Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with malware 00000001.@, 800000cb.@ & 80000000.@


  • Please log in to reply
No replies to this topic

#1 retlub

retlub

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 26 July 2012 - 08:48 PM

I am a computer professional with over 10 years expertise. I have this malware start on my computer a few weeks ago and I could not remove it to save my life. Then I when to google.com today to put in the search for 00000001.@, 800000cb.@ & 80000000.@ and landed at this site. I ran the FRST.exe and I need help in removing this one. My results are posted below. Thanks in advance.

FRST.TXT
---------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 18:00:37
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2011-05-06] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2011-05-06] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2011-05-06] (Intel Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [509896 2011-05-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2011-06-03] ()
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8546848 2011-05-06] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6749512 2012-03-11] (COMODO)
HKLM\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [208184 2011-11-23] (COMODO)
HKLM\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [182584 2011-11-23] (COMODO)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-07-05] (RealNetworks, Inc.)
HKU\henryreed\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-06] (Google Inc.)
HKU\henryreed\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
AppInit_DLLs: C:\Windows\system32\guard32.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\OpenVPN Connect.lnk
ShortcutTarget: OpenVPN Connect.lnk -> C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe ()
Startup: C:\Users\henryreed\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\henryreed\Start Menu\Programs\Startup\sgBackup Tray.lnk
ShortcutTarget: sgBackup Tray.lnk -> C:\Program Files\sgbackup\sgSysTray.exe ()

================================ Services (Whitelisted) ==================

2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1052472 2011-11-23] (COMODO)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [1983232 2012-03-11] (COMODO)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 OpenVPNAccessClient; "C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe" [24064 2012-01-12] ()
2 sgService; C:\Program Files\sgbackup\sgservice.exe [131072 2008-08-23] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)

