Jump to content

Alien18

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by Alien18

  1. Alien18
    Thank you so much for all your help. Seems like it's all working as it's supposed to.
  2. Alien18
    Here is the security Check Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Microsoft Security Essentials AVG Internet Security 2011 Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 6 Update 25 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 19.0.2 Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. Alien18
    Here is the AdwCleaner # AdwCleaner v2.200 - Logfile created 04/19/2013 at 08:13:30 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : User - USER-PC # Boot Mode : Normal # Running from : F:\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Free Offers from Freeze.com Folder Deleted : C:\Program Files\Yontoo Layers Runtime Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\incredibar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\BHO.BrowserPlugin Key Deleted : HKLM\SOFTWARE\Classes\BHO.BrowserPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\GamePlayLabs Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-US) -\\ Google Chrome v26.0.1410.64 ************************* AdwCleaner[R1].txt - [7215 octets] - [19/04/2013 07:59:59] AdwCleaner[R2].txt - [7275 octets] - [19/04/2013 08:13:19] AdwCleaner[s1].txt - [7220 octets] - [19/04/2013 08:13:30] ########## EOF - C:\AdwCleaner[s1].txt - [7280 octets] ##########
  4. Alien18
    # AdwCleaner v2.200 - Logfile created 04/19/2013 at 07:59:59 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : User - USER-PC # Boot Mode : Normal # Running from : F:\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Found : C:\Program Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\AVG Secure Search Folder Found : C:\Program Files\Free Offers from Freeze.com Folder Found : C:\Program Files\Yontoo Layers Runtime Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\AVG Security Toolbar Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\incredibar Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\BHO.BrowserPlugin Key Found : HKLM\SOFTWARE\Classes\BHO.BrowserPlugin.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\GamePlayLabs Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKU\S-1-5-21-3335897140-2939099621-1042773861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-US) -\\ Google Chrome v26.0.1410.64 ************************* AdwCleaner[R1].txt - [7086 octets] - [19/04/2013 07:59:59] ########## EOF - C:\AdwCleaner[R1].txt - [7146 octets] ##########
  5. Alien18
    Here you go ComboFix.txt
  6. Alien18
    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : User [Admin rights] Mode : Scan -- Date : 04/18/2013 21:01:11 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [sAFEBOOT] HKLM\[...]\ControlSet001\SafeBoot : AlternateShell (C:\ProgramData\SystemRoot.exe) -> FOUND [sAFEBOOT] HKLM\[...]\ControlSet002\SafeBoot : AlternateShell (C:\ProgramData\SystemRoot.exe) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 ATA Device +++++ --- User --- [MBR] 107515e74468ef7a1e3bb80ae5f2507a [bSP] 65392c6b522ee3015665563a17e69a8f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++ --- User --- [MBR] 1feac16495b217a252b43e8229b388e1 [bSP] f127ef0ebdbff47b9d5526fb8a0ca0ed : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 1907 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_04182013_02d2101.txt >> RKreport[1]_S_04182013_02d2101.txt
  7. Alien18
    Yes it booted just fine. Not sure if there is anything else I need to do?
  8. Alien18
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2013 Ran by SYSTEM at 2013-04-18 20:29:21 Run:2 Running from F:\ ============================================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch Value deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully . C:\Users\User\AppData\Roaming\skype.ini moved successfully. C:\ProgramData\SystemRoot.exe moved successfully. ==== End of Fixlog ====
  9. Alien18
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 36 days old) Ran by SYSTEM at 18-04-2013 19:24:18 Running from F:\ Windows 7 Ultimate (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.) HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] "C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe" "C:\Program Files\Cricket Broadband Connect\mphonetools.exe" /OnPlug=%s [323584 2009-11-12] (Avanquest Software) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1151152 2013-02-18] () HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [DisplaySwitch] "C:\ProgramData\SystemRoot.exe" [57112 2013-04-11] () HKU\User\...\Run: [itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe [x] HKU\User\...\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.) HKU\User\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.) HKLM\...\Winlogon: [shell] C:\ProgramData\SystemRoot.exe [x ] () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] () 2 avgfws; "C:\Program Files\AVG\AVG10\avgfws.exe" [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.) 2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) 2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [418376 2013-04-04] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 2013-04-04] (Malwarebytes Corporation) 3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115608 2013-03-18] (Mozilla Foundation) 2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] () 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x] 4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] 4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x] 4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ==================== Drivers (Whitelisted) ==================== 3 ATMFBUS; C:\Windows\System32\DRIVERS\ATMFBUS.sys [38528 2009-02-02] (DEVGURU Co., LTD.) 3 ATMFCVsp; C:\Windows\System32\DRIVERS\ATMFCVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.) 