (VIA)</p><p>HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [246504 2010-01-11] (Sun Microsystems, Inc.)</p><p>HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)</p><p>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)</p><p>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)</p><p>HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)</p><p>HKU\Owner\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-06-03] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>HKU\Owner\...\Run: [MediaGet2] C:\Users\Owner\AppData\Local\MediaGet2\mediaget.exe --minimized [10847976 2013-02-17] (MediaGet LLC)</p><p>HKU\Owner\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]</p><p>HKU\Owner\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)</p><p>HKU\Owner\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)</p><p>HKU\Owner\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)</p><p>HKU\Owner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Owner\Documents\259c64b6.exe [27136 2013-05-18] ()</p><p>HKU\Owner\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION </p><p>Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk</p><p>ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()</p><p>Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk</p><p>ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)</p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk</p><p>ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)</p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk</p><p>ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)</p><p>Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>ShortcutTarget: Dropbox.lnk -> (No File)</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96824 2009-07-21] (ASUS)</p><p>S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)</p><p>S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)</p><p>S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)</p><p>S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)</p><p>S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-28] (PixArt Imaging Incorporation)</p><p>S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130517.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)</p><p>S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )</p><p>S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130520.003\ENG64.SYS [126192 2013-01-16] (Symantec Corporation)</p><p>S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130520.003\EX64.SYS [2087664 2013-01-16] (Symantec Corporation)</p><p>S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)</p><p>S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-03] (Symantec Corporation)</p><p>S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [x]</p><p>S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [x]</p><p>S0 SymDS; system32\drivers\N360x64\0502020.003\SYMDS64.SYS [x]</p><p>S0 SymEFA; system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [x]</p><p>S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0502020.003\Ironx64.SYS [x]</p><p>S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [x]</p><p>S3 tmlwf; </p><p>S3 tmwfp; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-20 13:06 - 2013-05-20 13:06 - 00000000 ____D C:\FRST</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 01096080 ____A C:\ProgramData\2433f433</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 01096036 ____A C:\Users\Owner\AppData\Roaming\2433f433</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 01096018 ____A C:\Users\Owner\AppData\Local\2433f433</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 00027136 ____A C:\Users\Owner\Documents\259c64b6.exe</p><p>2013-05-17 13:48 - 2013-05-17 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAF31FA2-8AD8-4B3A-9468-9345B2730063}</p><p>2013-05-17 01:48 - 2013-05-17 01:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3E68DC7-F9DE-4AC1-94DA-5AF12DCA1B07}</p><p>2013-05-16 13:47 - 2013-05-16 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{2A382BCA-7B38-4E33-8A4D-8A0AC8ED008D}</p><p>2013-05-16 02:02 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-05-16 02:02 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-05-16 02:02 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2013-05-16 02:02 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-05-16 02:02 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-05-16 02:02 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe</p><p>2013-05-16 02:02 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</p><p>2013-05-16 02:01 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-05-16 02:01 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-05-15 13:42 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys</p><p>2013-05-15 13:42 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys</p><p>2013-05-15 13:42 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll</p><p>2013-05-15 13:41 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</p><p>2013-05-15 13:41 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll</p><p>2013-05-15 13:41 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll</p><p>2013-05-15 13:41 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe</p><p>2013-05-15 13:41 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll</p><p>2013-05-15 13:41 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll</p><p>2013-05-15 13:41 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll</p><p>2013-05-15 13:41 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll</p><p>2013-05-15 13:41 