Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet crime complaint center virus + safe mode


  • This topic is locked This topic is locked
3 replies to this topic

#1 delanoman

delanoman

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 10 February 2013 - 04:34 PM

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 10-02-2013 16:05:37
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: []  [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296096 2012-10-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\User\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKU\User\...\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-29] (Facebook Inc.)
HKU\User\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]
HKU\User\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\User\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-13] (Google Inc.)
HKU\User\...\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun [6859264 2012-12-26] (FreeDownloadManager.ORG)
HKU\User\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\User\...\Run: [ieodjrzotp] C:\ProgramData\phxzbypky [x]
HKU\User\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\User\AppData\Roaming\phxzbypky [x ] ()
 
==================== Services (Whitelisted) ===================
 
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s [103792 2010-01-28] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
 
==================== Drivers (Whitelisted) =====================
 
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-27] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-27] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20120921.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2012-08-27] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120922.008\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120922.008\EX64.SYS [x]
 
==================== NetSvcs (Whitelisted) ====================
 
 
==================== One Month Created Files and Folders ========
 
2013-02-10 16:05 - 2013-02-10 16:05 - 00000000 ____D C:\FRST
2013-02-10 10:18 - 2013-02-10 10:18 - 00000000 ____D C:\Users\User\AppData\Local\{554DD57D-1FD3-4351-95B4-824C8B67DC96}
2013-01-19 04:44 - 2013-02-10 11:10 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Roaming\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Local\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\All Users\phxzbypky.exe
2013-01-19 02:08 - 2013-01-19 02:08 - 00000000 ____D C:\Users\User\AppData\Local\{3470E7E9-8BCF-4237-BAE3-50BB6B225ED4}
2013-01-18 12:41 - 2013-01-18 12:41 - 00000000 ____D C:\Users\User\AppData\Local\{7891DF58-8B88-4631-A622-5268F6F66F7F}
2013-01-17 15:11 - 2013-01-17 15:11 - 00000000 ____D C:\Users\User\AppData\Local\{B605155D-F2C1-4EEF-8DB1-25D1944BCF7A}
2013-01-16 20:09 - 2013-01-18 04:28 - 00017336 ____A C:\Users\User\Documents\OLIVA Y JV 2012.xlsx
2013-01-16 09:04 - 2013-01-16 09:06 - 00012157 ____A C:\Users\User\Documents\VENTA PREMIER STORE DICIEMBRE 12-31-12.xlsx
2013-01-16 08:58 - 2013-01-16 08:58 - 00109519 ____A C:\Users\User\Documents\BUENO DOCUMENTO PERDIDAS Y GANANCIAS DE TODAS LAS TIENDAS DICIEMBRE, 2012.xlsx
2013-01-16 07:09 - 2013-01-16 07:09 - 00000000 ____D C:\Users\User\AppData\Local\{DEC6C981-5CD4-4739-9C28-56A451367B71}
2013-01-15 15:03 - 2013-01-15 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{1AC17FB3-C424-4E87-BC0D-4E5031788601}
2013-01-15 03:03 - 2013-01-15 03:03 - 00000000 ____D C:\Users\User\AppData\Local\{C54BB222-6559-436F-8777-943FFAE973B2}
2013-01-14 14:11 - 2013-01-14 14:11 - 00000000 ____D C:\Users\All Users\Free Download Manager
2013-01-14 03:28 - 2013-01-14 03:28 - 00000000 ____D C:\Users\User\AppData\Local\{C88FE482-752B-4183-8805-53E32287DE50}
2013-01-13 15:12 - 2013-01-13 15:12 - 00000000 ____D C:\Users\User\AppData\Local\{E915810F-63D4-4194-94F1-1BCFC24A6262}
2013-01-12 14:32 - 2013-01-13 03:12 - 00000000 ____D C:\Users\User\AppData\Local\{D04502F0-1654-409F-B3F2-F1A291BF3CC1}
2013-01-11 03:13 - 2013-01-11 03:13 - 00000000 ____D C:\Users\User\AppData\Local\{F0E3DCB4-D75B-4E49-8796-99ADFD173992}
 
