FBI MoneyPack Virus, Rootkit in addition possibly?

View previous topic View next topic Go down

FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 29 Aug 2012, 5:05 am

I would like to begin my apologizing for my poor malware-removal practices at the beginning, I have now read the new user guides and have begun following the proper procedure

So I absent-mindedly gave security clearance to some sort of "adobe" download without really looking at it. Looking back when I tried to close it it kept popping back up so the clear fishyness didn't register with me. So then the FBI Moneypak screen started locking my computer shortly after that download. I eventual booted in safemode and removed quicktime from my startup programs in the registry and that stopped the FBI thing from popping up. I then sort of ignored it. Then later I ran a scan with Malwarebytes and it quarantined a Rootkit.0access or something like that name.
Then later I started getting spam tabs opening in my firefox settings. After reading around I got TDSSKiller and it removed something with a name like Win32... The problem with tabs has since stopped.(Once again I apologize for the lack of standardization of the beginning of this process). Now I ran a full scan with MalwareBytes and was horrified to see 12 problem files. I don't have any symptoms currently but these 12 files are really scaring me.
Here are my OTL Logs





cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 29 Aug 2012, 5:06 am

OTL logfile created on: 8/28/2012 1:23:55 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Cam\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 46.22% Memory free
5.99 Gb Paging File | 4.38 Gb Available in Paging File | 73.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 77.69 Gb Free Space | 33.38% Space Free | Partition Type: NTFS

Computer Name: CAM-PC | User Name: Cam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 13:23:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Desktop\OTL.com
PRC - [2012/08/28 00:25:19 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cam\AppData\Local\Temp\4A37C304-B5C9-4116-8742-BECFD0035C28.exe
PRC - [2012/08/15 20:13:54 | 007,316,480 | ---- | M] (Google Inc.) -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/08/15 17:31:35 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/24 22:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/11 13:44:34 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/11 13:43:43 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/18 01:39:08 | 000,394,616 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/04/02 12:17:40 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/13 12:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/08/18 05:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 21:14:39 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/15 20:02:40 | 000,344,064 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/08/15 20:02:30 | 000,231,936 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/08/15 20:01:44 | 000,231,936 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/08/15 20:01:38 | 000,117,248 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/08/15 19:37:40 | 000,026,624 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2012/08/15 19:37:24 | 010,683,392 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2012/08/15 19:37:22 | 007,741,952 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2012/08/15 19:37:22 | 001,681,408 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2012/08/15 19:37:20 | 002,248,192 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/08/15 17:31:34 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/19 11:53:51 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/16 07:26:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/16 07:25:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/09 03:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/09 03:36:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/09 03:36:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/27 14:37:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/15 17:31:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 11:53:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 13:44:34 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/11 13:43:43 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/15 10:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/06/06 12:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/11/03 22:37:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012/08/28 00:42:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/11 13:43:46 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/04/02 12:17:40 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/16 18:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 18:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/08/18 06:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/08/03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 0E 6A FC 60 25 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.12
FF - prefs.js..keyword.URL: "http://search.toolbars.alexa.com/?ver=alxf-2.01&src=ab&aid=Eo8%2Fc1oQ3%2B00Wl&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cam\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cam\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\Users\Cam\AppData\Local\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 11:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/09 00:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2011/02/13 23:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2011/04/05 10:30:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 11:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/09 00:45:11 | 000,000,000 | ---D | M]

[2010/10/31 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions
[2012/08/27 14:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions
[2011/04/23 02:39:41 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions\cacaoweb@cacaoweb.org
[2010/11/02 01:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions\nostmp
[2011/10/24 13:16:53 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions\video.downloader.plugin@ffpimp.com
[2010/12/06 02:44:38 | 000,001,542 | ---- | M] () -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\searchplugins\web-search-powered-by-google.xml
[2012/06/09 01:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/19 18:35:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/08/04 01:36:26 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/08/27 14:37:56 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/21 19:42:29 | 000,107,019 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\MORNINGCOFFEE@SHANELIESEGANG.XPI
[2011/07/28 11:22:14 | 000,072,011 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\TOOLBAR@GOODGUIDE.COM.XPI
[2012/07/19 11:53:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012/06/18 23:28:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 23:28:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "\mbamgui.exe" /starttray File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.71.227 151.202.0.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E931CF6-01D6-42F1-BE52-016F44248F9D}: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B173C4D-E701-473C-8CF5-7B347488E6C5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7585459-E664-42D4-BB80-7ABEC9C535DD}: DhcpNameServer = 68.87.71.230 68.87.71.227 151.202.0.85
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - StartUpFolder: C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: GoogleChrome - hkey= - key= - C:\Users\Cam\AppData\Local\Temp\adfm32.exe ()
MsConfig - State: "startup" - 2

SafeBootMin: 74079812.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 29 Aug 2012, 5:07 am


NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 13:23:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Cam\Desktop\OTL.com
[2012/08/28 00:26:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 00:25:13 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cam\Desktop\tdsskiller.exe
[2012/08/21 16:58:07 | 000,000,000 | R--D | C] -- C:\Users\Cam\Dropbox
[2012/08/21 16:56:39 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/21 16:55:46 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Dropbox
[2012/08/19 10:29:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/19 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Malwarebytes
[2012/08/19 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/19 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/19 10:29:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/19 10:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/19 02:25:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/19 01:34:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/15 13:07:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 13:07:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 13:07:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/15 13:07:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 13:07:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/15 13:07:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 13:07:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 19:18:53 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 19:18:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/28 13:23:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Desktop\OTL.com
[2012/08/28 13:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/28 13:22:06 | 000,618,227 | ---- | M] () -- C:\Users\Cam\Desktop\adwcleaner.exe
[2012/08/28 13:19:01 | 000,213,788 | ---- | M] () -- C:\Users\Cam\Desktop\Capture.PNG
[2012/08/28 12:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
[2012/08/28 12:52:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
[2012/08/28 12:48:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/28 12:29:59 | 000,010,320 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 12:29:59 | 000,010,320 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 00:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
[2012/08/28 00:48:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 00:42:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/28 00:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 00:27:34 | 2414,374,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 00:25:19 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cam\Desktop\tdsskiller.exe
[2012/08/27 22:58:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
[2012/08/21 16:58:07 | 000,001,035 | ---- | M] () -- C:\Users\Cam\Desktop\Dropbox.lnk
[2012/08/21 16:57:03 | 000,001,045 | ---- | M] () -- C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/19 10:29:38 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 20:19:25 | 000,298,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/15 17:31:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 17:31:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/09 20:53:29 | 000,883,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/09 20:53:29 | 000,200,254 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/29 21:07:36 | 000,203,918 | ---- | M] () -- C:\Users\Cam\Desktop\cameron_j._lunt_transcript.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/28 13:22:04 | 000,618,227 | ---- | C] () -- C:\Users\Cam\Desktop\adwcleaner.exe
[2012/08/28 13:19:01 | 000,213,788 | ---- | C] () -- C:\Users\Cam\Desktop\Capture.PNG
[2012/08/28 00:42:41 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U\80000032.@
[2012/08/21 16:58:07 | 000,001,035 | ---- | C] () -- C:\Users\Cam\Desktop\Dropbox.lnk
[2012/08/21 16:57:03 | 000,001,045 | ---- | C] () -- C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/19 10:29:38 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/19 01:28:56 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\00000004.@
[2012/07/29 21:07:25 | 000,203,918 | ---- | C] () -- C:\Users\Cam\Desktop\cameron_j._lunt_transcript.pdf
[2012/06/26 18:00:56 | 000,000,741 | ---- | C] () -- C:\Users\Cam\.recently-used.xbel
[2012/06/21 02:04:07 | 000,000,091 | ---- | C] () -- C:\Users\Cam\AppData\Local\fusioncache.dat
[2011/07/07 22:25:39 | 000,001,142 | ---- | C] () -- C:\Users\Cam\.drjava
[2011/06/17 20:51:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/07 23:03:34 | 000,000,087 | ---- | C] () -- C:\Users\Cam\mm.cfg
[2011/05/18 21:55:12 | 013,225,023 | ---- | C] () -- C:\Users\Cam\New document 2.2011_05_18_21_55_12.0.svg
[2011/04/18 00:03:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/22 21:39:34 | 000,000,145 | ---- | C] () -- C:\Users\Cam\.appletviewer
[2010/10/31 17:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/02 00:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
[2012/06/02 00:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/06/02 00:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/08/28 00:42:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2010/10/31 22:54:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/02/04 19:02:17 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2011/02/24 22:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2011/02/13 23:35:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/12/07 21:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\BabasChess
[2011/06/01 23:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/06/10 01:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/10/29 23:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Futuremark
[2012/06/09 01:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/02/19 19:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Inkscape
[2011/10/29 23:54:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/08/16 20:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/22 14:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Explorer
[2011/06/01 23:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/06/01 23:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/07/12 21:29:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/31 18:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/12/29 03:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company
[2012/07/11 13:44:53 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2012/08/19 10:29:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/27 20:34:03 | 000,000,000 | ---D | M] -- C:\Program Files\ManyCam
[2009/07/14 03:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/08 21:49:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/06/09 03:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/01/26 22:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
[2010/11/02 21:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/07/19 11:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/11/30 18:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6
[2012/07/20 00:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/06/08 21:48:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/10/31 18:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2012/06/09 01:20:57 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/09/04 14:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Programmer's Notepad
[2011/10/30 16:13:38 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2011/02/13 23:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/10/19 18:35:01 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/06/09 01:05:07 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2012/06/10 02:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft II
[2012/08/28 00:41:50 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/10/31 23:40:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/01/02 19:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2012/06/18 01:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2012/06/09 00:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2011/10/19 14:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/06/09 03:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/08/13 16:45:06 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2012/06/09 00:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 04:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 22:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 23:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\System32\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010/11/20 08:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
[2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011/03/03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011/03/03 01:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009/07/13 21:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011/03/03 01:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Users\Cam\AppData\Local\Temp\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES.EXE >
[2012/08/28 00:27:31 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 00:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 01:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 12:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/25 00:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 08:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 12:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/29 11:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 12:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 02:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 00:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 05:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011/06/21 01:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 02:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 02:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 01:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 02:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012/03/30 06:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Cam\Documents\RegistrationForm.tiff:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 1122 bytes -> C:\Users\Cam\AppData\Local\Temp:f09x59cpY0eDTjco8kajO

< End of report >

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 29 Aug 2012, 5:08 am

"Extras"
OTL logfile created on: 8/28/2012 1:23:55 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Cam\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 46.22% Memory free
5.99 Gb Paging File | 4.38 Gb Available in Paging File | 73.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 77.69 Gb Free Space | 33.38% Space Free | Partition Type: NTFS

Computer Name: CAM-PC | User Name: Cam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 13:23:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Desktop\OTL.com
PRC - [2012/08/28 00:25:19 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cam\AppData\Local\Temp\4A37C304-B5C9-4116-8742-BECFD0035C28.exe
PRC - [2012/08/15 20:13:54 | 007,316,480 | ---- | M] (Google Inc.) -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/08/15 17:31:35 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/24 22:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/11 13:44:34 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/11 13:43:43 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/18 01:39:08 | 000,394,616 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/04/02 12:17:40 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/13 12:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/08/18 05:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 21:14:39 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/15 20:02:40 | 000,344,064 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/08/15 20:02:30 | 000,231,936 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/08/15 20:01:44 | 000,231,936 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/08/15 20:01:38 | 000,117,248 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/08/15 19:37:40 | 000,026,624 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2012/08/15 19:37:24 | 010,683,392 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2012/08/15 19:37:22 | 007,741,952 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2012/08/15 19:37:22 | 001,681,408 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2012/08/15 19:37:20 | 002,248,192 | ---- | M] () -- C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/08/15 17:31:34 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/19 11:53:51 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/16 07:26:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/16 07:25:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/09 03:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/09 03:36:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/09 03:36:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/27 14:37:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/15 17:31:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 11:53:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 13:44:34 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/11 13:43:43 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/15 10:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/06/06 12:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/11/03 22:37:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012/08/28 00:42:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/11 13:43:46 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/04/02 12:17:40 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/16 18:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 18:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/08/18 06:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/08/03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 0E 6A FC 60 25 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.12
FF - prefs.js..keyword.URL: "http://search.toolbars.alexa.com/?ver=alxf-2.01&src=ab&aid=Eo8%2Fc1oQ3%2B00Wl&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cam\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cam\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\Users\Cam\AppData\Local\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 11:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/09 00:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2011/02/13 23:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2011/04/05 10:30:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 11:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/09 00:45:11 | 000,000,000 | ---D | M]