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</p><p>2013-05-15 13:41 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll</p><p>2013-05-15 13:41 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</p><p>2013-05-10 00:44 - 2013-05-16 00:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{FDDE7A0E-32BA-4968-A62D-5C91C91DC3A4}</p><p>2013-05-08 20:43 - 2013-05-08 20:43 - 00046080 ____A C:\Users\Owner\Documents\Copy of wade golf hcap may 2013.xls</p><p>2013-04-29 12:37 - 2013-05-09 12:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{FCE94C1F-8C9F-484E-8F76-EBCBB5B457EB}</p><p>2013-04-25 12:35 - 2013-04-25 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Tific</p><p>2013-04-25 12:34 - 2013-04-29 00:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE1E70FF-5E15-493F-A267-F0E7006F3DFA}</p><p>2013-04-24 02:08 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p>2013-04-23 09:36 - 2013-04-23 09:36 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-20 13:06 - 2013-05-20 13:06 - 00000000 ____D C:\FRST</p><p>2013-05-20 12:03 - 2010-03-14 11:13 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-05-20 12:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-20 12:03 - 2009-07-13 20:51 - 00116603 ____A C:\Windows\setupact.log</p><p>2013-05-20 10:48 - 2010-03-26 14:13 - 00045056 ____A C:\Windows\System32\acovcnt.exe</p><p>2013-05-20 10:48 - 2009-12-17 17:52 - 01852264 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-20 10:47 - 2010-03-14 11:13 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-05-19 18:06 - 2012-08-06 08:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-18 16:36 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-18 16:36 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-18 16:32 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-18 15:04 - 2009-12-17 18:14 - 00002190 ____A C:\Windows\System32\AutoRunFilter.ini</p><p>2013-05-18 15:02 - 2009-12-17 18:09 - 01044628 ____A C:\Windows\PFRO.log</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 01096080 ____A C:\ProgramData\2433f433</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 01096036 ____A C:\Users\Owner\AppData\Roaming\2433f433</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 01096018 ____A C:\Users\Owner\AppData\Local\2433f433</p><p>2013-05-18 14:55 - 2013-05-18 14:55 - 00027136 ____A C:\Users\Owner\Documents\259c64b6.exe</p><p>2013-05-18 14:52 - 2011-09-06 22:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype</p><p>2013-05-18 14:46 - 2010-11-03 21:10 - 00000000 ____D C:\Users\Owner\Documents\SafeHarbor</p><p>2013-05-17 13:48 - 2013-05-17 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAF31FA2-8AD8-4B3A-9468-9345B2730063}</p><p>2013-05-17 01:48 - 2013-05-17 01:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3E68DC7-F9DE-4AC1-94DA-5AF12DCA1B07}</p><p>2013-05-16 13:53 - 2010-12-28 12:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live</p><p>2013-05-16 13:48 - 2013-05-16 13:47 - 00000000 ____D C:\Users\Owner\AppData\Local\{2A382BCA-7B38-4E33-8A4D-8A0AC8ED008D}</p><p>2013-05-16 06:33 - 2010-07-07 17:59 - 00000000 ___RD C:\Users\Owner\Documents\My Dropbox</p><p>2013-05-16 06:33 - 2010-07-07 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox</p><p>2013-05-16 06:33 - 2010-04-16 19:58 - 00000000 ____D C:\Users\Owner\Tracing</p><p>2013-05-16 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache</p><p>2013-05-16 02:42 - 2009-07-13 20:45 - 00351720 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-05-16 02:20 - 2009-12-17 17:49 - 00000000 ____D C:\ProgramData\Microsoft Help</p><p>2013-05-16 02:12 - 2010-03-03 09:05 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-05-16 00:48 - 2013-05-10 00:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{FDDE7A0E-32BA-4968-A62D-5C91C91DC3A4}</p><p>2013-05-14 10:05 - 2012-08-06 08:47 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-05-14 10:05 - 2011-08-14 21:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-05-09 12:44 - 2013-04-29 12:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{FCE94C1F-8C9F-484E-8F76-EBCBB5B457EB}</p><p>2013-05-08 20:43 - 2013-05-08 20:43 - 00046080 ____A C:\Users\Owner\Documents\Copy of wade golf hcap may 2013.xls</p><p>2013-04-29 00:37 - 2013-04-25 12:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE1E70FF-5E15-493F-A267-F0E7006F3DFA}</p><p>2013-04-25 12:35 - 2013-04-25 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Tific</p><p>2013-04-25 12:35 - 2010-03-10 02:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Symantec</p><p>2013-04-24 21:24 - 2013-04-16 09:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{5E9AF335-7F2A-4965-83E2-AF3BB142D68A}</p><p>2013-04-23 09:36 - 2013-04-23 09:36 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk</p><p>2013-04-23 09:35 - 2013-04-16 09:34 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-21-4008674046-2340072865-576989462-1000\$1730a923dc455de520baeecb8e25b4b7</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-18\$1730a923dc455de520baeecb8e25b4b7</p><p></p><p>Other Malware:</p><p>===========</p><p>C:\Users\Owner\g2mdlhlpx.exe</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-04-23 16:23:15</p><p>Restore point made on: 2013-04-25 02:00:50</p><p>Restore point made on: 2013-05-03 20:28:29</p><p>Restore point made on: 2013-05-10 23:00:36</p><p>Restore point made on: 2013-05-16 02:01:15</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 14%</p><p>Total physical RAM: 4061.09 MB</p><p>Available physical RAM: 3478.1 MB</p><p>Total Pagefile: 4059.23 MB</p><p>Available Pagefile: 3470.11 