Jump to content

sclrd

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by sclrd

  1. sclrd
    <p>Thanks for getting back to me so fast! So I just did everything you said and here is the Fixlog.txt it gave me:</p> <p> </p> <p> </p> <div>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-04-2013</div> <div>Ran by SYSTEM at 2013-04-20 19:30:20 Run:2</div> <div>Running from F:\</div> <div> </div> <div>==============================================</div> <div> </div> <div>HKEY_USERS\creationmath\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch Value deleted successfully.</div> <div>HKEY_USERS\creationmath\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.</div> <div>C:\ProgramData\SystemRoot.exe moved successfully.</div> <div>C:\Users\creationmath\msconfig.exe moved successfully.</div> <div>C:\Users\creationmath\jqs.exe moved successfully.</div> <div>C:\Users\creationmath\spoolsv.exe moved successfully.</div> <div>C:\Users\creationmath\java.exe moved successfully.</div> <div>C:\Users\creationmath\csrss.exe moved successfully.</div> <div>C:\$Recycle.Bin\S-1-5-21-996969257-1409184644-1662884861-1000\$20d4a7f492fc78f5ea441fc18ca4d600 moved successfully.</div> <div> </div> <div>==== End of Fixlog ====</div> <div> </div> <div>I just restarted my computer and it worked! Thanks so much. Now, what can I do to make sure it is gone and wont come back?</div> <div> </div> <div>sclrd</div>
  2. sclrd
    I have a Toshiba Satelite 64bit. I have gotten a virus that wont let me access ANYTHING. Whenever I turn my computer on, i can log into my account, then my home screen will come up. Then the screen will freeze and a white screen will come up. About a minute later, a screen comes up claiming to be the FBI and demanding a ransom. I used the Fadar Recovery Scan Tool x64, went through the "Repair My Computer" on the Advanced Boot screen to get to Command Prompt, typed in "f:\frst64.exe", and hit scan. Here is to log it gave me: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2013 Ran by SYSTEM at 19-04-2013 17:04:37 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet003 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x] HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM-x32\...\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui [136416 2011-01-24] (Memeo Inc.) HKLM-x32\...\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKU\creationmath\...\Run: [Google Update] "C:\Users\creationmath\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-09-02] (Google Inc.) HKU\creationmath\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-07-21] (Google Inc.) HKU\creationmath\...\Run: [Facebook Update] "C:\Users\creationmath\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-13] (Facebook Inc.) HKU\creationmath\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKU\creationmath\...\Run: [DisplaySwitch] "C:\ProgramData\SystemRoot.exe" [32768 2013-04-17] (?????????? ??????????) HKU\creationmath\...\Winlogon: [shell] explorer.exe,C:\Users\creationmath\AppData\Roaming\skype.dat [137728 2011-11-16] (Elemental Group) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Startup: C:\Users\creationmath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearPlay Easy Updates.lnk ShortcutTarget: ClearPlay Easy Updates.lnk -> C:\Program Files (x86)\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe (ClearPlay Inc.) Startup: C:\Users\creationmath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\creationmath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) 2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [451904 2009-02-17] () 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation) 3 Symantec RemoteAssist; "C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.) 2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) 2 N360; "C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\diMaster.dll" /prefetch:1 [x] ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [1387608 2013-03-21] (Symantec Corporation) 1 ccHP; C:\Windows\System32\Drivers\N360x64\0305020.00B\ccHPx64.sys [583296 2009-08-22] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-12] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-13] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130412.001\IDSvia64.sys [513184 2013-03-29] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130415.003\ENG64.SYS [126192 2013-04-01] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130415.003\EX64.SYS [2087664 2013-04-01] (Symantec Corporation) 3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-10] (Symantec Corporation) 1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-22] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) 3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-04-19 15:23 - 2013-04-19 15:23 - 00000000 ____D C:\FRST 2013-04-17 19:28 - 2013-04-19 12:12 - 00000004 ____A C:\Users\creationmath\AppData\Roaming\skype.ini 2013-04-17 19:25 - 2013-04-17 19:25 - 00000000 ____A C:\Users\creationmath\msconfig.exe 2013-04-17 19:24 - 2013-04-17 19:24 - 00137728 ____A (Elemental Group) C:\Users\creationmath\jqs.exe 2013-04-17 19:24 - 2013-04-17 19:24 - 00000000 ____A C:\Users\creationmath\spoolsv.exe 