Jump to content

Recommended Posts

I have the FBI moneypak virus and it has infiltrated safe mode.

I ran farbar recovery and:

frst.txt returns

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013

Ran by SYSTEM at 18-01-2013 14:04:22

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()

HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)

HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-01-21] (Microsoft Corporation)

HKLM\...\Run: [syncreg] C:\Users\Rohan\AppData\Local\Microsoft\Windows\1668\Syncreg.exe [x]

HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0" [218408 2009-02-25] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [50472 2009-04-27] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-11-12] (CyberLink Corp.)

HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-07-23] ()

HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)

HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-10-21] (NEC Electronics Corporation)

HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-03-04] (Avira GmbH)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.)

HKLM-x32\...\Run: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [243544 2010-04-27] (Microsoft Corp.)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKU\Rohan\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [x]

HKU\Rohan\...\Run: [softAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe" [405504 2008-08-12] (Creative Technology Ltd)

HKU\Rohan\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)

HKU\Rohan\...\Run: [RGSC] D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]

HKU\Rohan\...\Run: [Google Update] "C:\Users\Rohan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-21] (Google Inc.)

HKU\Rohan\...\Run: [Amazon Cloud Drive] C:\Users\Rohan\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [646528 2012-11-12] ()

HKU\Rohan\...\Policies\system: [DisableTaskMgr] 1

HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-23] (Google Inc.)

HKLM\...\Policies\Explorer\Run: [52284] C:\PROGRA~3\LOCALS~1\Temp\msaeecko.scr

HKLM\...\Winlogon: [shell] explorer.exe, C:\ProgramData\phxzbypky [x ] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs: C:\Windows\system32\nvinitx.dll

Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()

Startup: C:\Users\All Users\Start Menu\Programs\Startup\SRS Premium Sound.lnk

ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

Startup: C:\Users\Rohan\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\Rohan\Start Menu\Programs\Startup\Launchy.lnk

ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()

==================== Services (Whitelisted) ===================

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-27] (Avira GmbH)

2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [269480 2011-06-28] (Avira GmbH)

2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)

2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)

3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)

2 hasplms; C:\Windows\system32\hasplms.exe -run [4889032 2011-12-30] (SafeNet Inc.)

2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [688190 2006-06-19] (National Instruments, Inc.)

2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [45056 2006-07-25] (National Instruments, Inc.)

2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [57344 2006-07-25] (National Instruments, Inc.)

3 MSCSPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [45056 2006-12-13] (Sony Corporation)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()

2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [200704 2006-07-25] (National Instruments, Inc.)

3 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2006-06-27] (Macrovision Corporation)

2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [49152 2006-02-06] (National Instruments Corp.)

4 OracleJobSchedulerXE; C:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [49152 2011-08-27] ()

3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe "OracleMTSRecoveryService" [69632 2011-08-27] (Oracle Corporation)

2 OracleServiceXE; C:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [115773440 2011-08-27] (Oracle Corporation)

3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 [12800 2011-08-27] (Oracle Corporation)

2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [512000 2011-08-27] (Oracle Corporation)

3 PACSPTISVR; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [57344 2006-12-13] ()

3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-05-26] ()

3 SonicStage Back-End Service; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe" [112184 2007-02-05] (Sony Corporation)

3 SPTISRV; "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe" [69632 2006-12-13] (Sony Corporation)

3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)

2 matlabserver; C:\MATLAB701\webserver\bin\win32\matlabserver.exe [x]

==================== Drivers (Whitelisted) =====================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [88288 2011-06-28] (Avira GmbH)

1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [123784 2011-06-28] (Avira GmbH)

2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2006-04-10] ()

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-02-03] (DT Soft Ltd)

2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)

3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-02] ()

3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )

3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800192 2009-08-20] ()

2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-08-06] ()

3 tmlwf; [x]

3 tmwfp; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-18 07:55 - 2013-01-18 07:55 - 00119296 ____A (Yzu) C:\Users\Rohan\AppData\Roaming\phxzbypky.exe

2013-01-17 21:13 - 2013-01-18 08:10 - 00119296 ____A (Yzu) C:\Users\All Users\phxzbypky.exe

2013-01-17 21:13 - 2013-01-18 07:58 - 00119296 ____A (Yzu) C:\Users\Rohan\AppData\Local\phxzbypky.exe

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Users\Rohan\Downloads\flvplayerzip

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Users\Rohan\AppData\Local\Updater21804

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Users\Rohan\AppData\Local\Coupon Companion Plugin

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Program Files (x86)\Coupon Companion Plugin

2013-01-13 21:42 - 2013-01-13 21:42 - 00635864 ____A C:\Users\Rohan\Documents\cbsidlm-tr1_10a-FLVPlayer-SEO-10413460.exe