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.87 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:280.08 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]</p><p>Drive e: (USB DISK) (Removable) (Total:3.82 GB) (Free:3.81 GB) FAT32 (Disk=1 Partition=1)</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 76692CA8)</p><p>Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)</p><p>Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 4 GB) (Disk ID: 00000000)</p><p>Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)</p><p></p><p></p><p>Last Boot: 2013-05-13 23:38</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="pfeifwa, post: 121548, member: 8398"] here is the scan Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013 Ran by SYSTEM on 20-05-2013 13:06:19 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.) HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.) HKLM\...\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [314880 2009-09-16] (PixArt Imaging Incorporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$1730a923dc455de520baeecb8e25b4b7\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-07-12] () HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6937216 2009-10-09] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS) HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244608 2009-09-11] (VIA) HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [246504 2010-01-11] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Owner\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-06-03] (Citrix Online, a division of Citrix Systems, Inc.) HKU\Owner\...\Run: [MediaGet2] C:\Users\Owner\AppData\Local\MediaGet2\mediaget.exe --minimized [10847976 2013-02-17] (MediaGet LLC) HKU\Owner\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKU\Owner\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKU\Owner\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Owner\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\Owner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Owner\Documents\259c64b6.exe [27136 2013-05-18] () HKU\Owner\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96824 2009-07-21] (ASUS) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation) S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [692736 2009-10-28] (PixArt Imaging Incorporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130517.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation) S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130520.003\ENG64.SYS [126192 2013-01-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130520.003\EX64.SYS [2087664 2013-01-16] (Symantec Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-03] (Symantec Corporation) S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [x] S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [x] S0 SymDS; system32\drivers\N360x64\0502020.003\SYMDS64.SYS [x] S0 SymEFA; system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [x] S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0502020.003\Ironx64.SYS [x] S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [x] S3 tmlwf; S3 tmwfp; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-20 13:06 - 2013-05-20 13:06 - 00000000 ____D C:\FRST 2013-05-18 14:55 - 2013-05-18 14:55 - 01096080 ____A C:\ProgramData\2433f433 2013-05-18 14:55 - 2013-05-18 14:55 - 01096036 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-05-18 14:55 - 2013-05-18 14:55 - 01096018 ____A C:\Users\Owner\AppData\Local\2433f433 2013-05-18 14:55 - 2013-05-18 14:55 - 00027136 ____A C:\Users\Owner\Documents\259c64b6.exe 2013-05-17 13:48 - 2013-05-17 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAF31FA2-8AD8-4B3A-9468-9345B2730063} 2013-05-17 01:48 - 2013-05-17 01:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3E68DC7-F9DE-4AC1-94DA-5AF12DCA1B07} 2013-05-16 13:47 - 2013-05-16 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{2A382BCA-7B38-4E33-8A4D-8A0AC8ED008D} 2013-05-16 02:02 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 02:02 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 02:02 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 02:02 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 02:02 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 02:02 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 02:02 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 02:02 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 02:02 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 02:02 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-16 02:02 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-16 02:02 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-16 02:01 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 02:01 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 13:42 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 13:42 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 13:42 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-15 13:41 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 13:41 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 13:41 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 13:41 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 13:41 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 13:41 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 13:41 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 13:41 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 13:41 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 13:41 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 