Jump to content

fourteendollars

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by fourteendollars

  1. Thank you MrCharlie, you've been a wonderful help. I sent a donation your way.
  2. Thank you for the assistance MrCharlie. You were very helpful and got me up and running in short order. I sent a donation your way. Thanks again!

  3. # AdwCleaner v2.301 - Logfile created 05/19/2013 at 12:35:46 # Updated 16/05/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : DABERTE - DYLAN # Boot Mode : Normal # Running from : C:\Users\DABERTE\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld File Deleted : C:\END Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\OApps Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Users\DABERTE\AppData\Local\Conduit Folder Deleted : C:\Users\DABERTE\AppData\Local\Deal Vault Folder Deleted : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld Folder Deleted : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Folder Deleted : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Folder Deleted : C:\Users\DABERTE\AppData\Local\SwvUpdater Folder Deleted : C:\Users\DABERTE\AppData\LocalLow\Conduit Folder Deleted : C:\Users\DABERTE\AppData\LocalLow\Delta Folder Deleted : C:\Users\DABERTE\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\DABERTE\AppData\Roaming\Babylon ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070} Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\59ed98bb56fbd17 Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\InfoAtoms Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.2362] : homepage = "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI=UN25845318231469032&UM[...] Deleted [l.2664] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI[...] ************************* AdwCleaner[R1].txt - [11236 octets] - [19/05/2013 10:13:32] AdwCleaner[R2].txt - [11297 octets] - [19/05/2013 12:35:28] AdwCleaner[s1].txt - [10656 octets] - [19/05/2013 12:35:46] ########## EOF - C:\AdwCleaner[s1].txt - [10717 octets] ########## Results of screen317's Security Check version 0.99.63 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 AVG PC TuneUp AVG PC TuneUp Language Pack (en-US) Java 7 Update 17 Java version out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  4. Virus scan with fully updated Windows Defender found nothing. Here is the log you requested: # AdwCleaner v2.301 - Logfile created 05/19/2013 at 10:13:32 # Updated 16/05/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : DABERTE - DYLAN # Boot Mode : Normal # Running from : C:\Users\DABERTE\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\OApps Folder Found : C:\ProgramData\APN Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\ProgramData\WeCareReminder Folder Found : C:\Users\DABERTE\AppData\Local\Conduit Folder Found : C:\Users\DABERTE\AppData\Local\Deal Vault Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Folder Found : C:\Users\DABERTE\AppData\Local\SwvUpdater Folder Found : C:\Users\DABERTE\AppData\LocalLow\Conduit Folder Found : C:\Users\DABERTE\AppData\LocalLow\Delta Folder Found : C:\Users\DABERTE\AppData\LocalLow\PriceGong Folder Found : C:\Users\DABERTE\AppData\Roaming\Babylon ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\DynConIE Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld Key Found : HKCU\Software\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld Key Found : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Key Found : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070} Key Found : HKCU\Software\wecarereminder Key Found : HKCU\Software\59ed98bb56fbd17 Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\InfoAtoms Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKU\S-1-5-21-644089304-3686757851-447439007-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-644089304-3686757851-447439007-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKU\S-1-5-21-644089304-3686757851-447439007-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.2362] : homepage = "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI=UN25845318231469032&UM=2", Found [l.2666] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI=UN25845318231469032&UM=2" ] ************************* AdwCleaner[R1].txt - [11131 octets] - [19/05/2013 10:13:32] ########## EOF - C:\AdwCleaner[R1].txt - [11192 octets] ##########
  5. About the header, I did notice that my log didn't look quite like other logs people were posting. I ran it a second time to see if I had missed something. Then after your comment, I ran it again this morning just to see. Every time that is the result it gave me. However, it was a sucess, I was able to log into the computer. It found 4 objects on the first scan, none on the second. On a side note, holy cow this computer has a lot of junk on it again. I've cleaned this thing up more than once. Maybe it's time for a lesson on internet browsing and not installing every toolbar and junk program that you come across. Anyway, onto the logs: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-05-2013 Ran by SYSTEM at 2013-05-19 08:09:27 Run:1 Running from E:\ Boot Mode: Recovery ============================================== HKEY_USERS\DABERTE\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully. HKEY_USERS\DABERTE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\DABERTE\AppData\Roaming\2433f433 => Moved successfully. C:\ProgramData\2433f433 => Moved successfully. C:\Users\DABERTE\AppData\Local\2433f433 => Moved successfully. C:\Users\DABERTE\Desktop\Internet Security 2013.lnk => Moved successfully. C:\ProgramData\ntuser.dat => Moved successfully. ==== End of Fixlog ==== Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.19.