Jump to content

tommytuc1

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. hi I have been reading a lot of forums about helping to get rid of some randsom ware. I get a screen just after boot that say you have been downloading / watching child porn and must pay a fine. (no locked files) after running a AVG scan from usb this hasn't fixed it. I have followed the instructions above and below is my log file thanks to any one that looks or can advise me on how to get rid of it thanks Tommy Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014 01 Ran by SYSTEM on MININT-A96TNNO on 11-06-2014 22:13:01 Running from G:\ Platform: Windows 7 Professional (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-02] (Advanced Micro Devices, Inc.) HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.) HKLM\...\Run: [uSCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation) HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.) HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-03] (Sonic Solutions) HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-01] () HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated) HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-21] (Adobe Systems Incorporated) HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.) HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.) HKLM\...\Run: [DLCICATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll [73728 2006-10-20] () HKLM\...\Run: [dlcimon.exe] => C:\Program Files\Dell AIO Printer 946\dlcimon.exe [435080 2006-12-07] (Dell) HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell Fax Solutions\fm3032.exe [312200 2006-12-07] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-20] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM\...\Run: [vProt] => C:\Program Files\AVG Nation toolbar\vprot.exe [2556744 2014-04-27] () HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] () HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-19] () HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.) HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\adults\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-05] (Google Inc.) HKU\adults\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-12-05] (TomTom) HKU\adults\...\Run: [Google Update] => C:\Users\adults\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-21] (Google Inc.) HKU\adults\...\Run: [AdobeBridge] => [X] HKU\adults\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\adults\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 71077d55925e47d1908b6d791d2bfde0-86dcb60432a8c5c781ce7df8a93fe15c89a06ada --CMPID 0913b HKU\adults\...\Run: [spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) HKU\adults\...\Run: [backgroundContainer] => "C:\Windows\system32\Rundll32.exe" "C:\Users\adults\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION HKU\adults\...\Run: [DellSystemDetect] => C:\Users\adults\AppData\Local\Apps\2.0\3YLVBEHN.964\TX3G8C2J.BX4\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-03-09] (Dell) HKU\adults\...\Run: [JumiController] => C:\Program Files\Jumi\jumi.exe [3665408 2014-02-23] (Jumi Technologies) HKU\adults\...\Policies\system: [LogonHoursAction] 2 HKU\adults\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\home\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\home\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-05] (Google Inc.) HKU\home\...\Run: [searchProtect] => C:\Users\home\AppData\Roaming\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit) HKU\home\...