13:41 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-10 00:44 - 2013-05-16 00:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{FDDE7A0E-32BA-4968-A62D-5C91C91DC3A4} 2013-05-08 20:43 - 2013-05-08 20:43 - 00046080 ____A C:\Users\Owner\Documents\Copy of wade golf hcap may 2013.xls 2013-04-29 12:37 - 2013-05-09 12:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{FCE94C1F-8C9F-484E-8F76-EBCBB5B457EB} 2013-04-25 12:35 - 2013-04-25 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Tific 2013-04-25 12:34 - 2013-04-29 00:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE1E70FF-5E15-493F-A267-F0E7006F3DFA} 2013-04-24 02:08 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-23 09:36 - 2013-04-23 09:36 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk ==================== One Month Modified Files and Folders ======= 2013-05-20 13:06 - 2013-05-20 13:06 - 00000000 ____D C:\FRST 2013-05-20 12:03 - 2010-03-14 11:13 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-20 12:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-20 12:03 - 2009-07-13 20:51 - 00116603 ____A C:\Windows\setupact.log 2013-05-20 10:48 - 2010-03-26 14:13 - 00045056 ____A C:\Windows\System32\acovcnt.exe 2013-05-20 10:48 - 2009-12-17 17:52 - 01852264 ____A C:\Windows\WindowsUpdate.log 2013-05-20 10:47 - 2010-03-14 11:13 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-19 18:06 - 2012-08-06 08:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-18 16:36 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-18 16:36 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-18 16:32 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-18 15:04 - 2009-12-17 18:14 - 00002190 ____A C:\Windows\System32\AutoRunFilter.ini 2013-05-18 15:02 - 2009-12-17 18:09 - 01044628 ____A C:\Windows\PFRO.log 2013-05-18 14:55 - 2013-05-18 14:55 - 01096080 ____A C:\ProgramData\2433f433 2013-05-18 14:55 - 2013-05-18 14:55 - 01096036 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-05-18 14:55 - 2013-05-18 14:55 - 01096018 ____A C:\Users\Owner\AppData\Local\2433f433 2013-05-18 14:55 - 2013-05-18 14:55 - 00027136 ____A C:\Users\Owner\Documents\259c64b6.exe 2013-05-18 14:52 - 2011-09-06 22:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype 2013-05-18 14:46 - 2010-11-03 21:10 - 00000000 ____D C:\Users\Owner\Documents\SafeHarbor 2013-05-17 13:48 - 2013-05-17 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{FAF31FA2-8AD8-4B3A-9468-9345B2730063} 2013-05-17 01:48 - 2013-05-17 01:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3E68DC7-F9DE-4AC1-94DA-5AF12DCA1B07} 2013-05-16 13:53 - 2010-12-28 12:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live 2013-05-16 13:48 - 2013-05-16 13:47 - 00000000 ____D C:\Users\Owner\AppData\Local\{2A382BCA-7B38-4E33-8A4D-8A0AC8ED008D} 2013-05-16 06:33 - 2010-07-07 17:59 - 00000000 ___RD C:\Users\Owner\Documents\My Dropbox 2013-05-16 06:33 - 2010-07-07 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox 2013-05-16 06:33 - 2010-04-16 19:58 - 00000000 ____D C:\Users\Owner\Tracing 2013-05-16 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-16 02:42 - 2009-07-13 20:45 - 00351720 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 02:20 - 2009-12-17 17:49 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-16 02:12 - 2010-03-03 09:05 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-16 00:48 - 2013-05-10 00:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{FDDE7A0E-32BA-4968-A62D-5C91C91DC3A4} 2013-05-14 10:05 - 2012-08-06 08:47 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-14 10:05 - 2011-08-14 21:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-09 12:44 - 2013-04-29 12:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{FCE94C1F-8C9F-484E-8F76-EBCBB5B457EB} 2013-05-08 20:43 - 2013-05-08 20:43 - 00046080 ____A C:\Users\Owner\Documents\Copy of wade golf hcap may 2013.xls 2013-04-29 00:37 - 2013-04-25 12:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE1E70FF-5E15-493F-A267-F0E7006F3DFA} 2013-04-25 12:35 - 2013-04-25 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Tific 2013-04-25 12:35 - 2010-03-10 02:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Symantec 2013-04-24 21:24 - 2013-04-16 09:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{5E9AF335-7F2A-4965-83E2-AF3BB142D68A} 2013-04-23 09:36 - 2013-04-23 09:36 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-04-23 09:35 - 2013-04-16 09:34 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan ZeroAccess: C:\$Recycle.Bin\S-1-5-21-4008674046-2340072865-576989462-1000\$1730a923dc455de520baeecb8e25b4b7 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$1730a923dc455de520baeecb8e25b4b7 Other Malware: =========== C:\Users\Owner\g2mdlhlpx.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-23 16:23:15 Restore point made on: 2013-04-25 02:00:50 Restore point made on: 2013-05-03 20:28:29 Restore point made on: 2013-05-10 23:00:36 Restore point made on: 2013-05-16 02:01:15 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 4061.09 MB Available physical RAM: 3478.1 MB Total Pagefile: 4059.23 MB Available Pagefile: 3470.11 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:280.08 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive e: (USB DISK) (Removable) (Total:3.82 GB) (Free:3.81 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 76692CA8) Partition 1: (Not Active) - (Size=15 GB) - (Type=1C) Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) Last Boot: 2013-05-13 23:38 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top