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 DABERTE :: DYLAN [administrator] 5/19/2013 8:59:14 AM mbar-log-2013-05-19 (08-59-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 7260 Time elapsed: 38 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 c:\Users\DABERTE\AppData\Local\Temp\F5A5.tmp (Trojan.Krypt) -> Delete on reboot. c:\Users\DABERTE\AppData\Local\Temp\FC79.tmp (Trojan.Krypt) -> Delete on reboot. c:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe (PUP.DownloadAdmin) -> Delete on reboot. c:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe (PUP.DownloadAdmin) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.19.06 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 DABERTE :: DYLAN [administrator] 5/19/2013 9:36:39 AM mbar-log-2013-05-19 (09-36-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 7231 Time elapsed: 26 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.2.9200 Windows 8 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.896000 GHz Memory total: 3726909440, free: 2180608000 ------------ Kernel report ------------ 05/19/2013 08:19:31 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\system32\drivers\tpm.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\amd_sata.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\amd_xata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\drivers\wd.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\System32\drivers\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\System32\drivers\WirelessButtonDriver64.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\usbohci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\RtsP2Stor.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\system32\drivers\AtihdW86.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\appexDrv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys \SystemRoot\System32\drivers\umpass.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80045ab740 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000005d\ Lower Device Object: 0xfffffa80045b5060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005358060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000039\ Lower Device Object: 0xfffffa8005160060 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.19.05 Downloaded database version: v2013.05.14.03 Initializing... Done! <<<2>>> Device number: 0, partition: 4 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005358060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005358b10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005358060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8005268980, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa800515cb20, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa8005160060, DeviceName: \Device\00000039\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff8a00b9313c0, 0xfffffa8005358060, 0xfffffa80046aa090 Lower DeviceData: 0xfffff8a00cb29590, 0xfffffa8005160060, 0xfffffa80045f9250 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 4 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 3D867707 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 1250263727 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 732450444 GPT Header CurrentLba = 1 BackupLba 1250263727 GPT Header FirstUsableLba 34 LastUsableLba 1250263694 GPT Header Guid cb7f5876-4063-43e7-93fc-47445286b31 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 732450444 Backup GPT header CurrentLba = 1250263727 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1250263694 Backup GPT header Guid cb7f5876-4063-43e7-93fc-47445286b31 Backup GPT header Contains 128 partition entries starting at LBA 1250263695 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 6ac614ef-78e5-4798-a08f-fbb29d27c4b4 FirstLBA 2048 Last LBA 821247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID eb71eab0-241d-4c51-a0cb-f923561893c FirstLBA 821248 Last LBA 1353727 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID fa4860af-b029-4f6b-94c6-b62e3f172f0 FirstLBA 1353728 Last LBA 1615871 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID c72d63-ce17-4ae8-8bfb-804be5965c67 FirstLBA 1615872 Last LBA 1197086719 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID e6eccf47-8f15-4066-ae16-7ae97195837 FirstLBA 1197086720 Last LBA 1250263039 Attributes 1 Partition Name Basic data partition Disk Size: 640135028736 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa80045ab740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80045aa040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80045ab740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa80045b5060, DeviceName: \Device\0000005d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff8a00bddf580, 