========================== Drivers (Whitelisted) =============

1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19600 2012-03-11] (COMODO)
1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [491816 2012-03-11] (COMODO)
1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [39640 2012-03-11] (COMODO)
3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [107912 2011-05-10] (ELAN Microelectronic Corp.)
3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82384 2011-05-06] (ENE Technology Inc.)
1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82400 2012-02-03] (COMODO)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [x]
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 massfilter; C:\Windows\System32\drivers\massfilter.sys [x]
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x]
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x]
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-26 12:39 - 2012-07-26 12:39 - 00000000 ____D C:\Users\henryreed\AppData\Local\{3D3C12BA-6B36-4FBD-93C7-88DF7A4887DB}
2012-07-25 19:18 - 2012-07-25 19:18 - 00000000 ____D C:\Users\henryreed\AppData\Local\{1A00E521-5595-4377-AC0C-3F61A69164FF}
2012-07-25 19:17 - 2012-07-25 19:18 - 00000000 ____D C:\Users\henryreed\AppData\Local\{A0389A6E-0036-4DA1-B153-30DE9343B83C}
2012-07-25 06:36 - 2012-07-25 06:36 - 00000000 ____D C:\Users\henryreed\AppData\Local\{05C88C04-7010-40F7-8392-5E200BB594C8}
2012-07-24 12:01 - 2012-07-24 12:01 - 00000000 ____D C:\Users\henryreed\AppData\Local\{A5ED82E4-4EFA-4208-B8AF-549D714A0AA7}
2012-07-24 12:01 - 2012-07-24 12:01 - 00000000 ____D C:\Users\henryreed\AppData\Local\{61C73FE4-7B1E-43FB-9B55-08D3B29144CE}
2012-07-22 21:49 - 2012-07-22 21:49 - 00000000 ____D C:\Users\henryreed\AppData\Local\{B29B26D8-200A-4B37-913B-9E6FC54CBD56}
2012-07-22 21:48 - 2012-07-22 21:49 - 00000000 ____D C:\Users\henryreed\AppData\Local\{C79D997A-73E8-432F-AE8A-356F04C20648}
2012-07-22 18:55 - 2012-07-22 18:55 - 00000000 ____D C:\Users\henryreed\AppData\Local\{8E2AE746-EB2F-46E8-89F4-93BBD58F16CB}
2012-07-21 10:08 - 2012-07-21 10:08 - 00000000 ____D C:\Users\henryreed\AppData\Local\IsolatedStorage
2012-07-21 10:06 - 2012-07-21 10:11 - 00000000 ____D C:\Program Files\IncanSoft
2012-07-21 09:30 - 2009-08-20 05:46 - 00156912 ____A (SS) C:\Windows\System32\DELS3ci.exe
2012-07-21 09:30 - 2009-08-05 16:03 - 00020594 ____A () C:\Windows\System32\DELS3L3.DLL
2012-07-21 09:30 - 2009-08-05 16:03 - 00000533 ____A C:\Windows\System32\DELS3L3.SMT
2012-07-21 09:28 - 2009-07-23 12:58 - 00065536 ____A (SS) C:\Windows\System32\DELS3ci.dll
2012-07-21 09:18 - 2012-07-21 09:18 - 00000000 ____D C:\dell
2012-07-21 08:39 - 2012-07-21 08:39 - 00000000 ____D C:\Users\henryreed\AppData\Local\{2ACA93C0-D913-4D01-AA64-D77F45710982}
2012-07-20 06:58 - 2012-07-20 06:58 - 00000000 ____D C:\Users\henryreed\AppData\Local\{337E95E9-4984-4B2D-BE69-13178077B253}