\Policies\system: [LogonHoursAction] 2 HKU\home\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\adults\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1lsznrj.lnk ShortcutTarget: 1lsznrj.lnk -> C:\ProgramData\jrnzsl1.cpp\jrnzsl1.cpp (Microsoft Corporation) Startup: C:\Users\adults\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\adults\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk ShortcutTarget: explorer.lnk -> C:\ProgramData\AAC1AB089BED67B21BF70EDB56F837C5\gjdorfflq.cpp () Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1lsznrj.lnk ShortcutTarget: 1lsznrj.lnk -> C:\ProgramData\jrnzsl1.cpp\jrnzsl1.cpp (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-3443526602-2935257622-3521896687-1001\User: Group Policy restriction detected <======= ATTENTION ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-19] (AVG Technologies CZ, s.r.o.) S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) S2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.) S2 dlci_device; C:\Windows\system32\dlcicoms.exe [537480 2006-12-07] ( ) S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-03] (Sonic Solutions) S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-03] (Sonic Solutions) S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () S2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.) S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1793536 2014-04-27] (AVG Secure Search) S2 Winmgmt; C:\ProgramData\jrnzsl1.cpp\jrnzsl1.cpp [124842 2014-04-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-24] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-19] (AVG Technologies CZ, s.r.o.) S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-22] (AVG Technologies CZ, s.r.o.) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-06-30] (AVG Technologies CZ, s.r.o.) S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-22] (AVG Technologies CZ, s.r.o.) S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2014-04-15] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-27] (AVG Technologies) S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [86016 2010-02-10] (Broadcom Corporation) S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [13112 2010-06-03] (Windows ® Win 7 DDK provider) S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) S1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [358008 2014-05-15] () S2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) S3 vpnrab; system32\DRIVERS\vpnrab.sys [X] S3 vpntcpt; system32\DRIVERS\vpntcpt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-11 22:12 - 2014-06-11 22:13 - 00000000 ____D () C:\FRST 2014-06-11 12:43 - 2014-06-11 13:07 - 00013421 _____ () C:\ProgramData\RUNDLL32.EXE-4928-F.txt 2014-06-11 10:05 - 2014-06-11 10:06 - 00000302 _____ () C:\ProgramData\RUNDLL32.EXE-3320-F.txt 2014-06-11 10:02 - 2014-06-11 10:04 - 00001270 _____ () C:\ProgramData\RUNDLL32.EXE-5668-F.txt 2014-06-11 09:54 - 2014-06-11 09:58 - 00002857 _____ () C:\ProgramData\RUNDLL32.EXE-4696-F.txt 2014-06-11 09:54 - 2014-06-11 09:54 - 00000000 ____D () C:\ProgramData\AAC1AB089BED67B21BF70EDB56F837C5 2014-06-11 03:32 - 2014-06-11 03:32 - 00010884 ____N () C:\Users\adults\Desktop\fcccc.TIF 2014-06-10 22:08 - 2014-06-10 22:08 - 00000000 ____D () C:\Users\adults\AppData\Local\{2F3E01B8-C1FA-45A7-BB90-811D235B19A8} 2014-06-06 21:59 - 2014-06-06 21:59 - 00000288 _____ () C:\Users\adults\Desktop\Messages Molly Lines.url 2014-06-05 08:16 - 2014-06-05 08:16 - 00000000 ____D () C:\Users\adults\AppData\Local\{A8BF993C-8354-4BD2-9BE2-234BEB21881A} 2014-06-04 14:16 - 2014-06-04 14:16 - 00000000 ____D () C:\Users\adults\AppData\Local\{AE107AF7-1AD6-41A1-8F85-ADCF7AE01CF2} 2014-06-04 10:05 - 2014-06-04 10:05 - 00000328 _____ () C:\Users\adults\Desktop\CD Drive - Shortcut.lnk 2014-05-31 00:30 - 2014-05-31 00:30 - 00001419 _____ () C:\Users\adults\Desktop\happy turkey meatloaf.txt 2014-05-25 06:24 - 2014-05-25 06:24 - 00123512 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys 2014-05-23 10:59 - 2014-05-23 10:59 - 00000000 ____D () C:\Users\adults\AppData\Local\{701205EE-0985-4D29-8ADD-A9164EA32A8A} 2014-05-19 07:48 - 2014-05-19 07:48 - 00002345 _____ () C:\Users\adults\Desktop\Mysteries of Neverville - The Runestone of Light.lnk 2014-05-19 03:38 - 2014-05-19 03:38 - 00000000 ____D () C:\Users\adults\AppData\Local\{8842F6F9-931F-4CCA-9CC8-E46E071898B5} 2014-05-14 10:51 - 2014-05-14 10:51 - 00000000 ____D () C:\Users\adults\AppData\Local\{CDAABD6D-7DCD-48B4-8FBC-A0CE1D4379EB} 2014-05-13 18:02 - 2014-05-13 18:02 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-13 09:21 - 2014-05-13 09:21 - 00000000 ____D () C:\Users\adults\AppData\Local\{83786CF5-3256-4DCD-95D1-06ECA32A1585} ==================== One Month Modified Files and Folders ======= 2014-06-11 22:13 - 2014-06-11 22:12 - 00000000 ____D () C:\FRST 2014-06-11 13:34 - 2013-11-01 03:34 - 00000000 ____D () C:\Users\adults\Downloads\usbflash 2014-06-11 13:07 - 2014-06-11 12:43 - 00013421 _____ () C:\ProgramData\RUNDLL32.EXE-4928-F.txt 2014-06-11 13:07 - 2012-04-09 12:03 - 00000000 ___RD () C:\Users\adults\Dropbox 2014-06-11 13:07 - 2009-07-13 20:55 - 01819283 _____ () C:\Windows\WindowsUpdate.log 2014-06-11 13:05 - 2014-01-21 15:31 - 00006569 _____ () C:\Jumi.Log.Run 2014-06-11 12:56 - 2011-06-21 10:46 - 00000000 ____D () C:\Users\adults\AppData\Local\Temp 2014-06-11 12:50 - 2009-07-13 20:34 - 00014256 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-11 12:50 - 2009-07-13 20:34 - 00014256 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-11 12:48 - 2014-04-30 20:25 - 00000000 ____D () C:\Users\adults\AppData\Roaming\DropboxMaster 2014-06-11 12:48 - 2012-04-09 12:00 - 00000000 ____D () C:\Users\adults\AppData\Roaming\Dropbox 2014-06-11 12:43 - 2014-01-21 15:31 - 00004465 ____N () C:\Jumi.Log 2014-06-11 12:42 - 2011-06-21 10:47 - 00000000 _____ () C:\Users\adults\AppData\Local\WavXMapDrive.bat 2014-06-11 12:42 - 2009-07-13 20:39 - 00085775 _____ () C:\Windows\setupact.log 2014-06-11 10:06 - 2014-06-11 10:05 - 00000302 _____ () C:\ProgramData\RUNDLL32.EXE-3320-F.txt 2014-06-11 10:04 - 2014-06-11 10:02 - 00001270 _____ () C:\ProgramData\RUNDLL32.EXE-5668-F.txt 2014-06-11 09:58 - 2014-06-11 09:54 - 00002857 _____ () C:\ProgramData\RUNDLL32.EXE-4696-F.txt 2014-06-11 09:57 - 2011-06-21 12:12 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-11 09:54 - 2014-06-11 09:54 - 00000000 ____D () C:\ProgramData\AAC1AB089BED67B21BF70EDB56F837C5 2014-06-11 08:59 - 2011-06-21 10:21 - 00000000 ____D () C:\Users\home\AppData\Local\Temp 2014-06-11 08:58 - 2011-06-21 10:21 - 00000000 _____ () C:\Users\home\AppData\Local\WavXMapDrive.bat 2014-06-11 03:32 - 2014-06-11 03:32 - 00010884 ____N () C:\Users\adults\Desktop\fcccc.TIF 2014-06-10 23:19 - 2011-06-21 10:21 - 00000000 ____D () C:\users\home 2014-06-10 22:08 - 2014-06-10 22:08 - 00000000 ____D () C:\Users\adults\AppData\Local\{2F3E01B8-C1FA-45A7-BB90-811D235B19A8} 2014-06-10 18:08 - 2011-06-29 14:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-10 18:07 - 2013-08-15 18:02 - 00000000 ____D () C:\Windows\System32\MRT 2014-06-10 18:02 - 2011-06-21 13:20 - 92708840 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-06-10 09:34 - 2014-05-11 00:00 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-06 21:59 - 2014-06-06 21:59 - 00000288 _____ () C:\Users\adults\Desktop\Messages Molly Lines.url 2014-06-06 12:14 - 2011-06-22 13:32 - 00000000 ____D () C:\Users\adults\AppData\Roaming\BitTorrent 2014-06-06 10:48 - 2011-07-06 14:06 - 00000000 ____D () C:\Users\adults\Documents\ConvertXtoDVD 2014-06-06 09:35 - 2012-01-16 12:47 - 00000000 ____D () C:\Program Files\Dl_cats 2014-06-05 08:16 - 2014-06-05 08:16 - 00000000 ____D () C:\Users\adults\AppData\Local\{A8BF993C-8354-4BD2-9BE2-234BEB21881A} 2014-06-04 14:16 - 2014-06-04 14:16 - 00000000 ____D () C:\Users\adults\AppData\Local\{AE107AF7-1AD6-41A1-8F85-ADCF7AE01CF2} 2014-06-04 10:05 - 2014-06-04 10:05 - 00000328 _____ () C:\Users\adults\Desktop\CD Drive - Shortcut.lnk 2014-06-01 02:34 - 2011-06-27 01:22 - 00000000 ____D () C:\Windows\System32\Adobe 2014-06-01 02:32 - 2011-01-18 17:53 - 00234904 _____ () C:\Windows\PFRO.log 2014-05-31 00:30 - 2014-05-31 00:30 - 00001419 _____ () C:\Users\adults\Desktop\happy