[2010/10/31 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions
[2012/08/27 14:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions
[2011/04/23 02:39:41 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions\cacaoweb@cacaoweb.org
[2010/11/02 01:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions\nostmp
[2011/10/24 13:16:53 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions\video.downloader.plugin@ffpimp.com
[2010/12/06 02:44:38 | 000,001,542 | ---- | M] () -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\searchplugins\web-search-powered-by-google.xml
[2012/06/09 01:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/19 18:35:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/08/04 01:36:26 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/08/27 14:37:56 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/21 19:42:29 | 000,107,019 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\MORNINGCOFFEE@SHANELIESEGANG.XPI
[2011/07/28 11:22:14 | 000,072,011 | ---- | M] () (No name found) -- C:\USERS\CAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5KHRZHG.DEFAULT\EXTENSIONS\TOOLBAR@GOODGUIDE.COM.XPI
[2012/07/19 11:53:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012/06/18 23:28:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 23:28:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "\mbamgui.exe" /starttray File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.71.227 151.202.0.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E931CF6-01D6-42F1-BE52-016F44248F9D}: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B173C4D-E701-473C-8CF5-7B347488E6C5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7585459-E664-42D4-BB80-7ABEC9C535DD}: DhcpNameServer = 68.87.71.230 68.87.71.227 151.202.0.85
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - StartUpFolder: C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: GoogleChrome - hkey= - key= - C:\Users\Cam\AppData\Local\Temp\adfm32.exe ()
MsConfig - State: "startup" - 2

SafeBootMin: 74079812.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 13:23:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Cam\Desktop\OTL.com
[2012/08/28 00:26:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 00:25:13 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cam\Desktop\tdsskiller.exe
[2012/08/21 16:58:07 | 000,000,000 | R--D | C] -- C:\Users\Cam\Dropbox
[2012/08/21 16:56:39 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/21 16:55:46 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Dropbox
[2012/08/19 10:29:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/19 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Malwarebytes
[2012/08/19 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/19 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/19 10:29:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/19 10:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/19 02:25:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/19 01:34:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/15 13:07:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 13:07:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 13:07:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/15 13:07:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 13:07:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/15 13:07:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 13:07:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 19:18:53 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 19:18:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/28 13:23:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Desktop\OTL.com
[2012/08/28 13:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/28 13:22:06 | 000,618,227 | ---- | M] () -- C:\Users\Cam\Desktop\adwcleaner.exe
[2012/08/28 13:19:01 | 000,213,788 | ---- | M] () -- C:\Users\Cam\Desktop\Capture.PNG
[2012/08/28 12:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
[2012/08/28 12:52:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
[2012/08/28 12:48:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/28 12:29:59 | 000,010,320 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 12:29:59 | 000,010,320 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 00:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
[2012/08/28 00:48:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 00:42:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/28 00:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 00:27:34 | 2414,374,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 00:25:19 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cam\Desktop\tdsskiller.exe
[2012/08/27 22:58:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
[2012/08/21 16:58:07 | 000,001,035 | ---- | M] () -- C:\Users\Cam\Desktop\Dropbox.lnk
[2012/08/21 16:57:03 | 000,001,045 | ---- | M] () -- C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/19 10:29:38 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 20:19:25 | 000,298,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/15 17:31:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 17:31:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/09 20:53:29 | 000,883,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/09 20:53:29 | 000,200,254 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/29 21:07:36 | 000,203,918 | ---- | M] () -- C:\Users\Cam\Desktop\cameron_j._lunt_transcript.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 29 Aug 2012, 5:09 am