2012-07-20 06:57 - 2012-07-20 06:58 - 00000000 ____D C:\Users\henryreed\AppData\Local\{C20C7CD4-0C56-4E2E-BC58-69E0F511E051}
2012-07-19 16:46 - 2012-07-22 20:00 - 00000000 ____D C:\secobackup
2012-07-19 16:41 - 2012-07-26 13:52 - 00000000 ____D C:\Protect
2012-07-19 16:40 - 2012-07-26 13:00 - 00000000 ____D C:\Program Files\sgbackup
2012-07-19 12:04 - 2012-07-19 12:04 - 00000000 ____D C:\Users\henryreed\AppData\Local\{E4943184-EA89-4D0C-AFCE-2CE0FCBDA7BC}
2012-07-19 12:03 - 2012-07-19 12:04 - 00000000 ____D C:\Users\henryreed\AppData\Local\{8F15EE20-AF1C-4400-AB68-71C8310572DB}
2012-07-19 06:38 - 2012-07-19 06:38 - 00000000 ____D C:\Users\henryreed\AppData\Local\{37431941-F041-4556-B381-32E552EFBAF7}
2012-07-18 17:03 - 2012-07-18 17:03 - 00000000 ____D C:\Users\henryreed\SyncFolder
2012-07-18 17:02 - 2012-07-20 05:55 - 00000000 ____D C:\Program Files\MyPC Backup
2012-07-18 16:18 - 2012-07-18 16:18 - 00000000 ____D C:\Users\henryreed\AppData\Local\{45E93595-62C5-4899-B888-971409D24C89}
2012-07-17 19:08 - 2012-07-17 19:45 - 00273580 ____A C:\Users\henryreed\AppData\Local\census.cache
2012-07-17 19:08 - 2012-07-17 19:44 - 00000000 ____A C:\Users\henryreed\AppData\Local\ars.cache
2012-07-17 19:04 - 2012-07-17 19:04 - 00000036 ____A C:\Users\henryreed\AppData\Local\housecall.guid.cache
2012-07-17 17:42 - 2012-07-17 17:42 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Itazk
2012-07-17 17:42 - 2012-07-17 17:42 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Ikuxda
2012-07-17 17:42 - 2012-07-17 17:42 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Doaw
2012-07-17 17:39 - 2012-07-17 17:39 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Siiq
2012-07-17 17:39 - 2012-07-17 17:39 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Koezy
2012-07-17 17:39 - 2012-07-17 17:39 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Alvu
2012-07-17 17:38 - 2012-07-17 17:38 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Rienoc
2012-07-17 17:38 - 2012-07-17 17:38 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Icvoge
2012-07-17 17:38 - 2012-07-17 17:38 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\Cyniu
2012-07-17 17:29 - 2012-07-17 17:29 - 00000000 ____D C:\Users\henryreed\AppData\Local\{F463CF93-AD60-47A7-9976-91F36CB8D956}
2012-07-17 17:29 - 2012-07-17 17:29 - 00000000 ____D C:\Users\henryreed\AppData\Local\{706D0029-E2E1-463B-A0DE-D9C1DC13A124}
2012-07-16 20:14 - 2012-07-16 20:14 - 00000000 ____D C:\Users\henryreed\AppData\Local\{096C8D76-B2F6-408E-A35E-20BF7C0582DB}
2012-07-16 18:55 - 2012-07-16 18:55 - 00000000 ____D C:\Users\henryreed\AppData\Local\{13F0D316-C639-450A-8A25-633905E612DF}
2012-07-15 16:57 - 2012-07-15 16:57 - 00000000 ____D C:\Users\henryreed\AppData\Local\{0B20A319-7CCE-4B5D-8CEC-5362B7A475A0}
2012-07-15 16:56 - 2012-07-15 16:57 - 00000000 ____D C:\Users\henryreed\AppData\Local\{81431807-89A7-41F1-A241-E2BA1C951BFA}
2012-07-15 13:32 - 2012-07-15 13:32 - 00000000 ____D C:\Users\henryreed\AppData\Local\{4FFCF138-BE83-46D2-98EC-BF47375AC380}