2013-01-10 01:48 - 2013-01-10 01:49 - 00262448 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-01-09 05:47 - 2012-11-08 21:34 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-09 05:47 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-01-09 05:46 - 2012-11-29 21:50 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-01-09 05:46 - 2012-11-29 21:50 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-01-09 05:46 - 2012-11-29 21:50 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-01-09 05:46 - 2012-11-29 21:49 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-01-09 05:46 - 2012-11-29 21:46 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-01-09 05:46 - 2012-11-29 21:43 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-01-09 05:46 - 2012-11-29 21:43 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 21:06 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-01-09 05:46 - 2012-11-29 21:06 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-01-09 05:46 - 2012-11-29 21:06 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 19:33 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-01-09 05:46 - 2012-11-29 18:56 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-01-09 05:46 - 2012-11-29 18:56 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-01-09 05:46 - 2012-11-29 18:56 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-01-09 05:46 - 2012-11-29 18:56 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-01-09 05:46 - 2012-11-29 18:51 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 18:51 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 18:51 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 18:51 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-01-09 05:46 - 2012-11-29 15:21 - 00420032 ____A C:\Windows\SysWOW64\locale.nls

2013-01-09 05:46 - 2012-11-29 15:19 - 00420032 ____A C:\Windows\System32\locale.nls

2013-01-09 05:46 - 2012-11-22 19:45 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-09 05:46 - 2012-11-22 02:32 - 00801280 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-01-09 05:46 - 2012-11-22 01:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2013-01-09 05:46 - 2012-11-19 21:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-09 05:46 - 2012-11-19 21:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-01-09 05:46 - 2012-11-01 21:30 - 02001408 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-09 05:46 - 2012-11-01 21:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2013-01-09 05:46 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2013-01-09 05:46 - 2012-11-01 20:50 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2013-01-09 05:45 - 2012-12-06 21:41 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-01-09 05:45 - 2012-12-06 21:35 - 02745856 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-01-09 05:45 - 2012-12-06 21:04 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2013-01-09 05:45 - 2012-12-06 20:57 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll

2013-01-09 05:45 - 2012-12-06 19:45 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-01-09 05:45 - 2012-12-06 19:45 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs

2013-01-09 05:45 - 2012-12-06 19:21 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs

2013-01-08 07:02 - 2013-01-08 07:02 - 00002892 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2012-12-24 16:49 - 2010-06-02 01:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2012-12-24 16:49 - 2010-06-02 01:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll

2012-12-24 16:49 - 2010-06-02 01:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2012-12-24 16:49 - 2010-06-02 01:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll

2012-12-24 16:49 - 2010-06-02 01:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll

2012-12-24 16:49 - 2010-06-02 01:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2012-12-24 16:49 - 2010-05-26 08:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2012-12-24 11:48 - 2012-12-24 11:48 - 00001072 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-12-24 11:37 - 2012-12-24 11:38 - 22916830 ____A C:\Users\Rohan\Downloads\vlc-2.0.5-win32.exe

2012-12-24 10:04 - 2012-12-24 10:04 - 00234312 ____A C:\Users\Rohan\Downloads\Bodybuilding.com - The Ultimate 8-Week HIIT-For-Fat-Burning Program.htm

2012-12-24 10:04 - 2012-12-24 10:04 - 00000000 ____D C:\Users\Rohan\Downloads\Bodybuilding.com - The Ultimate 8-Week HIIT-For-Fat-Burning Program_files

2012-12-22 00:00 - 2012-12-16 08:52 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-22 00:00 - 2012-12-16 06:40 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-22 00:00 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-22 00:00 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-20 07:26 - 2012-12-20 07:26 - 00000000 __SHD C:\found.000

==================== One Month Modified Files and Folders =======

2013-01-18 08:14 - 2009-07-13 21:13 - 00786654 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-18 08:10 - 2013-01-17 21:13 - 00119296 ____A (Yzu) C:\Users\All Users\phxzbypky.exe

2013-01-18 07:58 - 2013-01-17 21:13 - 00119296 ____A (Yzu) C:\Users\Rohan\AppData\Local\phxzbypky.exe

2013-01-18 07:55 - 2013-01-18 07:55 - 00119296 ____A (Yzu) C:\Users\Rohan\AppData\Roaming\phxzbypky.exe

2013-01-18 07:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-18 07:51 - 2009-07-13 20:51 - 00074202 ____A C:\Windows\setupact.log

2013-01-17 20:30 - 2011-12-01 20:18 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572757242-1318712532-2316434650-1002UA.job

2013-01-17 20:26 - 2011-02-03 20:01 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\.purple

2013-01-17 20:24 - 2010-07-23 20:38 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-17 17:28 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-17 17:28 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-17 17:23 - 2010-07-23 20:04 - 01795538 ____A C:\Windows\WindowsUpdate.log

2013-01-17 17:21 - 2011-12-07 19:26 - 00000000 ___RD C:\Users\Rohan\Dropbox

2013-01-17 17:21 - 2011-12-07 19:25 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Dropbox

2013-01-17 17:20 - 2010-07-23 20:38 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-17 04:30 - 2011-02-15 09:55 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2013-01-16 20:25 - 2011-02-02 15:43 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\vlc