========== Files Created - No Company Name ==========

[2012/08/28 13:22:04 | 000,618,227 | ---- | C] () -- C:\Users\Cam\Desktop\adwcleaner.exe
[2012/08/28 13:19:01 | 000,213,788 | ---- | C] () -- C:\Users\Cam\Desktop\Capture.PNG
[2012/08/28 00:42:41 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U\80000032.@
[2012/08/21 16:58:07 | 000,001,035 | ---- | C] () -- C:\Users\Cam\Desktop\Dropbox.lnk
[2012/08/21 16:57:03 | 000,001,045 | ---- | C] () -- C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/19 10:29:38 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/19 01:28:56 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\00000004.@
[2012/07/29 21:07:25 | 000,203,918 | ---- | C] () -- C:\Users\Cam\Desktop\cameron_j._lunt_transcript.pdf
[2012/06/26 18:00:56 | 000,000,741 | ---- | C] () -- C:\Users\Cam\.recently-used.xbel
[2012/06/21 02:04:07 | 000,000,091 | ---- | C] () -- C:\Users\Cam\AppData\Local\fusioncache.dat
[2011/07/07 22:25:39 | 000,001,142 | ---- | C] () -- C:\Users\Cam\.drjava
[2011/06/17 20:51:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/07 23:03:34 | 000,000,087 | ---- | C] () -- C:\Users\Cam\mm.cfg
[2011/05/18 21:55:12 | 013,225,023 | ---- | C] () -- C:\Users\Cam\New document 2.2011_05_18_21_55_12.0.svg
[2011/04/18 00:03:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/22 21:39:34 | 000,000,145 | ---- | C] () -- C:\Users\Cam\.appletviewer
[2010/10/31 17:56:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 11:53:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 11:53:51 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/09 03:07:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/02 00:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys
[2012/06/02 00:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/06/02 00:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/08/28 00:42:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2010/10/31 22:54:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/02/04 19:02:17 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2011/02/24 22:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2011/02/13 23:35:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/12/07 21:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\BabasChess
[2011/06/01 23:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/06/10 01:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/10/29 23:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Futuremark
[2012/06/09 01:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/02/19 19:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Inkscape
[2011/10/29 23:54:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/08/16 20:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/22 14:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Explorer
[2011/06/01 23:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/06/01 23:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/07/12 21:29:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/31 18:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/12/29 03:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company
[2012/07/11 13:44:53 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2012/08/19 10:29:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/27 20:34:03 | 000,000,000 | ---D | M] -- C:\Program Files\ManyCam
[2009/07/14 03:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/06/08 21:49:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/06/09 03:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/01/26 22:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
[2010/11/02 21:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/07/19 11:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/11/30 18:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6
[2012/07/20 00:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/06/08 21:48:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/10/31 18:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2012/06/09 01:20:57 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/09/04 14:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Programmer's Notepad
[2011/10/30 16:13:38 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2011/02/13 23:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/10/19 18:35:01 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/06/09 01:05:07 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2012/06/10 02:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft II
[2012/08/28 00:41:50 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/10/31 23:40:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/01/02 19:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2012/06/18 01:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2012/06/09 00:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2011/10/19 14:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/06/09 03:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/10/19 14:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/08/13 16:45:06 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2012/06/09 00:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 04:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 22:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 23:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\System32\cryptsvc.dll
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010/11/20 08:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
[2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011/03/03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011/03/03 01:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009/07/13 21:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011/03/03 01:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Users\Cam\AppData\Local\Temp\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES.EXE >
[2012/08/28 00:27:31 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 00:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 01:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 12:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/25 00:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 08:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 12:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/29 11:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 12:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 02:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 00:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 05:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011/06/21 01:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 02:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 02:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 01:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 02:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012/03/30 06:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Cam\Documents\RegistrationForm.tiff:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 1122 bytes -> C:\Users\Cam\AppData\Local\Temp:f09x59cpY0eDTjco8kajO

< End of report >

AdwCleaner*******************************************************

# AdwCleaner v1.801 - Logfile created 08/28/2012 at 13:57:04
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Cam - CAM-PC
# Boot Mode : Normal
# Running from : C:\Users\Cam\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Cam\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\extensions\cacaoweb@cacaoweb.org
Folder Found : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****


***** [Registre - GUID] *****

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\prefs.js

Found : user_pref("extensions.alexa.toolbarXMLText", "\n\[...]

*************************

AdwCleaner[R1].txt - [1180 octets] - [28/08/2012 13:57:04]

########## EOF - C:\AdwCleaner[R1].txt - [1308 octets] ##########



cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Wed 29 Aug 2012, 10:21 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Download Farbar Recovery Scan Tool and save it to a flash drive.

Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 29 Aug 2012, 3:43 pm

Do i need to use a different computer to save that thing to my flashdrive?

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Thu 30 Aug 2012, 9:55 am

Do i need to use a different computer to save that thing to my flashdrive?
As stated, "FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply."
You can't find it on yur flash drive?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Sun 02 Sep 2012, 1:20 pm

Sorry much for the delay

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 29-08-2012 04
Ran by SYSTEM at 01-09-2012 22:13:54
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-04-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2012-04-02] (LogMeIn, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "\mbamgui.exe" /starttray [x]
HKU\Cam\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [394616 2012-06-17] (BitTorrent, Inc.)
HKU\Cam\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Cam\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\Cam\...\Run: [Facebook Update] "C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Cam\...\Run: [Google Update] "C:\Users\Cam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-18] (Google Inc.)
HKU\Cam\...\Run: [MusicManager] "C:\Users\Cam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7316480 2012-08-15] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\Users\Cam\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

========================== Services (Whitelisted) ========================

2 ADVService; "C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2010-09-13] (Amazon.com)
3 Futuremark SystemInfo Service; "C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-08-15] (Futuremark Corporation)
2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-07-11] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-07-11] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2012-04-02] (LogMeIn, Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 npggsvc; C:\Windows\system32\GameMon.des -service [4005936 2011-06-06] (INCA Internet Co., Ltd.)