2013-04-17 19:24 - 2013-04-17 19:24 - 00000000 ____A C:\Users\creationmath\java.exe 2013-04-17 19:24 - 2013-04-17 19:24 - 00000000 ____A C:\Users\creationmath\csrss.exe 2013-04-17 19:19 - 2013-04-17 19:19 - 00032768 ____A (?????????? ??????????) C:\ProgramData\SystemRoot.exe 2013-04-10 20:01 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 20:01 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 20:01 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 20:01 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 20:01 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 20:01 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-10 20:01 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-10 20:01 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 20:01 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 20:01 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-10 20:01 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-10 20:01 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 20:01 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 20:01 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-10 20:01 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 20:01 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 20:01 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-10 20:01 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-10 20:01 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-10 20:01 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-10 20:01 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-10 20:01 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-10 20:01 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-10 20:01 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 20:01 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-10 20:01 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-10 20:01 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-10 20:01 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 20:01 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 20:01 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 20:01 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-10 20:01 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-10 11:42 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-10 11:42 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 11:42 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-10 11:42 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-10 11:42 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-04-10 11:42 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-04-10 11:41 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 11:41 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 11:41 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-10 11:41 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-10 11:41 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-10 11:41 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 11:41 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 11:41 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 11:41 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-09 08:42 - 2013-04-09 08:42 - 00325504 ____A C:\Windows\Minidump\040913-41886-01.dmp 2013-03-25 17:11 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 2013-03-20 10:07 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll 2013-03-20 10:07 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll 2013-03-20 10:07 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2013-03-20 10:06 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2013-03-20 10:06 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2013-03-20 10:06 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll 2013-03-20 10:06 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2013-03-20 10:06 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2013-03-20 10:06 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll 2013-03-20 10:06 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2013-03-20 10:06 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2013-03-20 10:06 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2013-03-20 10:06 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2013-03-20 10:06 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2013-03-20 10:06 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2013-03-20 10:06 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2013-03-20 10:06 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2013-03-20 10:06 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2013-03-20 10:04 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-03-20 06:37 - 2013-03-20 06:37 - 00000000 ____D C:\Windows\System32\SPReview ==================== One Month Modified Files and Folders ======= 2013-04-19 15:23 - 2013-04-19 15:23 - 00000000 ____D C:\FRST 2013-04-19 12:12 - 2013-04-17 19:28 - 00000004 ____A C:\Users\creationmath\AppData\Roaming\skype.ini 2013-04-19 12:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-19 12:11 - 2009-07-13 20:51 - 00333503 ____A C:\Windows\setupact.log 2013-04-19 12:06 - 2012-05-06 13:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-19 10:34 - 2011-08-22 03:42 - 00000000 ____D C:\Users\creationmath\AppData\Roaming\Dropbox 2013-04-19 10:20 - 2009-12-28 21:55 - 02066069 ____A C:\Windows\WindowsUpdate.log 2013-04-19 09:38 - 2011-08-22 03:44 - 00000000 ___RD C:\Users\creationmath\Dropbox 2013-04-17 19:25 - 2013-04-17 19:25 - 00000000 ____A C:\Users\creationmath\msconfig.exe 2013-04-17 19:25 - 2009-12-28 21:20 - 00000000 ____D C:\users\creationmath 2013-04-17 19:24 - 2013-04-17 19:24 - 00137728 ____A (Elemental Group) C:\Users\creationmath\jqs.exe 2013-04-17 19:24 - 2013-04-17 19:24 - 00000000 ____A C:\Users\creationmath\spoolsv.exe 2013-04-17 19:24 - 2013-04-17 19:24 - 00000000 ____A C:\Users\creationmath\java.exe 2013-04-17 19:24 - 2013-04-17 19:24 - 00000000 ____A C:\Users\creationmath\csrss.exe 2013-04-17 19:19 - 2013-04-17 19:19 - 00032768 ____A (?????????? ??????????) C:\ProgramData\SystemRoot.exe 2013-04-17 19:18 - 2012-11-05 10:17 - 00000000 ____D C:\Users\creationmath\AppData\Roaming\Skype 2013-04-17 19:01 - 2009-09-02 07:54 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996969257-1409184644-1662884861-1000UA.job 2013-04-17 18:35 - 2011-08-25 15:24 - 00000956 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-996969257-1409184644-1662884861-1000UA.job 2013-04-17 12:01 - 2009-09-02 07:54 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996969257-1409184644-1662884861-1000Core.job 2013-04-17 09:35 - 2011-08-25 15:23 - 00000934 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-996969257-1409184644-1662884861-1000Core.job 2013-04-17 06:22 - 2009-12-28 21:18 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-17 06:22 - 2009-12-28 21:18 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-16 11:27 - 2009-07-13 21:13 - 00785762 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-11 18:33 - 2009-07-13 20:45 - 00378408 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-10 20:05 - 2010-09-06 18:01 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-10 20:04 - 2009-07-06 20:03 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-04-10 19:57 - 2009-08-09 11:38 - 00000000 ____D C:\Users\creationmath\Documents\matthew's work 2013-04-09 08:42 - 2013-04-09 08:42 - 00325504 ____A C:\Windows\Minidump\040913-41886-01.dmp 2013-04-09 08:42 - 2012-11-29 15:38 - 00000000 ____D C:\Windows\Minidump 2013-04-09 08:41 - 2012-11-29 14:18 - 542349028 ____A C:\Windows\MEMORY.DMP 2013-04-09 05:24 - 2012-11-05 10:17 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-04-09 05:24 - 2012-11-05 10:17 - 00000000 ____D C:\ProgramData\Skype 2013-04-02 05:01 - 2011-07-18 04:42 - 00000000 ____D C:\Users\creationmath\AppData\Roaming\Mozilla 2013-03-25 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-03-23 12:11 - 2010-12-08 11:01 - 00000000 ____D C:\Users\creationmath\AppData\Local\CrashDumps 2013-03-20 07:46 - 2009-12-28 21:42 - 00032486 ____A C:\Windows\PFRO.log 2013-03-20 07:35 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2013-03-20 07:35 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing 2013-03-20 07:35 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-03-20 07:03 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll 2013-03-20 07:03 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2013-03-20 06:37 - 2013-03-20 06:37 - 00000000 ____D C:\Windows\System32\SPReview 2013-03-20 06:32 - 2009-12-28 18:36 - 00000000 ____D C:\Windows\System32\EventProviders ZeroAccess: C:\$Recycle.Bin\S-1-5-21-996969257-1409184644-1662884861-1000\$20d4a7f492fc78f5ea441fc18ca4d600 ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3963.99 MB Available physical RAM: 3364.98 MB Total Pagefile: 3962.14 MB Available Pagefile: 3363.23 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: (TI100680V0E) (Fixed) (Total:286.58 GB) (Free:121.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS 4 Drive f: () (Removable) (Total:0.96 GB) (Free:0.39 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 980 MB 0 B Partitions of Disk 0: =============== Disk ID: 939F2AAC Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 286 GB 1501 MB Partition 3 Primary 10 GB 288 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI100680V0E NTFS Partition 286 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Disk ID: B533462D Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 979 MB 760 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT Removable 979 MB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 939F2AAC Partition 1: ========= Hex: 0020210027591ABF0008000000E02E00 Active: NO Type: 27 Size: 1 GB Partition 2: ========= Hex: 80591BBF07FEFFFF00E82E000080D223 Active: YES Type: 07 (NTFS) Size: 287 GB Partition 3: ========= Hex: 00FEFFFF17FEFFFF0068012400804101 Active: NO Type: 17 Size: 10 GB ============================== Partitions of Disk 1: =============== Disk ID: B533462D Partition 1: ========= Hex: 001809000611F1E3F0050000109A1E00 Active: NO Type: 06 Size: 979 MB Last Boot: 2013-04-09 09:48 ==================== End Of Log ============================= What do I do now? Please Help!!!!!! sclrd
  3. sclrd

    Test

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.