3 ATMFFLT; C:\Windows\System32\DRIVERS\ATMFFLT.sys [11520 2009-01-05] (DEVGURU Co., LTD.) 3 ATMFMdm; C:\Windows\System32\DRIVERS\ATMFMdm.sys [54528 2009-02-02] (DEVGURU Co., LTD.) 3 ATMFNET; C:\Windows\System32\DRIVERS\ATMFNET.sys [103424 2009-02-02] (DEVGURU Co., LTD.) 3 ATMFNVsp; C:\Windows\System32\DRIVERS\ATMFNVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.) 3 ATMFVsp; C:\Windows\System32\DRIVERS\ATMFVsp.sys [54656 2009-02-02] (DEVGURU Co., LTD.) 1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [54112 2010-07-12] (AVG Technologies CZ, s.r.o.) 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. ) 1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.) 1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.) 0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.) 1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies) 3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [65640 2010-07-13] (ITE Tech. Inc. ) 3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [23656 2011-03-22] (ITE Tech. Inc. ) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) 3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.) 3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.) 3 PTUMWBus; C:\Windows\System32\DRIVERS\PTUMWBus.sys [54416 2009-07-18] (DEVGURU Co., LTD.) 3 PTUMWCDF; C:\Windows\System32\DRIVERS\PTUMWCDF.sys [22032 2009-07-18] (DEVGURU Co., LTD.) 3 PTUMWFLT; C:\Windows\System32\DRIVERS\PTUMWFLT.sys [12048 2009-07-18] (DEVGURU Co., LTD.) 3 PTUMWMdm; C:\Windows\System32\DRIVERS\PTUMWMdm.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr)) 3 PTUMWNET; C:\Windows\System32\DRIVERS\PTUMWNET.sys [114192 2009-07-18] (DEVGURU Co., LTD.) 3 PTUMWVsp; C:\Windows\System32\DRIVERS\PTUMWVsp.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr)) 4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation) 3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 9999-06-10 18:16 - 2013-04-11 16:32 - 01111638 ____A C:\Windows\WindowsUpdate.log 9999-06-10 18:14 - 9999-06-10 18:16 - 00001313 ____A C:\Windows\TSSysprep.log 2013-04-11 09:00 - 2013-04-11 09:00 - 00057112 ____A C:\ProgramData\SystemRoot.exe 2013-04-10 17:57 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 17:57 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 17:57 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 17:57 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 17:57 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 17:57 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-10 17:57 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-10 17:57 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 17:57 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 17:57 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-10 17:57 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-10 17:57 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 17:57 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 17:57 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 17:57 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-10 17:57 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 09:19 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 09:19 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-10 09:19 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-10 09:18 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-10 09:18 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 09:18 - 2013-03-18 20:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 09:18 - 2013-03-18 18:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 09:18 - 2013-03-01 21:07 - 01212264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 09:18 - 2013-02-28 19:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 09:18 - 2013-01-23 20:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-09 20:24 - 2013-04-09 20:24 - 00000000 ____D C:\FRST 2013-04-09 17:39 - 2013-04-09 17:55 - 00000000 ____D C:\Users\User\Desktop\mbar 2013-04-09 16:52 - 2013-04-09 17:17 - 00000000 ____D C:\ComboFix 2013-04-09 16:52 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-04-09 16:52 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-04-09 16:52 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-04-09 16:52 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-04-09 16:52 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-04-09 16:52 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-04-09 16:52 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-04-09 16:52 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-04-09 16:49 - 2013-04-09 17:17 - 00000000 ____D C:\Qoobox 2013-04-09 16:49 - 2013-04-09 17:13 - 00000000 ____D C:\Windows\erdnt 2013-04-07 09:53 - 2013-04-09 16:20 - 00000004 ____A C:\Users\User\AppData\Roaming\skype.ini 2013-03-30 05:33 - 2013-03-30 05:33 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2013-03-30 05:33 - 2013-03-30 05:33 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0 2013-03-22 06:26 - 2013-02-11 19:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 14263-06-10 19:13 - 2011-01-31 13:57 - 00000000 ____D C:\Windows\Panther ==================== One Month Modified Files and Folders ======== 9999-06-10 18:16 - 9999-06-10 18:14 - 00001313 ____A C:\Windows\TSSysprep.log 9999-06-10 18:14 - 2009-07-13 23:49 - 00000000 ____D C:\Windows\CSC 9999-06-10 18:14 - 2009-07-13 20:34 - 00001774 ____A C:\Windows\DtcInstall.log 2013-04-11 16:33 - 9999-06-10 18:16 - 01111638 ____A C:\Windows\WindowsUpdate.log 2013-04-11 16:32 - 