0xfffffa80045ab740, 0xfffffa80046c0090 Lower DeviceData: 0xfffff8a0037123d0, 0xfffffa80045b5060, 0xfffffa800470c8e0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 231BBB Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 4112577 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2106064896 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: c:\Users\DABERTE\AppData\Local\Temp\F5A5.tmp --> [Trojan.Krypt] Infected: c:\Users\DABERTE\AppData\Local\Temp\FC79.tmp --> [Trojan.Krypt] Infected: c:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe --> [PUP.DownloadAdmin] Infected: c:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe --> [PUP.DownloadAdmin] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 4 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.2.9200 Windows 8 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.896000 GHz Memory total: 3726909440, free: 2607464448 Removal queue found; removal started Removing c:\Users\DABERTE\AppData\Local\Temp\F5A5.tmp... Removing c:\Users\DABERTE\AppData\Local\Temp\FC79.tmp... Removing c:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe... Removing c:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.2.9200 Windows 8 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.896000 GHz Memory total: 3726909440, free: 2397749248 ------------ Kernel report ------------ 05/19/2013 09:09:12 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\system32\drivers\tpm.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\amd_sata.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\amd_xata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\drivers\wd.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\System32\drivers\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\System32\drivers\WirelessButtonDriver64.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\usbohci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\RtsP2Stor.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\system32\drivers\AtihdW86.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amd_sata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\appexDrv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\System32\drivers\umpass.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8005fc5060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000004b\ Lower Device Object: 0xfffffa8005f72650 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005194060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000039\ Lower Device Object: 0xfffffa800456f7c0 Lower Device Driver Name: \Driver\amd_sata\ Driver name found: amd_sata Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.19.06 Initializing... Done! <<<2>>> Device number: 0, partition: 4 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005194060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005194b10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005194060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8004961a30, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8004546b20, DeviceName: Unknown, DriverName: \Driver\amd_xata\ DevicePointer: 0xfffffa800456f7c0, DeviceName: \Device\00000039\, DriverName: \Driver\amd_sata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff8a00aec6700, 0xfffffa8005194060, 0xfffffa80048b7740 Lower DeviceData: 0xfffff8a00a9f27b0, 0xfffffa800456f7c0, 0xfffffa80064c2820 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 4 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 3D867707 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 1250263727 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 732450444 GPT Header CurrentLba = 1 BackupLba 1250263727 GPT Header FirstUsableLba 34 LastUsableLba 1250263694 GPT Header Guid cb7f5876-4063-43e7-93fc-47445286b31 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 732450444 Backup GPT header CurrentLba = 1250263727 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1250263694 Backup GPT header Guid cb7f5876-4063-43e7-93fc-47445286b31 Backup GPT header Contains 128 partition entries starting at LBA 1250263695 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 6ac614ef-78e5-4798-a08f-fbb29d27c4b4 FirstLBA 2048 Last LBA 821247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID eb71eab0-241d-4c51-a0cb-f923561893c FirstLBA 821248 Last LBA 1353727 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID fa4860af-b029-4f6b-94c6-b62e3f172f0 FirstLBA 1353728 Last LBA 1615871 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID c72d63-ce17-4ae8-8bfb-804be5965c67 FirstLBA 1615872 Last LBA 1197086719 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID e6eccf47-8f15-4066-ae16-7ae97195837 FirstLBA 1197086720 Last LBA 1250263039 Attributes 1 Partition Name Basic data partition Disk Size: 640135028736 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8005fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005f71640, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8005f72650, DeviceName: \Device\0000004b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0xfffff8a00a459690, 0xfffffa8005fc5060, 0xfffffa800403f090 Lower DeviceData: 0xfffff8a00a8f7550, 0xfffffa8005f72650, 0xfffffa8004116a00 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 231BBB Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 4112577 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2106064896 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished =======================================