2012-07-14 14:01 - 2012-07-26 12:36 - 00001960 ____A C:\Windows\setupact.log
2012-07-14 14:01 - 2012-07-14 14:01 - 00002138 ____A C:\Windows\PFRO.log
2012-07-14 14:01 - 2012-07-14 14:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-14 13:59 - 2012-07-14 14:02 - 00001183 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-07-14 13:59 - 2012-07-14 13:59 - 00000000 ____D C:\CCE_Quarantine
2012-07-14 04:55 - 2012-07-14 04:55 - 00000000 ____D C:\Users\henryreed\AppData\Local\{8DB2B012-F0AC-4EB1-8017-B65C608D870C}
2012-07-14 04:54 - 2012-07-14 04:55 - 00000000 ____D C:\Users\henryreed\AppData\Local\{B375CBAE-5D24-45C5-ACA9-3CF18A145CF5}
2012-07-13 17:53 - 2012-07-13 17:53 - 00000000 ____D C:\Users\henryreed\AppData\Local\{3E90B066-3EEC-4A47-8791-9457E110B386}
2012-07-13 17:53 - 2012-07-13 17:53 - 00000000 ____D C:\Users\henryreed\AppData\Local\{06CC4253-92EA-4FC6-AD66-93D308FF2E37}
2012-07-12 20:05 - 2012-07-12 20:05 - 00000000 ____D C:\Users\henryreed\AppData\Local\{B23359EB-6F9F-4327-90AF-8E0EE17C89E3}
2012-07-12 07:58 - 2012-07-12 20:04 - 00000000 ____D C:\Users\henryreed\AppData\Local\{F8D1A52C-FDB8-4120-99B6-76C4A02FBEC5}
2012-07-12 07:58 - 2012-07-12 07:59 - 00000000 ____D C:\Users\henryreed\AppData\Local\{53946085-F968-4393-A193-337856A7606F}
2012-07-11 14:16 - 2012-07-11 14:16 - 00000000 ____D C:\Users\henryreed\AppData\Local\{F95A3000-ABCF-4489-BC6F-35D671037A03}
2012-07-11 14:15 - 2012-07-11 14:15 - 00000000 ____D C:\Users\henryreed\AppData\Local\{50AD9A0B-66BF-4CAE-812A-C40265352EF9}
2012-07-10 07:08 - 2012-07-10 07:08 - 00000000 ____D C:\Users\henryreed\AppData\Local\{5155CCB0-F376-457D-9818-D649065B124C}
2012-07-10 07:07 - 2012-07-10 07:07 - 00000000 ____D C:\Users\henryreed\AppData\Local\{C00C940D-538B-4FB7-B31D-E64B7EBDAE16}
2012-07-09 07:02 - 2012-07-09 07:03 - 00000000 ____D C:\Users\henryreed\AppData\Local\{7FA50875-2AC7-4D25-A904-FC6D6B73FCF1}
2012-07-09 07:02 - 2012-07-09 07:02 - 00000000 ____D C:\Users\henryreed\AppData\Local\{22334529-8752-4F94-9AD3-85436E88C7FD}
2012-07-08 10:12 - 2012-07-08 10:12 - 00000000 ____D C:\Users\henryreed\AppData\Local\{FF520C77-DEA9-40CC-8375-35E7D7B0C8A7}
2012-07-08 10:11 - 2012-07-08 10:11 - 00000000 ____D C:\Users\henryreed\AppData\Local\{B5B34C71-0A92-4A7A-81D4-AB90C4D11F0F}
2012-07-07 18:15 - 2009-08-19 20:50 - 00022872 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2012-07-07 17:21 - 2012-07-07 17:21 - 00000000 ____A C:\install.rdf
2012-07-07 17:06 - 2012-07-07 17:06 - 00002608 ____A C:\Users\Administrator\ovpntray.log
2012-07-07 17:05 - 2012-07-07 17:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Real
2012-07-07 17:05 - 2012-07-07 17:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2012-07-07 16:59 - 2012-07-07 17:06 - 00000000 ____D C:\users\Administrator
2012-07-07 16:59 - 2012-07-07 16:59 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