==================== Drivers (Whitelisted) ===================

2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2012-04-02] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2012-04-02] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2012-04-02] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-08-27] (Malwarebytes Corporation)
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
4 LMIRfsClientNP; [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-01 22:13 - 2012-09-01 22:13 - 00000000 ____D C:\FRST
2012-08-30 10:40 - 2012-08-30 10:40 - 00902682 ____A (Farbar) C:\Users\Cam\Desktop\FRST.exe
2012-08-28 09:57 - 2012-08-28 09:57 - 00001309 ____A C:\AdwCleaner[R1].txt
2012-08-28 09:38 - 2012-08-28 09:38 - 00029182 ____A C:\Users\Cam\Desktop\Extras.Txt
2012-08-28 09:37 - 2012-08-28 09:37 - 00150542 ____A C:\Users\Cam\Desktop\OTL.Txt
2012-08-28 09:23 - 2012-08-28 09:23 - 00596480 ____A (OldTimer Tools) C:\Users\Cam\Desktop\OTL.com
2012-08-28 09:22 - 2012-08-28 09:22 - 00618227 ____A C:\Users\Cam\Desktop\adwcleaner.exe
2012-08-27 20:26 - 2012-08-27 20:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-27 20:25 - 2012-08-27 20:25 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Cam\Desktop\tdsskiller.exe
2012-08-21 12:58 - 2012-08-31 16:55 - 00000000 ___RD C:\Users\Cam\Dropbox
2012-08-21 12:58 - 2012-08-21 12:58 - 00001035 ____A C:\Users\Cam\Desktop\Dropbox.lnk
2012-08-21 12:55 - 2012-08-31 16:55 - 00000000 ____D C:\Users\Cam\AppData\Roaming\Dropbox
2012-08-21 12:55 - 2012-08-21 12:55 - 17798272 ____A (Dropbox, Inc.) C:\Users\Cam\Downloads\Dropbox 1.4.12.exe
2012-08-20 17:26 - 2012-08-20 17:29 - 175604409 ____A C:\Users\Cam\Downloads\Futurama.S07E10.HDTV.x264-ASAP.mp4
2012-08-20 17:04 - 2012-08-20 17:23 - 129798183 ____A C:\Users\Cam\Downloads\Futurama.S07E09.HDTV.x264-ASAP.mp4
2012-08-20 17:04 - 2012-08-20 17:20 - 160917319 ____A C:\Users\Cam\Downloads\Futurama.S07E08.Fun.on.a.Bun.HDTV.x264-FQM.mp4
2012-08-20 17:04 - 2012-08-20 17:16 - 103138987 ____A C:\Users\Cam\Downloads\Futurama.S07E07.The.Six.Million.Dollar.Mon.HDTV.x264-FQM.[VTV].mp4
2012-08-20 17:01 - 2012-08-20 17:13 - 173996759 ____A C:\Users\Cam\Downloads\Futurama.S07E06.The.Butterjunk.Effect.HDTV.x264-FQM.mp4
2012-08-20 16:58 - 2012-08-20 17:05 - 123626732 ____A C:\Users\Cam\Downloads\Futurama.S07E05.HDTV.x264-2HD.mp4
2012-08-20 16:58 - 2012-08-20 17:03 - 124210940 ____A C:\Users\Cam\Downloads\Futurama.S07E04.REPACK.HDTV.x264-ASAP.mp4
2012-08-20 16:58 - 2012-08-20 17:03 - 122081638 ____A C:\Users\Cam\Downloads\Futurama.S07E03.HDTV.x264-ASAP.mp4
2012-08-20 16:57 - 2012-08-20 17:04 - 146011488 ____A C:\Users\Cam\Downloads\Futurama.S07E02.HDTV.x264-ASAP.mp4
2012-08-20 16:55 - 2012-08-20 16:58 - 125980440 ____A C:\Users\Cam\Downloads\Futurama.S07E01.HDTV.x264-ASAP.mp4
2012-08-19 06:29 - 2012-08-27 20:42 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-08-19 06:29 - 2012-08-19 06:29 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 06:29 - 2012-08-19 06:29 - 00000000 ____D C:\Users\Cam\AppData\Roaming\Malwarebytes
2012-08-19 06:29 - 2012-08-19 06:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-19 06:29 - 2012-08-19 06:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-19 06:29 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-19 06:28 - 2012-08-19 06:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Cam\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-18 22:25 - 2012-08-18 22:25 - 00000000 ____D C:\Windows\pss
2012-08-18 21:34 - 2012-08-18 21:34 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-15 09:07 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 09:07 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 09:07 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 09:07 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 09:07 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 09:07 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 09:07 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 09:07 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 09:07 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 09:07 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 09:07 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 09:07 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 09:07 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 09:07 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 15:18 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 15:18 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 15:18 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 15:18 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 15:18 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-06 22:17 - 2012-08-06 22:18 - 573405586 ____A C:\Users\Cam\Downloads\True.Blood.S05E09.HDTV.x264-EVOLVE.mp4
2012-08-06 22:15 - 2012-08-06 22:22 - 00000000 ____D C:\Users\Cam\Downloads\True Blood S5.E9 (xCrazy0328x)

