Jump to content

cj27

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Charlie, it worked perfectly. Thank you so much. Attached are the logs. mbar-log-2013-06-25 (21-07-34).txt mbar-log-2013-06-25 (21-58-49).txt system-log.txt
  2. Great, thanks! Once I get home from work I'll test it out.
  3. Hi Charlie, Here is the text you requested. As I stated earlier, it's the FBI MoneyPak virus. Thank you for your help. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01Ran by SYSTEM on 24-06-2013 22:44:40Running from F:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] [x]HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-06] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-06-29] (TOSHIBA Corporation)HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1504608 2010-04-23] (TOSHIBA Corporation)HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [DLBTCATS] rundll32 C:\windows\system32\spool\DRIVERS\x64\3\DLBTtime.dll,RunDLLEntry [28672 2007-02-12] ()HKLM\...\Run: [dlbtmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 922\dlbtmon.exe" [431600 2007-02-28] (Lexmark International, Inc.)HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)HKLM\...\Winlogon: [shell] [x ] () <=== ATTENTIONHKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)HKU\Chris\...\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-06] (Google Inc.)HKU\Chris\...\Run: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\Chris\...\Policies\system: [DisableChangePassword] 0HKU\Chris\...\Policies\system: [DisableLockWorkstation] 0HKU\Chris\...\Winlogon: [shell] explorer.exe,C:\Users\Chris\AppData\Roaming\skype.dat [81408 2011-11-16] () <==== ATTENTION HKU\Chris\...\Command Processor: "C:\Users\Chris\AppData\Local\aezzmpqgpiy.exe" <===== ATTENTION!BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart ==================== Services (Whitelisted) ================= S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-15] (ArcSoft Inc.)S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)S2 dlbt_device; C:\windows\system32\dlbtcoms.exe [567280 2007-02-28] ( )S2 hasplms; C:\windows\system32\hasplms.exe [4889032 2011-12-30] (SafeNet Inc.)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()S3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe [5094200 2012-03-26] (Moonware Studios) ==================== Drivers (Whitelisted) ==================== S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)S3 camdrv42; C:\Windows\System32\DRIVERS\camdrv42.sys [1533952 2007-04-23] ()S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-19] (DT Soft Ltd)S2 hardlock; C:\windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)S3 Sockblkd; C:\Program Files\Extegrity\Exam4\Sockblkd.sys [6784 2011-09-27] (DataWizard Technologies, Inc.)S3 Sockblkd; C:\Program Files\Extegrity\Exam4\Sockblkd.sys [6784 2011-09-27] (DataWizard Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-24 22:44 - 2013-06-24 22:44 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======= 2013-06-24 22:44 - 2013-06-24 22:44 - 00000000 ____D C:\FRST2013-06-24 22:07 - 2012-04-10 20:40 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc2013-06-24 22:07 - 2012-04-07 10:25 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent2013-06-24 22:07 - 2012-04-07 00:09 - 00000000 ____D C:\Windows\System32\Drivers\AVG2013-06-24 22:07 - 2012-04-06 16:01 - 00000000 ____D C:\users\Chris2013-06-24 22:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat2013-06-24 22:06 - 2012-08-20 19:27 - 00000000 ____D C:\Program Files\Dl_cats2013-06-24 22:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-06-24 22:05 - 2012-04-24 14:10 - 00000000 ____D C:\Windows\System32\Macromed2013-06-24 22:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing Files to move or delete:====================C:\ProgramData\lsass.exeC:\Users\Chris\AppData\Roaming\skype.datC:\Users\Chris\AppData\Roaming\skype.iniC:\ProgramData\23lldnur.padC:\ProgramData\dsgsdgdsgdsgw.pad ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-04 21:05:48Restore point made on: 2012-12-11 23:39:41Restore point made on: 2012-12-16 23:30:35 ==================== Memory info =========================== Percentage of memory in use: 15%Total physical RAM: 3824.43 MBAvailable physical RAM: 3242.43 MBTotal Pagefile: 3822.57 MBAvailable Pagefile: 3220.99 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (TI105967W0B) (Fixed) (Total:454.39 GB) (Free:61.06 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]Drive f: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT (Disk=1 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 3400B8E8)Partition 1: (Active) - (Size=1 GB) - (Type=27)Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ========================================================Disk: 1 (Size: 966 MB) (Disk ID: B422EBC8)Partition 1: (Not Active) - (Size=966 MB) - (Type=06) LastRegBack: 2012-12-05 20:19 ==================== End Of Log ============================FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.