2012-07-07 16:59 - 2012-06-15 21:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2012-07-07 16:59 - 2011-05-07 00:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2012-07-07 06:57 - 2012-07-07 06:57 - 00000000 ____D C:\Users\henryreed\AppData\Local\{93B968D1-DFF9-4AAF-9B0A-9B87D0A6DF6B}
2012-07-07 06:56 - 2012-07-07 06:56 - 00000000 ____D C:\Users\henryreed\AppData\Local\{500ECA44-CB4A-4DF3-AD78-37ECDCB51198}
2012-07-06 15:54 - 2012-07-06 15:54 - 00000000 ____D C:\IncanBots
2012-07-06 13:27 - 2012-07-06 13:28 - 00000000 ____D C:\Users\henryreed\AppData\Local\{F527B75B-231B-4930-A0D3-AD78A495BD2C}
2012-07-06 13:27 - 2012-07-06 13:27 - 00000000 ____D C:\Users\henryreed\AppData\Local\{64349B09-BAFD-43C9-9E7E-A76CD8A701B1}
2012-07-05 20:42 - 2012-07-05 20:42 - 00000000 ____D C:\Users\Henryreed_fix\AppData\Roaming\Macromedia
2012-07-05 20:42 - 2012-07-05 20:42 - 00000000 ____D C:\Users\Henryreed_fix\AppData\Roaming\Adobe
2012-07-05 20:40 - 2012-07-05 20:40 - 00002165 ____A C:\Users\Henryreed_fix\Desktop\Google Chrome.lnk
2012-07-05 20:40 - 2012-07-05 20:40 - 00000000 ____D C:\Users\Henryreed_fix\AppData\Local\Google
2012-07-05 20:36 - 2012-07-05 20:36 - 00002608 ____A C:\Users\Henryreed_fix\ovpntray.log
2012-07-05 18:50 - 2012-07-05 18:50 - 00000000 ____D C:\Users\henryreed\AppData\Local\{36EA4790-E077-4043-B3D7-48DB77D7B654}
2012-07-05 18:49 - 2012-07-05 18:49 - 00000000 ____D C:\Users\henryreed\AppData\Local\{CD54A27D-9657-42A0-BBFE-B0875DB2FC8B}
2012-07-05 16:09 - 2012-07-07 17:28 - 00000000 ____D C:\Users\henryreed\AppData\Local\Deployment
2012-07-05 16:09 - 2012-07-05 16:09 - 00000000 ____D C:\Users\henryreed\AppData\Local\Apps\2.0
2012-07-05 15:53 - 2012-07-07 07:55 - 00000000 ____D C:\Program Files\7-Zip
2012-07-05 14:02 - 2012-07-05 14:02 - 00000000 ____D C:\Users\henryreed\AppData\Roaming\WinRAR
2012-07-05 12:29 - 2012-07-07 08:06 - 00000000 ____D C:\Program Files\WebAssist
2012-07-05 11:28 - 2012-07-05 11:28 - 00000000 ____D C:\Program Files\FBP - Facebook Blaster Pro
2012-07-05 07:02 - 2012-07-05 07:02 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-07-05 07:00 - 2012-07-05 07:00 - 00000000 ____D C:\Program Files\Common Files\xing shared
2012-07-05 06:58 - 2012-07-05 06:58 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-07-05 06:56 - 2012-07-05 06:56 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-07-05 06:56 - 2012-07-05 06:56 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-07-05 06:56 - 2012-07-05 06:56 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-07-05 06:42 - 2012-07-05 06:42 - 00000000 ____D C:\Users\henryreed\AppData\Local\{8DB73939-4CE4-4560-AAF7-A71731C9977F}
2012-07-05 06:41 - 2012-07-05 06:41 - 00000000 ____D C:\Users\henryreed\AppData\Local\{5FC16151-BBDE-4B97-B370-EE9F235B960A}
2012-07-03 07:30 - 2012-07-03 07:30 - 00000000 ____D C:\Users\henryreed\AppData\Local\{CB4849A1-8FC8-463B-AF40-F46827C639DB}