turkey meatloaf.txt 2014-05-25 06:24 - 2014-05-25 06:24 - 00123512 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys 2014-05-25 03:53 - 2014-02-17 08:15 - 00000000 ____D () C:\Users\home\AppData\Roaming\DivX 2014-05-23 10:59 - 2014-05-23 10:59 - 00000000 ____D () C:\Users\adults\AppData\Local\{701205EE-0985-4D29-8ADD-A9164EA32A8A} 2014-05-20 15:30 - 2012-06-09 01:37 - 00000000 ____D () C:\users\Default 2014-05-19 07:48 - 2014-05-19 07:48 - 00002345 _____ () C:\Users\adults\Desktop\Mysteries of Neverville - The Runestone of Light.lnk 2014-05-19 07:47 - 2014-05-10 22:45 - 00000000 ____D () C:\Program Files\Oberon Media SIDR 2014-05-19 03:38 - 2014-05-19 03:38 - 00000000 ____D () C:\Users\adults\AppData\Local\{8842F6F9-931F-4CCA-9CC8-E46E071898B5} 2014-05-19 02:16 - 2011-07-06 14:00 - 00000671 _____ () C:\Users\adults\AppData\Roaming\vso_ts_preview.xml 2014-05-19 02:16 - 2011-07-06 13:59 - 00000000 ____D () C:\Users\adults\AppData\Roaming\Vso 2014-05-18 09:45 - 2011-06-27 00:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-05-15 04:16 - 2011-06-27 00:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-05-14 10:51 - 2014-05-14 10:51 - 00000000 ____D () C:\Users\adults\AppData\Local\{CDAABD6D-7DCD-48B4-8FBC-A0CE1D4379EB} 2014-05-13 18:02 - 2014-05-13 18:02 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-05-13 13:56 - 2012-06-06 07:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2014-05-13 13:56 - 2011-07-19 23:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-05-13 09:21 - 2014-05-13 09:21 - 00000000 ____D () C:\Users\adults\AppData\Local\{83786CF5-3256-4DCD-95D1-06ECA32A1585} Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.125060.dll Some content of TEMP: ==================== C:\Users\adults\AppData\Local\Temp\CmdLineExt03.dll C:\Users\adults\AppData\Local\Temp\DivXSetup.exe C:\Users\adults\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp40kfhr.dll C:\Users\adults\AppData\Local\Temp\eltth.dll C:\Users\adults\AppData\Local\Temp\InnoTab_GB_Eng_Setup.exe C:\Users\adults\AppData\Local\Temp\JumiAutoUpdateAgent.exe C:\Users\adults\AppData\Local\Temp\nppvw.dll C:\Users\adults\AppData\Local\Temp\nscA995.exe C:\Users\adults\AppData\Local\Temp\nscB970.exe C:\Users\adults\AppData\Local\Temp\nscE9EF.exe C:\Users\adults\AppData\Local\Temp\nss5E18.exe C:\Users\adults\AppData\Local\Temp\nsx2588.exe C:\Users\adults\AppData\Local\Temp\SPStub.exe C:\Users\home\AppData\Local\Temp\CmdLineExt03.dll C:\Users\home\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\home\AppData\Local\Temp\MSNE8CA.exe C:\Users\home\AppData\Local\Temp\SIntf16.dll C:\Users\home\AppData\Local\Temp\SIntf32.dll C:\Users\home\AppData\Local\Temp\SIntfNT.dll C:\Users\home\AppData\Local\Temp\ZDATAI51.DLL C:\Users\home\AppData\Local\Temp\_WUTL951.DLL ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-05-25 10:00:36 Restore point made on: 2014-06-01 10:00:35 Restore point made on: 2014-06-08 10:00:46 Restore point made on: 2014-06-09 07:00:38 Restore point made on: 2014-06-10 18:00:48 ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 2045.55 MB Available physical RAM: 1581.29 MB Total Pagefile: 2045.55 MB Available Pagefile: 1586.23 MB Total Virtual: 2047.88 MB Available Virtual: 1948.62 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:222.42 GB) (Free:86.81 GB) NTFS Drive d: (Photos and Films) (Fixed) (Total:149.01 GB) (Free:94.95 GB) NTFS Drive g: () (Removable) (Total:1.88 GB) (Free:1.26 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:10.29 GB) (Free:5.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 48000000) Partition 1: (Not Active) - (Size=118 MB) - (Type=DE) Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 1978CDB2) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 2 GB) (Disk ID: 018DCB92) Partition 1: (Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2014-06-07 15:27 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.