============ 3 Months Modified Files ========================

2012-09-01 18:10 - 2010-10-31 14:16 - 00006238 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-01 18:10 - 2009-07-13 20:34 - 00010320 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-01 18:10 - 2009-07-13 20:34 - 00010320 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-01 17:58 - 2012-06-18 11:40 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
2012-09-01 17:52 - 2011-08-19 19:12 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
2012-09-01 17:48 - 2011-05-12 18:25 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-01 17:23 - 2012-06-10 01:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-31 20:52 - 2011-08-19 19:12 - 00000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
2012-08-31 20:48 - 2011-05-12 18:25 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-31 18:58 - 2012-06-18 11:40 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
2012-08-31 16:54 - 2010-10-31 13:57 - 01750150 ____A C:\Windows\WindowsUpdate.log
2012-08-31 16:50 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-31 16:50 - 2009-07-13 20:39 - 00048811 ____A C:\Windows\setupact.log
2012-08-30 10:40 - 2012-08-30 10:40 - 00902682 ____A (Farbar) C:\Users\Cam\Desktop\FRST.exe
2012-08-28 09:57 - 2012-08-28 09:57 - 00001309 ____A C:\AdwCleaner[R1].txt
2012-08-28 09:38 - 2012-08-28 09:38 - 00029182 ____A C:\Users\Cam\Desktop\Extras.Txt
2012-08-28 09:37 - 2012-08-28 09:37 - 00150542 ____A C:\Users\Cam\Desktop\OTL.Txt
2012-08-28 09:23 - 2012-08-28 09:23 - 00596480 ____A (OldTimer Tools) C:\Users\Cam\Desktop\OTL.com
2012-08-28 09:22 - 2012-08-28 09:22 - 00618227 ____A C:\Users\Cam\Desktop\adwcleaner.exe
2012-08-27 20:42 - 2012-08-19 06:29 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-08-27 20:27 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-27 20:25 - 2012-08-27 20:25 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Cam\Desktop\tdsskiller.exe
2012-08-21 12:58 - 2012-08-21 12:58 - 00001035 ____A C:\Users\Cam\Desktop\Dropbox.lnk
2012-08-21 12:55 - 2012-08-21 12:55 - 17798272 ____A (Dropbox, Inc.) C:\Users\Cam\Downloads\Dropbox 1.4.12.exe
2012-08-20 17:29 - 2012-08-20 17:26 - 175604409 ____A C:\Users\Cam\Downloads\Futurama.S07E10.HDTV.x264-ASAP.mp4
2012-08-20 17:23 - 2012-08-20 17:04 - 129798183 ____A C:\Users\Cam\Downloads\Futurama.S07E09.HDTV.x264-ASAP.mp4
2012-08-20 17:20 - 2012-08-20 17:04 - 160917319 ____A C:\Users\Cam\Downloads\Futurama.S07E08.Fun.on.a.Bun.HDTV.x264-FQM.mp4
2012-08-20 17:16 - 2012-08-20 17:04 - 103138987 ____A C:\Users\Cam\Downloads\Futurama.S07E07.The.Six.Million.Dollar.Mon.HDTV.x264-FQM.[VTV].mp4
2012-08-20 17:13 - 2012-08-20 17:01 - 173996759 ____A C:\Users\Cam\Downloads\Futurama.S07E06.The.Butterjunk.Effect.HDTV.x264-FQM.mp4
2012-08-20 17:05 - 2012-08-20 16:58 - 123626732 ____A C:\Users\Cam\Downloads\Futurama.S07E05.HDTV.x264-2HD.mp4
2012-08-20 17:04 - 2012-08-20 16:57 - 146011488 ____A C:\Users\Cam\Downloads\Futurama.S07E02.HDTV.x264-ASAP.mp4
2012-08-20 17:03 - 2012-08-20 16:58 - 124210940 ____A C:\Users\Cam\Downloads\Futurama.S07E04.REPACK.HDTV.x264-ASAP.mp4
2012-08-20 17:03 - 2012-08-20 16:58 - 122081638 ____A C:\Users\Cam\Downloads\Futurama.S07E03.HDTV.x264-ASAP.mp4
2012-08-20 16:58 - 2012-08-20 16:55 - 125980440 ____A C:\Users\Cam\Downloads\Futurama.S07E01.HDTV.x264-ASAP.mp4
2012-08-20 16:01 - 2009-07-13 20:53 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-19 06:29 - 2012-08-19 06:29 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 06:29 - 2012-08-19 06:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Cam\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-16 16:19 - 2009-07-13 20:33 - 00298384 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 13:31 - 2012-06-10 01:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 13:31 - 2011-06-07 18:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-15 09:08 - 2011-10-19 07:41 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-06 22:18 - 2012-08-06 22:17 - 573405586 ____A C:\Users\Cam\Downloads\True.Blood.S05E09.HDTV.x264-EVOLVE.mp4
2012-07-27 09:30 - 2012-07-27 09:30 - 00008625 ____A C:\Users\Cam\Desktop\manage.htm
2012-07-18 09:47 - 2012-08-14 15:18 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 21:33 - 2011-10-19 23:29 - 00008172 ____A C:\Windows\PFRO.log
2012-07-11 09:43 - 2012-06-17 00:47 - 00030624 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-11 09:43 - 2012-06-17 00:46 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-11 09:43 - 2012-06-17 00:46 - 00083392 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-04 13:16 - 2012-08-14 15:18 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-14 15:18 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-14 15:18 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-03 17:12 - 2012-07-03 17:12 - 00063870 ____A C:\Users\Cam\Desktop\e-communications-disclosure.html
2012-07-03 09:46 - 2012-08-19 06:29 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 16:12 - 2012-07-02 16:12 - 01296064 ____A C:\Windows\Minidump\070212-18470-01.dmp
2012-07-02 16:12 - 2010-11-02 17:18 - 238239080 ____A C:\Windows\MEMORY.DMP
2012-06-28 16:52 - 2012-08-15 09:07 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-15 09:07 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-15 09:07 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-15 09:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-15 09:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-15 09:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 09:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-15 09:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 09:07 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-15 09:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 09:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-15 09:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 09:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 09:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 14:00 - 2012-06-26 14:00 - 00000741 ____A C:\Users\Cam\.recently-used.xbel
2012-06-24 10:05 - 2012-06-24 10:04 - 15867904 ____A C:\Users\Cam\Downloads\python-2.7.3.msi
2012-06-24 10:04 - 2012-06-24 10:04 - 00001006 ____A C:\Users\Cam\Desktop\Eclipse.lnk
2012-06-21 01:19 - 2012-06-20 22:01 - 00002644 ____A C:\Users\Cam\Desktop\The Lord of the Rings Online™.lnk
2012-06-20 22:04 - 2012-06-20 22:04 - 00000091 ____A C:\Users\Cam\AppData\Local\fusioncache.dat
2012-06-20 21:54 - 2012-06-20 21:54 - 02983968 ____A C:\Users\Cam\Downloads\LOTROProgressive_1.275.exe
2012-06-20 21:31 - 2012-06-20 21:31 - 00007211 ____A C:\Users\Cam\Desktop\Working.svg
2012-06-18 11:33 - 2012-06-18 11:33 - 00739808 ____A (Google Inc.) C:\Users\Cam\Downloads\musicmanagerinstaller.exe
2012-06-17 21:39 - 2012-06-17 21:39 - 00000917 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-17 01:12 - 2012-06-17 01:10 - 183171707 ____A C:\Users\Cam\Downloads\eclipse-SDK-3.7.2-win32.zip
2012-06-17 00:46 - 2012-06-17 00:46 - 00001024 ____A C:\.rnd
2012-06-17 00:45 - 2012-06-17 00:45 - 16151040 ____A C:\Users\Cam\Downloads\LogMeIn.msi
2012-06-16 11:31 - 2012-06-16 11:31 - 00005715 ____A C:\Users\Cam\Downloads\GPACalculator(1).jar
2012-06-16 10:07 - 2012-06-16 10:07 - 00005715 ____A C:\Users\Cam\Downloads\GPACalculator.jar
2012-06-13 02:21 - 2012-06-13 02:20 - 00001038 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-06-09 21:22 - 2012-06-09 21:12 - 00001055 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-06-09 20:05 - 2012-06-09 20:05 - 03216374 ____A (Blizzard Entertainment) C:\Users\Cam\Downloads\StarCraft_2_NA_en-US(2).exe
2012-06-08 23:07 - 2012-06-08 23:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-08 23:07 - 2012-06-08 23:07 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-08 23:07 - 2012-06-08 23:07 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-08 23:07 - 2012-06-08 23:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-08 23:07 - 2012-06-08 23:07 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-08 23:07 - 2012-06-08 23:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-08 23:07 - 2012-06-08 23:07 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-08 23:07 - 2012-06-08 23:07 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-08 23:07 - 2012-06-08 23:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-08 23:07 - 2012-06-08 23:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-08 23:07 - 2012-06-08 23:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-08 23:07 - 2011-10-19 07:55 - 00005414 ____A C:\Windows\IE9_main.log
2012-06-08 22:06 - 2012-06-08 22:06 - 03216374 ____A (Blizzard Entertainment) C:\Users\Cam\Downloads\StarCraft_2_NA_en-US(1).exe
2012-06-08 20:41 - 2012-07-10 19:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-10 19:04 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 19:04 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 19:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll


ZeroAccess:
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\00000004.@
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\201d3dde
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U\80000032.@

ZeroAccess:
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-25 13:06:10
Restore point made on: 2012-08-28 09:25:45
Restore point made on: 2012-08-28 09:42:21

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4094.04 MB
Available physical RAM: 3581.02 MB
Total Pagefile: 4092.32 MB
Available Pagefile: 3586.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:80.16 GB) NTFS
4 Drive g: (CLUNT13-1) (Removable) (Total:7.46 GB) (Free:3.03 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7650 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 4032 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G CLUNT13-1 FAT32 Removable 7646 MB Healthy

==================================================================================

Last Boot: 2012-08-27 13:46

==================== End Of Log =============================

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Mon 03 Sep 2012, 9:16 am

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\00000004.@
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\201d3dde
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U\80000032.@
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Tue 04 Sep 2012, 6:42 am

Followed instructions with no issues. Here's the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 04
Ran by SYSTEM at 2012-09-03 15:39:58 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7} moved successfully.
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L not found.
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U not found.
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\00000004.@ not found.
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L\201d3dde not found.
C:\Windows\Installer\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U\80000032.@ not found.
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7} moved successfully.
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}\L not found.
C:\Users\Cam\AppData\Local\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U not found.

==== End of Fixlog ====

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Tue 04 Sep 2012, 10:00 am

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
*******************************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Sun 09 Sep 2012, 4:56 pm

ComboFix 12-09-09.02 - Cam 09/09/2012 1:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2269 [GMT -4:00]
Running from: c:\users\Cam\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 05:40 . 2012-09-09 05:50 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-09-09 05:38 . 2012-09-09 05:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 03:56 . 2012-09-04 03:56 -------- d-----w- C:\Prey
2012-09-03 21:42 . 2012-09-09 05:25 -------- d-----w- c:\users\Cam\AppData\Roaming\Audacity
2012-09-03 21:42 . 2012-09-03 21:42 -------- d-----w- c:\program files\Audacity
2012-09-03 21:36 . 2012-09-03 21:36 -------- d-----w- c:\users\Cam\AppData\Local\Freecorder 6 Video
2012-09-03 21:29 . 2012-09-03 21:29 -------- d-----w- c:\users\Cam\AppData\Roaming\Freecorder 6 Video
2012-09-03 21:28 . 2012-09-03 21:29 -------- d-----w- c:\users\Cam\AppData\Local\Jaksta_Technologies_Pty_L
2012-09-03 21:27 . 2012-09-03 21:27 -------- d-----w- c:\program files\Applian Technologies
2012-09-03 21:26 . 2012-09-03 21:36 -------- d-----w- c:\programdata\Tarma Installer
2012-09-03 21:26 . 2012-09-03 21:26 -------- d-----w- c:\program files\Yontoo
2012-09-03 18:46 . 2012-09-03 18:46 -------- d-----w- c:\windows\en
2012-09-03 18:44 . 2012-09-03 18:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-09-03 18:43 . 2012-09-03 18:43 -------- d-----w- c:\windows\PCHEALTH
2012-09-03 18:43 . 2012-09-03 18:44 -------- d-----w- c:\program files\Windows Live
2012-09-03 18:40 . 2012-09-03 19:31 -------- d-----w- c:\users\Cam\AppData\Local\Windows Live
2012-09-03 18:39 . 2012-09-03 18:39 -------- d-----w- c:\program files\Common Files\Windows Live
2012-09-02 06:13 . 2012-09-02 06:13 -------- d-----w- C:\FRST
2012-08-30 02:53 . 2012-09-08 22:26 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 04:26 . 2012-08-28 04:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-21 20:58 . 2012-09-06 00:21 -------- d-----r- c:\users\Cam\Dropbox
2012-08-21 20:55 . 2012-09-07 22:50 -------- d-----w- c:\users\Cam\AppData\Roaming\Dropbox
2012-08-19 14:29 . 2012-08-19 14:29 -------- d-----w- c:\users\Cam\AppData\Roaming\Malwarebytes
2012-08-19 14:29 . 2012-08-19 14:29 -------- d-----w- c:\programdata\Malwarebytes
2012-08-19 14:29 . 2012-08-19 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-19 14:29 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 05:34 . 2012-08-19 05:34 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-14 23:18 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:18 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 23:18 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-14 23:18 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 17:45 . 2012-08-14 17:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FCC4ECE-3EA9-4F37-947F-F575306860B5}\offreg.dll
2012-08-14 17:43 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FCC4ECE-3EA9-4F37-947F-F575306860B5}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 04:27 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-08-15 21:31 . 2012-06-10 09:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 21:31 . 2011-06-08 02:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 06:54 . 2012-07-28 06:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 23:08 . 2012-07-26 23:08 862664 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 23:08 . 2012-07-26 23:08 534480 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 23:08 . 2012-07-26 23:08 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 23:08 . 2012-07-26 23:08 153536 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 23:08 . 2012-07-26 23:08 115656 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-17 18:49 . 2012-07-17 18:49 209648 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 18:37 . 2012-07-17 18:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-11 17:43 . 2012-06-17 08:47 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-11 17:43 . 2012-06-17 08:46 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-11 17:43 . 2012-06-17 08:47 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-11 17:43 . 2012-06-17 08:46 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-08 22:26 . 2011-05-17 02:52 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-18 394616]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"Facebook Update"="c:\users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MusicManager"="c:\users\Cam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-16 7316480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-04-02 63048]
.
c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 21:31]
.
2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
- c:\users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 04:47]
.
2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
- c:\users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 04:47]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 02:25]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 02:25]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001Core.job
- c:\users\Cam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 19:40]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899086228-3049755723-1055249932-1001UA.job
- c:\users\Cam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 19:40]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.71.230 68.87.71.227 151.202.0.85
FF - ProfilePath - c:\users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\f5khrzhg.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extentions.y2layers.installId, 720b78e4-177f-4a00-a62f-90849d8ceba9
FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,buzzdock,bestvideodownloader,ezlooker,dropdowndeals,twittube,toprelatedtopics,interstitialads
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Malwarebytes' Anti-Malware - \mbamgui.exe
SafeBoot-74079812.sys
MSConfigStartUp-GoogleChrome - c:\users\Cam\AppData\Local\Temp\adfm32.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2416)
c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\System32\slui.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-09-09 01:54:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 05:54
.
Pre-Run: 85,811,740,672 bytes free
Post-Run: 86,834,712,576 bytes free
.
- - End Of File - - DDEE923EF462CE3D09162E377A8A0173