==================== One Month Modified Files and Folders =======
 
2013-02-10 13:00 - 2012-08-07 11:37 - 01651585 ____A C:\Windows\WindowsUpdate.log
2013-02-10 12:40 - 2012-08-27 14:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-10 12:21 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-10 12:21 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-10 12:20 - 2012-08-25 18:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-10 12:19 - 2012-09-14 19:19 - 00000336 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-02-10 12:18 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-10 12:14 - 2012-09-03 06:18 - 00000000 ____D C:\Users\User\Tracing
2013-02-10 12:13 - 2013-01-19 04:41 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Local\phxzbypky.exe
2013-02-10 12:13 - 2013-01-19 04:41 - 00114176 ____A (Bipiho) C:\Users\All Users\phxzbypky.exe
2013-02-10 12:13 - 2012-08-25 18:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-10 12:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-10 12:13 - 2009-07-13 20:51 - 00033809 ____A C:\Windows\setupact.log
2013-02-10 11:47 - 2012-08-29 13:42 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3263359443-3437761228-2663719722-1000UA.job
2013-02-10 11:10 - 2013-01-19 04:44 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Roaming\phxzbypky.exe
2013-02-10 11:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-02-10 10:50 - 2012-08-14 12:17 - 00000000 ____D C:\Users\User\AppData\Local\Tific
2013-02-10 10:18 - 2013-02-10 10:18 - 00000000 ____D C:\Users\User\AppData\Local\{554DD57D-1FD3-4351-95B4-824C8B67DC96}
2013-01-20 09:30 - 2012-11-03 13:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-01-20 09:26 - 2009-07-13 20:45 - 00018432 _____ C:\Windows\System32\umstartup.etl
2013-01-20 09:02 - 2012-09-03 05:53 - 00000000 ____D C:\Users\User\AppData\Local\WeatherBug
2013-01-20 08:35 - 2013-01-03 21:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Free Download Manager
2013-01-20 07:14 - 2012-08-07 11:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-20 05:00 - 2012-09-03 05:50 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2013-01-20 04:52 - 2012-08-29 13:42 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3263359443-3437761228-2663719722-1000Core.job
2013-01-19 02:08 - 2013-01-19 02:08 - 00000000 ____D C:\Users\User\AppData\Local\{3470E7E9-8BCF-4237-BAE3-50BB6B225ED4}
2013-01-18 12:41 - 2013-01-18 12:41 - 00000000 ____D C:\Users\User\AppData\Local\{7891DF58-8B88-4631-A622-5268F6F66F7F}
2013-01-18 04:28 - 2013-01-16 20:09 - 00017336 ____A C:\Users\User\Documents\OLIVA Y JV 2012.xlsx
2013-01-17 15:11 - 2013-01-17 15:11 - 00000000 ____D C:\Users\User\AppData\Local\{B605155D-F2C1-4EEF-8DB1-25D1944BCF7A}
2013-01-16 09:06 - 2013-01-16 09:04 - 00012157 ____A C:\Users\User\Documents\VENTA PREMIER STORE DICIEMBRE 12-31-12.xlsx
2013-01-16 08:58 - 2013-01-16 08:58 - 00109519 ____A C:\Users\User\Documents\BUENO DOCUMENTO PERDIDAS Y GANANCIAS DE TODAS LAS TIENDAS DICIEMBRE, 2012.xlsx
2013-01-16 08:45 - 2010-04-13 20:44 - 00057072 ____A C:\Windows\PFRO.log
2013-01-16 07:09 - 2013-01-16 07:09 - 00000000 ____D C:\Users\User\AppData\Local\{DEC6C981-5CD4-4739-9C28-56A451367B71}
2013-01-15 20:10 - 2012-08-14 13:19 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-01-15 15:03 - 2013-01-15 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{1AC17FB3-C424-4E87-BC0D-4E5031788601}
2013-01-15 03:03 - 2013-01-15 03:03 - 00000000 ____D C:\Users\User\AppData\Local\{C54BB222-6559-436F-8777-943FFAE973B2}
2013-01-14 14:11 - 2013-01-14 14:11 - 00000000 ____D C:\Users\All Users\Free Download Manager
2013-01-14 03:29 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2013-01-14 03:28 - 2013-01-14 03:28 - 00000000 ____D C:\Users\User\AppData\Local\{C88FE482-752B-4183-8805-53E32287DE50}
2013-01-13 19:22 - 2012-10-14 15:20 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-01-13 15:12 - 2013-01-13 15:12 - 00000000 ____D C:\Users\User\AppData\Local\{E915810F-63D4-4194-94F1-1BCFC24A6262}
2013-01-13 03:34 - 2012-11-03 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-13 03:34 - 2012-11-03 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-13 03:34 - 2012-11-03 13:46 - 00000000 ____D C:\Users\All Users\Skype
2013-01-13 03:12 - 2013-01-12 14:32 - 00000000 ____D C:\Users\User\AppData\Local\{D04502F0-1654-409F-B3F2-F1A291BF3CC1}
2013-01-11 03:43 - 2009-07-13 20:45 - 00426888 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-11 03:16 - 2012-08-27 14:22 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-11 03:13 - 2013-01-11 03:13 - 00000000 ____D C:\Users\User\AppData\Local\{F0E3DCB4-D75B-4E49-8796-99ADFD173992}
 
 
==================== Known DLLs (Whitelisted) =================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-01-03 21:28:37
Restore point made on: 2013-01-06 16:27:37
Restore point made on: 2013-01-06 16:34:42
Restore point made on: 2013-01-10 14:38:28
Restore point made on: 2013-01-11 03:13:04
Restore point made on: 2013-01-14 03:27:58
Restore point made on: 2013-01-18 12:45:38
Restore point made on: 2013-02-10 11:04:02
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 3892.47 MB
Available physical RAM: 3334.16 MB
Total Pagefile: 3890.62 MB
Available Pagefile: 3314.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Partitions =============================
 
1 Drive c: (TI105861W0E) (Fixed) (Total:453.8 GB) (Free:403.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.45 GB) (Free:5.69 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online         7633 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: C95F814A
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            453 GB  1501 MB
  Partition 3    Primary             10 GB   455 GB
 
==================================================================================
 
Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   System       NTFS   Partition   1500 MB  Healthy    Hidden  
 
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI105861W0E  NTFS   Partition    453 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 3
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00000000
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7633 MB    16 KB
 
==================================================================================
 
Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F                NTFS   Removable   7633 MB  Healthy            
 
=========================================================
 
Last Boot: 2013-02-10 10:57
 
==================== End Of Log =============================
 
 
Farbar Recovery Scan Tool (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-10 16:19:04
Running from F:\
 
================== Search: "services.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
====== End Of Search ======

Edited by Budapest, 10 February 2013 - 05:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:05 AM

Posted 10 February 2013 - 05:38 PM


Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 
HKU\User\...\Run: [ieodjrzotp] C:\ProgramData\phxzbypky [x]
HKU\User\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\User\AppData\Roaming\phxzbypky [x ] ()
2013-01-19 04:44 - 2013-02-10 11:10 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Roaming\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Local\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\All Users\phxzbypky.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:05 AM

Posted 13 February 2013 - 01:21 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:05 AM

Posted 16 February 2013 - 11:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users