2012-07-03 07:29 - 2012-07-03 07:29 - 00000000 ____D C:\Users\henryreed\AppData\Local\{874DB79A-DFA4-479E-9A94-0265C6ED6E8B}
2012-07-02 14:47 - 2012-07-02 14:47 - 00000000 ____D C:\Users\henryreed\AppData\Local\{0F2AAAA0-CED7-4905-A245-F66ABBB39CEE}
2012-07-02 14:46 - 2012-07-02 14:46 - 00000000 ____D C:\Users\henryreed\AppData\Local\{8899CC24-D613-4487-9303-52EA311A4AA2}
2012-07-01 12:31 - 2012-07-01 12:31 - 00000000 ____D C:\Users\henryreed\AppData\Local\{202CCBD6-5EF3-4C26-9F56-982DBF770F16}
2012-07-01 12:30 - 2012-07-01 12:31 - 00000000 ____D C:\Users\henryreed\AppData\Local\{24BB8B49-70AB-4B56-AB6D-6E74DE40077A}
2012-06-30 14:13 - 2012-06-30 14:13 - 00000000 ____D C:\Users\henryreed\AppData\Local\{589478B0-02DF-4EB5-BE47-48D10AD8C71D}
2012-06-30 14:12 - 2012-06-30 14:13 - 00000000 ____D C:\Users\henryreed\AppData\Local\{E5EC3AFC-DD75-414F-BC80-4118935B1F66}
2012-06-30 08:24 - 2012-06-30 08:24 - 00000000 ____D C:\Users\henryreed\AppData\Local\{603984F7-8C7C-432B-9B1D-96B773372061}
2012-06-29 08:50 - 2012-06-29 08:50 - 00000000 ____D C:\Program Files\Zemanta
2012-06-29 06:10 - 2012-07-25 15:38 - 00000000 ____D C:\ArticleAssistant
2012-06-29 06:10 - 2012-06-29 06:12 - 00000086 ____A C:\Windows\aasinst.ini
2012-06-29 04:37 - 2012-06-29 04:37 - 00000000 ____D C:\Users\henryreed\AppData\Local\{C600A42C-7EBB-4A9C-BCED-C9E376448162}
2012-06-29 04:37 - 2012-06-29 04:37 - 00000000 ____D C:\Users\henryreed\AppData\Local\{210826FB-7D64-4156-889E-31E0BB8D8955}
2012-06-28 17:05 - 2012-07-17 17:33 - 00000000 ____D C:\Program Files\Citrix
2012-06-28 17:05 - 2012-06-28 17:05 - 00060304 ____A C:\Users\henryreed\g2mdlhlpx.exe
2012-06-28 16:43 - 2012-06-28 16:43 - 00000000 ____D C:\Users\henryreed\AppData\Local\Arthur_A._Evseev_(artevse
2012-06-28 08:56 - 2012-06-28 08:56 - 00000000 ____D C:\Users\henryreed\AppData\Local\{C61C378A-C5B7-45F5-9A2B-D2E2757318F5}
2012-06-28 08:55 - 2012-06-28 08:55 - 00000000 ____D C:\Users\henryreed\AppData\Local\{1C58D062-CC9A-4716-B8F1-E5F7022D10CC}
2012-06-27 11:11 - 2012-06-27 11:11 - 00000901 ____A C:\Users\Public\Desktop\Mobile Lead Finder.lnk
2012-06-27 11:11 - 2012-06-27 11:11 - 00000000 ____D C:\Program Files\Mobile Lead Finder
2012-06-27 10:49 - 2012-06-27 10:50 - 00000000 ____D C:\Users\henryreed\AppData\Local\{2DE53E54-229D-457D-A28D-D6ABBFF82DE9}
2012-06-27 10:49 - 2012-06-27 10:49 - 00000000 ____D C:\Users\henryreed\AppData\Local\{B4A7342D-5799-488A-B619-ED7A35568DA4}
2012-06-26 19:32 - 2012-06-26 19:32 - 00000000 ____D C:\Users\henryreed\AppData\Local\{BBE02A02-90DF-4A21-A517-98F7052B6503}
2012-06-26 19:32 - 2012-06-26 19:32 - 00000000 ____D C:\Users\henryreed\AppData\Local\{483F5D5F-BED7-41A5-8154-E15D84AEA39F}
2012-06-26 09:35 - 2012-06-26 09:35 - 00000000 ____D C:\Users\henryreed\AppData\Local\{74E4B41B-5821-4782-9F80-7C4934C4AA21}
2012-06-26 04:32 - 2012-06-26 04:32 - 00000000 ____D C:\Users\henryreed\AppData\Local\{738E7EFD-D13E-4D3C-B45F-1745F6EF40F4}