2012-01-24 17:43 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335897140-2939099621-1042773861-1001UA.job 2013-04-11 16:32 - 2011-06-07 16:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2013-04-11 16:32 - 2011-05-29 08:13 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-11 10:31 - 2012-03-31 06:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-11 09:00 - 2013-04-11 09:00 - 00057112 ____A C:\ProgramData\SystemRoot.exe 2013-04-11 05:19 - 2009-07-13 20:34 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-11 05:19 - 2009-07-13 20:34 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-11 05:12 - 2013-01-24 08:19 - 00000342 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2013-04-11 05:12 - 2011-06-08 16:34 - 00000000 ____D C:\Users\User\AppData\Local\GamePlayLabs Plugin 2013-04-11 05:12 - 2011-05-29 08:13 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-11 05:11 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-11 05:11 - 2009-07-13 20:39 - 00089295 ____A C:\Windows\setupact.log 2013-04-11 05:11 - 2009-07-13 20:33 - 00420472 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-10 17:58 - 2012-04-22 13:44 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-04-10 17:55 - 2011-01-31 14:23 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-10 13:53 - 2012-01-24 17:43 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3335897140-2939099621-1042773861-1001Core.job 2013-04-10 12:50 - 2011-01-31 17:58 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2013-04-10 12:09 - 2011-06-07 17:14 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-04-09 20:24 - 2013-04-09 20:24 - 00000000 ____D C:\FRST 2013-04-09 17:55 - 2013-04-09 17:39 - 00000000 ____D C:\Users\User\Desktop\mbar 2013-04-09 17:20 - 2011-01-31 16:32 - 00019554 ____A C:\Windows\PFRO.log 2013-04-09 17:17 - 2013-04-09 16:52 - 00000000 ____D C:\ComboFix 2013-04-09 17:17 - 2013-04-09 16:49 - 00000000 ____D C:\Qoobox 2013-04-09 17:14 - 2011-01-31 18:00 - 00000923 ____A C:\Users\Public\Desktop\AVG 2011.lnk 2013-04-09 17:13 - 2013-04-09 16:49 - 00000000 ____D C:\Windows\erdnt 2013-04-09 17:11 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini 2013-04-09 17:00 - 2013-01-27 17:52 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-09 17:00 - 2013-01-27 17:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-04-09 16:20 - 2013-04-07 09:53 - 00000004 ____A C:\Users\User\AppData\Roaming\skype.ini 2013-04-09 16:07 - 9999-06-10 18:22 - 00871466 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-04 10:50 - 2013-01-27 17:52 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-02 13:43 - 2012-01-16 17:08 - 00000184 ____A C:\Users\User\Desktop\YouTube - Broadcast Yourself..url 2013-04-02 13:00 - 2011-01-31 17:25 - 00008428 ____A C:\Users\User\AppData\Roaming\wklnhst.dat 2013-04-02 13:00 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-04-02 02:33 - 2011-01-31 14:24 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-03-30 05:33 - 2013-03-30 05:33 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2013-03-30 05:33 - 2013-03-30 05:33 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0 2013-03-23 04:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore 2013-03-19 11:51 - 2012-11-02 16:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 14263-06-10 19:13 - 2009-07-13 20:57 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG 14263-06-10 19:13 - 2009-07-13 20:52 - 00028672 ____A C:\Windows\System32\config\BCD-Template ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-13 17:34:36 Restore point made on: 2013-03-17 14:30:05 Restore point made on: 2013-03-20 15:13:17 Restore point made on: 2013-03-22 18:16:38 Restore point made on: 2013-03-26 14:17:11 Restore point made on: 2013-03-30 14:27:04 Restore point made on: 2013-04-03 14:57:27 Restore point made on: 2013-04-09 16:52:50 Restore point made on: 2013-04-09 17:00:44 Restore point made on: 2013-04-10 17:54:51 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 2037.98 MB Available physical RAM: 1594.74 MB Total Pagefile: 2037.98 MB Available Pagefile: 1593.81 MB Total Virtual: 2047.88 MB Available Virtual: 1969.38 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:297.99 GB) (Free:251.57 GB) NTFS 3 Drive f: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 1907 MB 0 B Partitions of Disk 0: =============== Disk ID: F0000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 297 GB 101 MB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 297 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 08A0E78D Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1907 MB 31 KB ========================================================= Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 1907 MB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: F0000000 Partition 1: ========= Hex: 8020210007DF130C0008000000200300 Active: YES Type: 07 (NTFS) Size: 100 MB Partition 2: ========= Hex: 00DF140C07FEFFFF0028030000B83F25 Active: NO Type: 07 (NTFS) Size: 298 GB ============================== Partitions of Disk 1: =============== Disk ID: 08A0E78D Partition 1: ========= Hex: 800101000CFE3FF23F000000C09F3B00 Active: YES Type: 0C Size: 2 GB Last Boot: 2013-04-04 06:29 ==================== End Of Log ============================
  10. Alien18
    Yes it does. I'm unable to log into safemode nor am i able to use my dasktop with out the virus taking control of my computer.
  11. Alien18
    Hi, I'm new to this forum and would like some help if posible. I have cought the MoneyPak FBI virus and unable to remove it. I have atempter to used FRST and fixied it for a short period of time and then it came back . Any help would be greatly appriciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.