  6. Hello MrCharlie! Thank you for taking the time to help me. Here is the log you requested. HKU\DABERTE\...\Run: [GoogleChromeAutoLaunch_A5F1AA371BE16006C730E088B4C6AAB8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.) HKU\DABERTE\...\Run: [GenieoUpdaterService] "C:\Users\DABERTE\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [291680 2013-03-20] () HKU\DABERTE\...\Run: [GenieoSystemTray] "C:\Users\DABERTE\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [529248 2013-03-20] () HKU\DABERTE\...\Run: [internet Security] C:\Users\DABERTE\AppData\Roaming\amsecure.exe [x] HKU\DABERTE\...\Winlogon: [shell] cmd.exe [404992 2012-07-25] (Microsoft Corporation) <==== ATTENTION Startup: C:\Users\DABERTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-04-08] (Just Develop It) S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148664 2013-01-31] (AVG) S2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-14] () S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices) S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software) S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.) S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-18 21:12 - 2013-05-18 21:12 - 00000000 ____D C:\FRST 2013-05-15 20:35 - 2013-05-15 20:35 - 00000000 __SHD C:\found.000 2013-05-14 15:55 - 2013-05-14 15:56 - 00000796 ____A C:\Windows\setupact.log 2013-05-14 15:55 - 2013-05-14 15:55 - 00000000 ____A C:\Windows\setuperr.log 2013-05-13 15:11 - 2013-05-13 15:11 - 01096059 ____A C:\Users\DABERTE\AppData\Roaming\2433f433 2013-05-13 15:11 - 2013-05-13 15:11 - 01096050 ____A C:\ProgramData\2433f433 2013-05-13 15:11 - 2013-05-13 15:11 - 01096031 ____A C:\Users\DABERTE\AppData\Local\2433f433 2013-05-12 08:01 - 2013-05-12 08:01 - 00000783 ____A C:\Users\DABERTE\Desktop\Internet Security 2013.lnk 2013-05-09 18:01 - 2013-05-09 18:01 - 01172913 ____A C:\Users\DABERTE\Downloads\PixelPerfection.zip 2013-05-08 18:20 - 2013-05-08 18:20 - 00002212 ____A C:\Users\DABERTE\Desktop\Genieo.lnk 2013-05-08 18:07 - 2013-05-18 18:07 - 00000400 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Notification.job 2013-05-08 18:07 - 2013-05-18 16:04 - 00000398 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Startup.job 2013-05-08 18:07 - 2013-05-08 18:07 - 00002048 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Fighters 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\ProgramData\W3i 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Program Files (x86)\W3i 2013-05-08 18:06 - 2013-05-08 18:06 - 00000958 ____A C:\Users\Public\Desktop\7-zip.lnk 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\WeCareReminder 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\Fighters 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files\Fighters 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\Fighters 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\7-zip 2013-05-08 18:05 - 2013-05-08 18:06 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Genieo 2013-05-08 18:05 - 2013-05-08 18:05 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802 (1).exe 2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Users\DABERTE\AppData\Local\getsav-in 2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\ProgramData\APN 2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Program Files (x86)\SearchDonkey 2013-05-08 18:03 - 2013-05-08 18:03 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802.exe 2013-05-02 19:13 - 2013-05-02 19:13 - 12641239 ____A C:\Users\DABERTE\Downloads\GerudokuFaithful.zip 2013-05-02 19:10 - 2013-05-02 19:10 - 01482036 ____A C:\Users\DABERTE\Downloads\TheEnd_3.zip 2013-05-02 13:49 - 2013-05-02 13:49 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (2).zip 2013-05-02 13:40 - 2013-05-02 13:40 - 00048271 ____A C:\Users\DABERTE\Downloads\BACR v3,4 MC1,5,1.zip 2013-05-02 13:29 - 2013-05-02 13:29 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (1).zip 2013-05-02 13:12 - 2013-05-02 13:13 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1.zip 2013-05-01 18:56 - 2013-05-01 18:56 - 16179840 ____A C:\Users\DABERTE\Downloads\Soartex_Fanver.zip 2013-05-01 13:03 - 2013-05-01 13:03 - 03389422 ____A C:\Users\DABERTE\Downloads\YoshisIsland_5.zip 2013-04-30 12:58 - 2013-04-30 12:59 - 11122263 ____A C:\Users\DABERTE\Downloads\JohnSmithLegacy.zip 2013-04-29 15:39 - 2013-04-29 15:39 - 00002225 ____A C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk 2013-04-29 15:39 - 2013-04-29 15:39 - 00002177 ____A C:\Users\Public\Desktop\AVG PC TuneUp.lnk 2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\AVG 2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Program Files (x86)\AVG 2013-04-29 15:39 - 2013-01-31 12:44 - 00035640 ____A (AVG) C:\Windows\System32\TURegOpt.exe 2013-04-29 15:39 - 2013-01-31 12:44 - 00026936 ____A (AVG) C:\Windows\System32\authuitu.dll 2013-04-29 15:39 - 2013-01-31 12:44 - 00022328 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll 2013-04-29 15:38 - 2013-04-29 15:39 - 00000000 ____D C:\ProgramData\AVG 2013-04-29 15:38 - 2013-04-29 15:38 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-04-29 15:34 - 2013-04-29 15:34 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\PC Speed Maximizer 2013-04-29 15:19 - 2013-04-29 15:19 - 00001117 ____A C:\Users\DABERTE\Desktop\PC Speed Maximizer.lnk 2013-04-29 15:19 - 2013-04-29 15:19 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer 2013-04-29 15:17 - 2013-04-29 15:34 - 65812970 ____A C:\Users\DABERTE\Downloads\Slender_v0_9_7.zip 2013-04-28 14:49 - 2013-04-28 14:49 - 02409392 ____A C:\Users\DABERTE\Downloads\MineWars_3.zip 2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe 2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe 2013-04-28 13:57 - 2013-04-28 13:57 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (3).zip 2013-04-28 13:52 - 2013-04-28 13:52 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak (1).zip 2013-04-28 13:50 - 2013-04-28 13:50 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak.zip 2013-04-21 17:53 - 2013-04-21 17:53 - 00001120 ____A C:\Users\DABERTE\Desktop\Continue Minecraft Installation.lnk 2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\PainterlyPack.zip 2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (2).zip 2013-04-21 15:20 - 2013-04-21 15:20 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful.zip 2013-04-21 15:14 - 2013-04-21 15:14 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (1).zip 2013-04-20 11:21 - 2013-04-20 11:21 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT ==================== One Month Modified Files and Folders ======= 2013-05-18 21:12 - 2013-05-18 21:12 - 00000000 ____D C:\FRST 2013-05-18 18:07 - 2013-05-08 18:07 - 00000400 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Notification.job 2013-05-18 18:06 - 2012-07-25 23:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-18 17:00 - 2013-04-01 15:57 - 01558935 ____A C:\Windows\WindowsUpdate.log 2013-05-18 16:54 - 2012-07-25 23:28 - 00941050 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-18 16:05 - 2012-07-25 21:26 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-05-18 16:04 - 2013-05-08 18:07 - 00000398 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Startup.job 2013-05-18 16:04 - 2013-04-14 15:51 - 00000392 ____A C:\Windows\Tasks\SmartPCFix Task.job 2013-05-18 16:02 - 2013-01-29 20:27 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-15 20:35 - 2013-05-15 20:35 - 00000000 __SHD C:\found.000 2013-05-15 18:01 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru 2013-05-15 17:57 - 2012-12-27 02:09 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 17:49 - 2013-01-29 20:27 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-14 15:56 - 2013-05-14 15:55 - 00000796 ____A C:\Windows\setupact.log 2013-05-14 15:55 - 2013-05-14 15:55 - 00000000 ____A C:\Windows\setuperr.log 2013-05-13 15:11 - 2013-05-13 15:11 - 01096059 ____A C:\Users\DABERTE\AppData\Roaming\2433f433 2013-05-13 15:11 - 2013-05-13 15:11 - 01096050 ____A C:\ProgramData\2433f433 2013-05-13 15:11 - 2013-05-13 15:11 - 01096031 ____A C:\Users\DABERTE\AppData\Local\2433f433 2013-05-13 14:56 - 2013-03-31 14:16 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\.minecraft 2013-05-12 08:01 - 2013-05-12 08:01 - 00000783 ____A C:\Users\DABERTE\Desktop\Internet Security 2013.lnk 2013-05-10 13:56 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-05-09 18:01 - 2013-05-09 18:01 - 01172913 ____A C:\Users\DABERTE\Downloads\PixelPerfection.zip 2013-05-08 18:20 - 2013-05-08 18:20 - 00002212 ____A C:\Users\DABERTE\Desktop\Genieo.lnk 2013-05-08 18:07 - 2013-05-08 18:07 - 00002048 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Fighters 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\ProgramData\W3i 2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Program Files (x86)\W3i 2013-05-08 18:06 - 2013-05-08 18:06 - 00000958 ____A C:\Users\Public\Desktop\7-zip.lnk 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\WeCareReminder 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\Fighters 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files\Fighters 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\Fighters 2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\7-zip 2013-05-08 18:06 - 2013-05-08 18:05 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Genieo 2013-05-08 18:05 - 2013-05-08 18:05 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802 (1).exe 2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Users\DABERTE\AppData\Local\getsav-in 2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\ProgramData\APN 2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Program Files (x86)\SearchDonkey 2013-05-08 18:05 - 2013-02-02 15:38 - 00000000 ____A C:\END 2013-05-08 18:03 - 2013-05-08 18:03 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802.exe 2013-05-02 19:13 - 2013-05-02 19:13 - 12641239 ____A C:\Users\DABERTE\Downloads\GerudokuFaithful.zip 2013-05-02 19:10 - 2013-05-02 19:10 - 01482036 ____A C:\Users\DABERTE\Downloads\TheEnd_3.zip 2013-05-02 13:49 - 2013-05-02 13:49 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (2).zip 2013-05-02 13:40 - 2013-05-02 13:40 - 00048271 ____A C:\Users\DABERTE\Downloads\BACR