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-09 01:07:39
-----------------------------
01:07:39.058 OS Version: Windows 6.1.7601 Service Pack 1
01:07:39.058 Number of processors: 2 586 0x1706
01:07:39.058 ComputerName: CAM-PC UserName: Cam
01:07:50.088 Initialize success
01:08:13.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:08:13.798 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 11
01:08:13.808 Disk 0 MBR read successfully
01:08:13.808 Disk 0 MBR scan
01:08:13.808 Disk 0 Windows 7 default MBR code
01:08:13.848 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:08:13.898 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
01:08:13.898 Disk 0 scanning sectors +488394752
01:08:13.978 Disk 0 scanning C:\Windows\system32\drivers
01:08:22.908 Service scanning
01:09:01.008 Modules scanning
01:09:23.438 Disk 0 trace - called modules:
01:09:23.458 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
01:09:23.458 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863af030]
01:09:23.788 3 CLASSPNP.SYS[8b7bc59e] -> nt!IofCallDriver -> [0x863afc48]
01:09:23.788 5 hpdskflt.sys[8b80a0be] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862dd908]
01:09:23.798 Scan finished successfully
01:11:57.903 Disk 0 MBR has been saved successfully to "C:\Users\Cam\Desktop\MBR.dat"
01:11:57.909 The log file has been saved successfully to "C:\Users\Cam\Desktop\aswMBR.txt"



cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Mon 10 Sep 2012, 6:28 am

P2P - I see you have P2P software installed on your machine. uTorrent We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Sun 23 Sep 2012, 3:23 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Sun 23 Sep 2012, 5:11 am

How's your computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 10 Oct 2012, 5:33 am

I'm such an idiot for not doing this is a more timely manner, I've just been so busy with school. I really do appreciate your patience though. Oh god this ESET detected a trojan... I am really starting to panick. I couldn't be more frustrated with myself for letting this linger on my system. Could it have been taking my passwords or keylogging this whole time?
Again thank you so much for putting up with me.

You didn't say to check the remove found threats so I didnt. Should I run again with that checked?

C:\FRST\Quarantine\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U\80000032.@ Win32/Sirefef.FD trojan
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\file0000\tsk0000.dta Win32/Sirefef.FC trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0003.dta Win32/Sirefef.EV trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0004.dta Win32/Conedex.D trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0005.dta Win32/Sirefef.FG trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0006.dta Win32/Conedex.E trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0007.dta a variant of Win32/Sirefef.FA trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0008.dta Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0010.dta Win32/Sirefef.EV trojan
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Cam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25c59e19-3939b55f multiple threats
C:\Users\Cam\Downloads\SoftonicDownloader_for_photo-booth-for-windows-7.exe a variant of Win32/SoftonicDownloader.E application

I am very scared by this list..

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Wed 10 Oct 2012, 5:44 am

Please run it again to clear the infections.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 10 Oct 2012, 9:21 am

Okay

C:\FRST\Quarantine\{5349c271-5203-b900-7c1c-83bfeb130ae7}\U\80000032.@ Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\file0000\tsk0000.dta Win32/Sirefef.FC trojan deleted - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0003.dta Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0004.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0005.dta Win32/Sirefef.FG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0006.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0007.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0008.dta Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.08.2012_00.25.26\zasubsys0000\zafs0000\tsk0010.dta Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Users\Cam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25c59e19-3939b55f multiple threats deleted - quarantined
C:\Users\Cam\Downloads\SoftonicDownloader_for_photo-booth-for-windows-7.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Wed 10 Oct 2012, 9:35 am

That looks good. How's your computer running now? Any other issues?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by cam99 on Wed 10 Oct 2012, 10:19 am

No nothing visible. Does this mean I'm in the clear?
Thank you so much for all the help you've been giving me

cam99

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2012-08-28
Operating System : 7

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Superdave on Thu 11 Oct 2012, 6:26 am

Ok, let's do some cleanup and we'll be finished.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

******************************************************
I just notice that you appear to have no Anti-virus software on your computer. If this is actually true, please download and intstall one of these free AV's. I would recommend MicroSoft Security Essentials.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*************************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Or


  • Click Start.
  • Click Control Panel.
  • Click Administration Tools.
  • Click Free up disk space.
  • Click Ok.
  • Click Delete Files.

********************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: FBI MoneyPack Virus, Rootkit in addition possibly?

Post by Sponsored content Today at 11:21 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum