Jump to content

bigstu

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by bigstu

  1. bigstu
    Alright I was able to boot up normally and reach my desktop! I've made sure that the computer was disconnected from the internet before booting up and I'm going to keep it offline as I copy over the files I want to save. After which I will then try and re-format the system. Thank you so much for the help, I really appreciate it! Unless there is something that you think needs to be done after viewing the fixlog, I think I can take care of the rest for myself Again, thank you So here is the fixlog: ============================================== HKU\Stuart\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.HKU\Stuart\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.HKU\Stuart\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.hklm\System\ControlSet002\Control\SafeBoot\\AlternateShell => Value was restored successfully.C:\Users\Stuart\AppData\Roaming\skype.ini => Moved successfully.C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job => Moved successfully.C:\Users\Stuart\java.exe => Moved successfully.C:\Users\Stuart\iexplore.exe => Moved successfully.C:\Windows\System32\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F} => Moved successfully.C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad => Moved successfully.C:\Users\Stuart\spoolsv.exe => Moved successfully.C:\Users\Stuart\flashplayer.exe => Moved successfully.C:\Users\Stuart\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 => Moved successfully.C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully."C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exe" => File/Directory not found."C:\Users\Stuart\flashplayer.exe" => File/Directory not found."C:\Users\Stuart\iexplore.exe" => File/Directory not found."C:\Users\Stuart\java.exe" => File/Directory not found."C:\Users\Stuart\spoolsv.exe" => File/Directory not found.C:\Users\Stuart\AppData\Roaming\skype.dat => Moved successfully."C:\Users\Stuart\AppData\Roaming\skype.ini" => File/Directory not found."C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job" => File/Directory not found. ==== End of Fixlog ====
  2. bigstu
    Alright thank you for all the information this is extremely helpful. I'll be taking your advice to help keep my privacy and security. But I'd still like to try and recover the computer if possible and attempt to clean the computer of infections. I understand that it most likely won't entirely get cleaned, but I'd like to at least be able to copy a couple of important files to me onto a flashdrive - and then I will look into re-formatting.
  3. bigstu
    Oh wow thanks for replying so quickly! So here is the log, the FRST.txt, that the scan put on my flash drive: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013Ran by SYSTEM on 26-07-2013 08:39:29Running from G:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet002ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)HKLM\...\Run: [TortoiseHgOverlayIconServer] - C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [53512 2012-07-02] ()HKLM\...\Run: [MouseDriver] - C:\Windows\System32\TiltWheelMouse.exe [241152 2012-12-12] (Pixart Imaging Inc)HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()HKU\Default\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)HKU\Default User\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)HKU\Stuart\...\Run: [Google Update] - C:\Users\Stuart\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-24] (Google Inc.)HKU\Stuart\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1672616 2013-07-09] (Valve Corporation)HKU\Stuart\...\Run: [AdobeBridge] - [x]HKU\Stuart\...\Run: [spotify Web Helper] - C:\Users\Stuart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)HKU\Stuart\...\Run: [spotify] - C:\Users\Stuart\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-09] (Spotify Ltd)HKU\Stuart\...\Run: [GoogleChromeAutoLaunch_C547D43CD725728C8B60ADB062C7B06A] - C:\Users\Stuart\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)HKU\Stuart\...\Run: [Google Update] - C:\Users\Stuart\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-24] (Google Inc.)HKU\Stuart\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exe [143360 2013-07-26] () <===== ATTENTIONHKU\Stuart\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exe [143360 2013-07-26] () <===== ATTENTIONHKU\Stuart\...\Winlogon: [shell] explorer.exe,C:\Users\Stuart\AppData\Roaming\skype.dat [124928 2011-11-16] (ImDev Software Group) <==== ATTENTION AlternateShell: C:\ProgramData\DisplaySwitch.exe ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)S2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-03] ()S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745880 2013-03-13] (Tunngle.net GmbH)S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] () ==================== Drivers (Whitelisted) ==================== S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-13] (DT Soft Ltd)S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2012-03-01] (Echobit, LLC)S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc)S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-12] ()S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-26 08:37 - 2013-07-26 08:37 - 00000000 ____D C:\FRST2013-07-26 01:54 - 2013-07-26 02:10 - 00000004 _____ C:\Users\Stuart\AppData\Roaming\skype.ini2013-07-26 01:53 - 2013-07-26 02:10 - 00000330 ____H C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job2013-07-26 01:53 - 2013-07-26 01:53 - 00124928 _____ (ImDev Software Group) C:\Users\Stuart\java.exe2013-07-26 01:53 - 2013-07-26 01:53 - 00117248 _____ (InterVision Software Lab.) C:\Users\Stuart\iexplore.exe2013-07-26 01:53 - 2013-07-26 01:53 - 00003078 _____ C:\Windows\System32\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Program Files (x86)\Google2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\spoolsv.exe2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\flashplayer.exe2013-07-19 15:34 - 2013-07-19 15:34 - 00547113 _____ C:\Users\Stuart\Desktop\effectsed.zip2013-07-15 20:23 - 2013-07-15 20:23 - 16802664 _____ C:\Users\Stuart\Downloads\PLAYA+135+stems.zip2013-07-11 12:56 - 2013-07-24 23:36 - 00000000 ____D C:\Program Files (x86)\Guild Wars 22013-07-11 12:56 - 2013-07-11 12:56 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk2013-07-11 12:52 - 2013-07-11 12:52 - 22716480 _____ (ArenaNet) C:\Users\Stuart\Downloads\Gw2Setup.exe2013-07-10 01:46 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-07-10 01:46 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-07-10 01:46 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-07-10 01:46 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-07-10 01:46 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-07-10 01:46 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-07-10 01:46 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-07-10 01:46 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-07-10 01:46 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-07-10 01:46 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-07-10 01:46 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-07-10 01:46 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-07-10 01:46 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-07-10 01:46 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-07-10 01:46 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-07-10 01:46 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-07-10 01:46 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-07-10 01:46 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-07-10 01:46 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-07-10 01:46 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-07-10 01:46 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-07-10 01:46 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-07-10 01:46 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-07-10 01:46 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-07-10 01:46 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-07-10 01:46 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-07-10 01:46 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-07-10 01:46 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-07-10 01:46 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-07-10 01:46 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-07-10 01:46 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-07-09 14:58 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-07-09 14:58 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll2013-07-09 14:58 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2013-07-09 14:58 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-07-09 14:58 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-07-09 14:57 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-07-09 14:57 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\ProgramData\ATI2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\Program Files (x86)\AMD AVT2013-07-09 13:43 - 2013-07-09 13:44 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Stuart\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe2013-07-09 13:41 - 2013-07-09 13:41 - 00000000 ____D C:\Users\Stuart\AppData\Local\Red 5 Studios2013-07-09 13:40 - 2013-07-09 13:40 - 00000000 ____D C:\Users\Stuart\Documents\Firefall2013-07-09 12:40 - 2013-07-09 12:40 - 00002346 _____ C:\Users\Public\Desktop\Play Firefall.lnk2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Xiph.Org2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Red 5 Studios2013-07-09 11:49 - 2013-07-09 11:49 - 17830272 _____ C:\Users\Stuart\Downloads\FirefallInstaller.exe2013-07-04 09:29 - 2013-07-04 09:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-06-30 13:47 - 2013-06-30 13:47 - 00151312 ____H C:\Windows\SysWOW64\mlfcache.dat2013-06-30 13:47 - 2013-06-30 13:47 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 ==================== One Month Modified Files and Folders ======= 2013-07-26 08:37 - 2013-07-26 08:37 - 00000000 ____D C:\FRST2013-07-26 02:10 - 2013-07-26 01:54 - 00000004 _____ C:\Users\Stuart\AppData\Roaming\skype.ini2013-07-26 02:10 - 2013-07-26 01:53 - 00000330 ____H C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job2013-07-26 02:10 - 2012-04-20 18:24 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\TortoiseHg2013-07-26 02:10 - 2012-02-26 18:35 - 00000000 ____D C:\Users\Stuart\AppData\Local\LogMeIn Hamachi2013-07-26 02:10 - 2012-02-25 00:38 - 00000000 ____D C:\Program Files (x86)\Steam2013-07-26 02:10 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-07-26 02:10 - 2009-07-13 20:51 - 00057138 _____ C:\Windows\setupact.log2013-07-26 01:53 - 2013-07-26 01:53 - 00124928 _____ (ImDev Software Group) C:\Users\Stuart\java.exe2013-07-26 01:53 - 2013-07-26 01:53 - 00117248 _____ (InterVision Software Lab.) C:\Users\Stuart\iexplore.exe2013-07-26 01:53 - 2013-07-26 01:53 - 00003078 _____ C:\Windows\System32\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Program Files (x86)\Google2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\spoolsv.exe2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\flashplayer.exe2013-07-26 01:53 - 2012-02-24 23:50 - 00000000 ____D C:\Users\Stuart\AppData\Local\Google2013-07-26 01:53 - 2012-02-24 23:35 - 00000000 ____D C:\users\Stuart2013-07-26 01:53 - 2012-02-24 23:31 - 01076142 _____ C:\Windows\WindowsUpdate.log2013-07-26 01:38 - 2012-02-24 23:50 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001UA.job2013-07-26 01:34 - 2013-05-17 18:29 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Spotify2013-07-26 01:13 - 2012-04-03 16:18 - 00000000 ____D C:\Users\Stuart\AppData\Local\PMB Files2013-07-26 01:13 - 2012-04-03 16:18 - 00000000 ____D C:\ProgramData\PMB Files2013-07-25 22:43 - 2012-02-25 11:40 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\X-Chat 22013-07-25 20:14 - 2012-02-25 14:39 - 00000000 ____D C:\Program Files (x86)\GtkRadiant-1.42013-07-25 13:55 - 2009-07-13 20:45 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-07-25 13:55 - 2009-07-13 20:45 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-07-25 13:30 - 2012-04-05 11:18 - 00000000 ____D C:\Users\Stuart\AppData\Local\TSVNCache2013-07-24 23:44 - 2012-02-26 18:47 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Skype2013-07-24 23:36 - 2013-07-11 12:56 - 00000000 ____D C:\Program Files (x86)\Guild Wars 22013-07-24 19:35 - 2012-04-20 18:44 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\FileZilla2013-07-24 19:24 - 2012-04-07 17:00 - 00000600 _____ C:\Users\Stuart\AppData\Roaming\winscp.rnd2013-07-24 12:38 - 2012-02-24 23:50 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001Core.job2013-07-20 23:42 - 2012-03-13 14:37 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Mumble2013-07-20 23:41 - 2012-02-25 12:51 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\TS3Client2013-07-20 00:01 - 2012-04-05 18:46 - 00000003 _____ C:\Windows\System32\HRUPPROG.TXT2013-07-19 15:34 - 2013-07-19 15:34 - 00547113 _____ C:\Users\Stuart\Desktop\effectsed.zip2013-07-19 01:01 - 2012-02-26 16:22 - 00000132 _____ C:\Users\Stuart\AppData\Roaming\Adobe Targa Format CS5 Prefs2013-07-18 15:27 - 2012-02-25 11:59 - 00333880 _____ C:\Windows\DirectX.log2013-07-15 20:23 - 2013-07-15 20:23 - 16802664 _____ C:\Users\Stuart\Downloads\PLAYA+135+stems.zip2013-07-15 10:38 - 2012-02-25 12:00 - 00000000 ____D C:\Users\Stuart\Documents\My Games2013-07-15 10:37 - 2009-07-13 21:13 - 00807176 _____ C:\Windows\System32\PerfStringBackup.INI2013-07-12 20:57 - 2012-02-24 23:52 - 00002370 _____ C:\Users\Stuart\Desktop\Google Chrome.lnk2013-07-12 12:33 - 2012-02-24 23:50 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001UA2013-07-12 