v3,4 MC1,5,1.zip 2013-05-02 13:29 - 2013-05-02 13:29 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (1).zip 2013-05-02 13:13 - 2013-05-02 13:12 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1.zip 2013-05-02 07:29 - 2013-01-20 09:16 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-01 18:56 - 2013-05-01 18:56 - 16179840 ____A C:\Users\DABERTE\Downloads\Soartex_Fanver.zip 2013-05-01 14:19 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache 2013-05-01 13:03 - 2013-05-01 13:03 - 03389422 ____A C:\Users\DABERTE\Downloads\YoshisIsland_5.zip 2013-04-30 12:59 - 2013-04-30 12:58 - 11122263 ____A C:\Users\DABERTE\Downloads\JohnSmithLegacy.zip 2013-04-29 17:38 - 2012-12-24 19:30 - 00000000 ____D C:\Users\DABERTE\AppData\Local\VirtualStore 2013-04-29 15:39 - 2013-04-29 15:39 - 00002225 ____A C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk 2013-04-29 15:39 - 2013-04-29 15:39 - 00002177 ____A C:\Users\Public\Desktop\AVG PC TuneUp.lnk 2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\AVG 2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Program Files (x86)\AVG 2013-04-29 15:39 - 2013-04-29 15:38 - 00000000 ____D C:\ProgramData\AVG 2013-04-29 15:38 - 2013-04-29 15:38 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-04-29 15:34 - 2013-04-29 15:34 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\PC Speed Maximizer 2013-04-29 15:34 - 2013-04-29 15:17 - 65812970 ____A C:\Users\DABERTE\Downloads\Slender_v0_9_7.zip 2013-04-29 15:19 - 2013-04-29 15:19 - 00001117 ____A C:\Users\DABERTE\Desktop\PC Speed Maximizer.lnk 2013-04-29 15:19 - 2013-04-29 15:19 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer 2013-04-28 14:49 - 2013-04-28 14:49 - 02409392 ____A C:\Users\DABERTE\Downloads\MineWars_3.zip 2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe 2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe 2013-04-28 13:57 - 2013-04-28 13:57 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (3).zip 2013-04-28 13:52 - 2013-04-28 13:52 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak (1).zip 2013-04-28 13:50 - 2013-04-28 13:50 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak.zip 2013-04-21 17:53 - 2013-04-21 17:53 - 00001120 ____A C:\Users\DABERTE\Desktop\Continue Minecraft Installation.lnk 2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\PainterlyPack.zip 2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (2).zip 2013-04-21 15:20 - 2013-04-21 15:20 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful.zip 2013-04-21 15:14 - 2013-04-21 15:14 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (1).zip 2013-04-20 11:23 - 2013-03-31 14:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-04-20 11:21 - 2013-04-20 11:21 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT Other Malware: =========== C:\ProgramData\ntuser.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-22 16:32:08 Restore point made on: 2013-05-06 14:41:40 Restore point made on: 2013-05-14 16:09:43 Restore point made on: 2013-05-14 16:12:04 Restore point made on: 2013-05-14 16:24:00 Restore point made on: 2013-05-15 16:58:35 Restore point made on: 2013-05-15 16:59:55 Restore point made on: 2013-05-15 17:02:35 Restore point made on: 2013-05-15 17:23:54 Restore point made on: 2013-05-15 17:57:35 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3554.26 MB Available physical RAM: 2912.91 MB Total Pagefile: 3554.26 MB Available Pagefile: 2922.72 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive a: (WINRE) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) Drive c: () (Fixed) (Total:570.04 GB) (Free:518.13 GB) NTFS (Disk=0 Partition=4) ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:25.36 GB) (Free:3.02 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (WDO_Media64) (Removable) (Total:1.96 GB) (Free:1.92 GB) NTFS (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: 3D867707) Partition: GPT Partition Type ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 00231BBB) Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS) Last Boot: 2013-05-12 15:54 ==================== End Of Log ============================
  7. Hello everyone. I'm working on a coworker of mine's labtop. It's an hp pavilion g6. He has the moneypack virus and I'm struggling mightily with this one. Here's all the info I know. It's a windows 8 machine but I'm not sure if it's 32 bit or 64 bit, and I can't get anywhere in there to find out. It only has one user account, which is infected. I tried booting into safemode with a command prompt to get into the control panel to make a new user account. Getting into the control panel worked, but making a new user account was unsuccessful (did I mention I can't stand Windows 8?) The primary user of this computer is an 8 or 9 year old boy who downloads things indiscriminately. I've uninstalled countless toolbars and other such things that bog down this computer in the past. All I can say for sure is that his computer initially got "locked down" whilst playing Minecraft, though I don't think the game had anything to do with it. Logging into safe mode or safe mode with networking isn't really working. Any help would be greatly appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.