============ 3 Months Modified Files ========================

2012-07-26 13:53 - 2012-06-22 07:37 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2012-07-26 13:53 - 2012-04-10 10:38 - 00012639 ____A C:\Users\henryreed\ovpntray.log
2012-07-26 13:52 - 2010-02-09 21:43 - 00777976 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 13:36 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:36 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:13 - 2011-05-06 20:42 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-26 12:37 - 2011-05-06 20:42 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 12:36 - 2012-07-14 14:01 - 00001960 ____A C:\Windows\setupact.log
2012-07-26 12:36 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-25 10:07 - 2011-05-06 20:05 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-21 09:29 - 2011-05-06 21:00 - 01371021 ____A C:\Windows\WindowsUpdate.log
2012-07-17 19:45 - 2012-07-17 19:08 - 00273580 ____A C:\Users\henryreed\AppData\Local\census.cache
2012-07-17 19:44 - 2012-07-17 19:08 - 00000000 ____A C:\Users\henryreed\AppData\Local\ars.cache
2012-07-17 19:04 - 2012-07-17 19:04 - 00000036 ____A C:\Users\henryreed\AppData\Local\housecall.guid.cache
2012-07-14 14:02 - 2012-07-14 13:59 - 00001183 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-07-14 14:01 - 2012-07-14 14:01 - 00002138 ____A C:\Windows\PFRO.log
2012-07-14 14:01 - 2012-07-14 14:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-13 17:53 - 2012-05-30 08:09 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-13 17:53 - 2011-06-02 13:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-11 14:10 - 2009-07-13 20:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-07 17:21 - 2012-07-07 17:21 - 00000000 ____A C:\install.rdf
2012-07-07 17:06 - 2012-07-07 17:06 - 00002608 ____A C:\Users\Administrator\ovpntray.log
2012-07-07 16:59 - 2012-07-07 16:59 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
2012-07-05 20:40 - 2012-07-05 20:40 - 00002165 ____A C:\Users\Henryreed_fix\Desktop\Google Chrome.lnk
2012-07-05 20:36 - 2012-07-05 20:36 - 00002608 ____A C:\Users\Henryreed_fix\ovpntray.log
2012-07-05 07:02 - 2012-07-05 07:02 - 00001016 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-07-05 06:58 - 2012-07-05 06:58 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-07-05 06:56 - 2012-07-05 06:56 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-07-05 06:56 - 2012-07-05 06:56 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-07-05 06:56 - 2012-07-05 06:56 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-07-05 06:55 - 2003-10-17 10:44 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-07-05 06:55 - 2003-10-17 10:44 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-06-29 06:12 - 2012-06-29 06:10 - 00000086 ____A C:\Windows\aasinst.ini
2012-06-28 17:05 - 2012-06-28 17:05 - 00060304 ____A C:\Users\henryreed\g2mdlhlpx.exe
2012-06-27 11:11 - 2012-06-27 11:11 - 00000901 ____A C:\Users\Public\Desktop\Mobile Lead Finder.lnk
2012-06-24 08:49 - 2012-06-24 08:49 - 00001162 ____A C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
2012-06-22 07:37 - 2011-05-06 20:46 - 01288396 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-22 07:32 - 2012-06-22 07:32 - 00001846 ____A C:\Users\Public\Desktop\COMODO Internet Security.lnk
2012-06-21 10:41 - 2012-06-21 10:41 - 00001154 ____A C:\Users\Public\Desktop\OpenProj.lnk
2012-06-15 21:24 - 2012-06-15 21:24 - 00001170 ____A C:\Users\Public\Desktop\Amazon MP3 Uploader.lnk
2012-06-12 20:16 - 2012-06-12 20:16 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-10 16:02 - 2012-06-10 16:02 - 00003584 ____A C:\Users\henryreed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-02 14:19 - 2012-06-21 09:40 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 09:40 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 09:40 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 09:39 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 09:39 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 09:40 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 09:39 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 09:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-21 09:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 04:00 - 2012-05-17 04:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01009.Wdf

ZeroAccess:
C:\Windows\Installer\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}
C:\Windows\Installer\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}\@
C:\Windows\Installer\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}\U

ZeroAccess:
C:\Users\henryreed\AppData\Local\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}
C:\Users\henryreed\AppData\Local\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}\@
C:\Users\henryreed\AppData\Local\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}\L
C:\Users\henryreed\AppData\Local\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}\n
C:\Users\henryreed\AppData\Local\{fdbc4a5b-b82c-c74d-07af-87d8dba91ee8}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2037.1 MB
Available physical RAM: 1628.11 MB
Total Pagefile: 2037.1 MB
Available Pagefile: 1637.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:43.85 GB) (Free:16.98 GB) NTFS
2 Drive e: (Storage) (Fixed) (Total:107.42 GB) (Free:18.11 GB) NTFS
3 Drive f: (Extra) (Fixed) (Total:81.52 GB) (Free:4.38 GB) NTFS
4 Drive g: () (Removable) (Total:3.76 GB) (Free:3.7 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3854 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 43 GB 101 MB
Partition 3 Primary 107 GB 43 GB
Partition 4 Primary 81 GB 151 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 43 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Storage NTFS Partition 107 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Extra NTFS Partition 81 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3853 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3853 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 14:11

======================= End Of Log ==========================



Search.txt
--------------------------------------
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 18:29:56
Running from G:\

================== Search: "service.exe" ===================

=== End Of Search ===

I am on the look out for a reply. Thanks again in advance.

*Moderator Edit: Moved topic from Introductions to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 27 July 2012 - 09:15 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users