12:33 - 2012-02-24 23:50 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001Core2013-07-11 12:56 - 2013-07-11 12:56 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk2013-07-11 12:52 - 2013-07-11 12:52 - 22716480 _____ (ArenaNet) C:\Users\Stuart\Downloads\Gw2Setup.exe2013-07-10 10:46 - 2009-07-13 20:45 - 04905912 _____ C:\Windows\System32\FNTCACHE.DAT2013-07-10 10:43 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal2013-07-10 10:43 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender2013-07-10 10:43 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-07-10 01:48 - 2012-02-25 00:02 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-07-10 01:46 - 2012-03-17 12:57 - 00000000 ____D C:\ProgramData\Microsoft Help2013-07-09 21:33 - 2012-03-23 22:07 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Mozilla2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\ProgramData\ATI2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\Program Files (x86)\AMD AVT2013-07-09 13:56 - 2012-02-24 23:43 - 00000000 ____D C:\ProgramData\AMD2013-07-09 13:56 - 2012-02-24 23:42 - 00000000 ____D C:\Program Files\ATI Technologies2013-07-09 13:44 - 2013-07-09 13:43 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Stuart\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe2013-07-09 13:41 - 2013-07-09 13:41 - 00000000 ____D C:\Users\Stuart\AppData\Local\Red 5 Studios2013-07-09 13:40 - 2013-07-09 13:40 - 00000000 ____D C:\Users\Stuart\Documents\Firefall2013-07-09 12:40 - 2013-07-09 12:40 - 00002346 _____ C:\Users\Public\Desktop\Play Firefall.lnk2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Xiph.Org2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Red 5 Studios2013-07-09 11:50 - 2012-03-01 14:46 - 00000000 ___HD C:\Windows\msdownld.tmp2013-07-09 11:50 - 2012-03-01 14:46 - 00000000 ____D C:\Windows\SysWOW64\directx2013-07-09 11:49 - 2013-07-09 11:49 - 17830272 _____ C:\Users\Stuart\Downloads\FirefallInstaller.exe2013-07-08 12:35 - 2013-05-17 18:29 - 00000000 ____D C:\Users\Stuart\AppData\Local\Spotify2013-07-04 09:29 - 2013-07-04 09:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-07-04 09:29 - 2013-03-13 14:05 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk2013-06-30 13:59 - 2012-12-22 20:53 - 00000132 _____ C:\Users\Stuart\AppData\Roaming\Adobe PNG Format CS5 Prefs2013-06-30 13:53 - 2012-02-24 23:54 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Adobe2013-06-30 13:47 - 2013-06-30 13:47 - 00151312 ____H C:\Windows\SysWOW64\mlfcache.dat2013-06-30 13:47 - 2013-06-30 13:47 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 ZeroAccess:C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess:C:\Windows\assembly\GAC_64\Desktop.ini Files to move or delete:====================C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exeC:\Users\Stuart\flashplayer.exeC:\Users\Stuart\iexplore.exeC:\Users\Stuart\java.exeC:\Users\Stuart\spoolsv.exeC:\Users\Stuart\AppData\Roaming\skype.datC:\Users\Stuart\AppData\Roaming\skype.iniC:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitC:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-25 18:06:29 ==================== Memory info =========================== Percentage of memory in use: 11%Total physical RAM: 5887.3 MBAvailable physical RAM: 5181.11 MBTotal Pagefile: 5885.45 MBAvailable Pagefile: 5176.56 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:25.54 GB) NTFS (Disk=1 Partition=1)Drive e: (Plantronics GameCom 780) (CDROM) (Total:0.04 GB) (Free:0 GB) UDFDrive g: () (Removable) (Total:1.86 GB) (Free:0.14 GB) FAT (Disk=2 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: () (Fixed) (Total:283.4 GB) (Free:283.29 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 151CF980)Partition 2: (Active) - (Size=283 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 298 GB) (Disk ID: 62EEAD3C)Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 2 GB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-07-23 01:14 ==================== End Of Log ============================
  4. bigstu
    I have the FBI Ransom Moneypak Virus which is locking me out of my computer. I've attempted to get to the desktop in Safe Mode with Networking and Safe Mode with Command Prompt, but it forces a computer reboot before I can even see the desktop. The computer does not reboot when I start it up normally, only in safe mode. The computer system is also windows 7. Since I can't enter safe mode I'm not sure how to go about solving this issue. Any help or advice you guys can offer me would be extremely appreciated!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.