2013-01-16 11:24 - 2012-11-19 18:24 - 00000000 ____D C:\Users\Rohan\Desktop\Data_Warehouse_Toolkit__2nd_Edition__Wiley___Sons__2002_

2013-01-16 06:30 - 2011-12-01 20:18 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572757242-1318712532-2316434650-1002Core.job

2013-01-14 20:07 - 2010-07-23 20:45 - 00083966 ____A C:\Windows\PFRO.log

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Users\Rohan\Downloads\flvplayerzip

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Users\Rohan\AppData\Local\Updater21804

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Users\Rohan\AppData\Local\Coupon Companion Plugin

2013-01-13 21:43 - 2013-01-13 21:43 - 00000000 ____D C:\Program Files (x86)\Coupon Companion Plugin

2013-01-13 21:42 - 2013-01-13 21:42 - 00635864 ____A C:\Users\Rohan\Documents\cbsidlm-tr1_10a-FLVPlayer-SEO-10413460.exe

2013-01-13 21:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources

2013-01-10 15:01 - 2012-07-02 20:12 - 00000000 ____D C:\Users\Rohan\Documents\My Digital Editions

2013-01-10 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-01-10 13:48 - 2012-04-21 15:06 - 00000000 ____D C:\Users\Rohan\Documents\My eBooks

2013-01-10 07:12 - 2009-07-13 20:45 - 00436744 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-10 02:01 - 2011-04-28 19:38 - 00000000 ____D C:\Users\All Users\Microsoft Help

2013-01-10 02:01 - 2011-02-13 16:14 - 00780870 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-01-10 01:49 - 2013-01-10 01:48 - 00262448 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-01-08 08:32 - 2011-02-03 08:11 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite

2013-01-08 08:27 - 2011-02-02 05:04 - 00000000 ____D C:\users\Rohan

2013-01-08 07:08 - 2012-07-01 18:08 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-01-08 07:08 - 2011-02-02 15:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-08 07:02 - 2013-01-08 07:02 - 00002892 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2012-12-28 23:40 - 2012-08-27 20:23 - 00000000 ____D C:\Users\Rohan\Documents\Calibre Library

2012-12-25 09:35 - 2011-02-02 15:20 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\uTorrent

2012-12-24 16:48 - 2011-02-02 05:07 - 00370086 ____A C:\Windows\DirectX.log

2012-12-24 11:48 - 2012-12-24 11:48 - 00001072 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-12-24 11:38 - 2012-12-24 11:37 - 22916830 ____A C:\Users\Rohan\Downloads\vlc-2.0.5-win32.exe

2012-12-24 10:04 - 2012-12-24 10:04 - 00234312 ____A C:\Users\Rohan\Downloads\Bodybuilding.com - The Ultimate 8-Week HIIT-For-Fat-Burning Program.htm

2012-12-24 10:04 - 2012-12-24 10:04 - 00000000 ____D C:\Users\Rohan\Downloads\Bodybuilding.com - The Ultimate 8-Week HIIT-For-Fat-Burning Program_files

2012-12-22 10:30 - 2011-12-07 19:26 - 00001021 ____A C:\Users\Rohan\Desktop\Dropbox.lnk

2012-12-20 07:26 - 2012-12-20 07:26 - 00000000 __SHD C:\found.000

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2012-12-12 04:42] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-12 09:48:06

==================== Memory info ===========================

Percentage of memory in use: 16%

Total physical RAM: 3885.54 MB

Available physical RAM: 3257.68 MB

Total Pagefile: 3883.68 MB

Available Pagefile: 3242.7 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:14.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: () (Removable) (Total:0.25 GB) (Free:0.25 GB) FAT

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (DATA) (Fixed) (Total:160.49 GB) (Free:67.43 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 11 MB

Disk 1 Online 254 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 19 GB 31 KB

Partition 2 Primary 116 GB 19 GB

Partition 0 Extended 329 GB 135 GB

Partition 3 Logical 164 GB 135 GB

Partition 4 Logical 2054 MB 300 GB

Partition 5 Logical 20 GB 302 GB

Partition 6 Logical 143 GB 322 GB

==================================================================================

Disk: 0

Partition 1

Type : 1C

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C OS NTFS Partition 116 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 Y DATA NTFS Partition 164 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 82

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0

Partition 5

Type : 83

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0

Partition 6

Type : 83

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 254 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 254 MB Healthy

=========================================================

Last Boot: 2013-01-14 03:10

==================== End Of Log =============================

search.txt gave

Farbar Recovery Scan Tool (x64) Version: 15-01-2013

Ran by SYSTEM at 2013-01-18 14:07:00

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

thanks!

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2013

Ran by SYSTEM at 2013-02-09 16:06:00 Run:1

Running from F:\

==============================================

HKEY_USERS\Rohan\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.

C:\Users\Rohan\AppData\Roaming\phxzbypky.exe moved successfully.

C:\Users\All Users\phxzbypky.exe moved successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .

C:\Users\All Users\phxzbypky.exe not found.

C:\Users\Rohan\AppData\Local\phxzbypky.exe moved successfully.

C:\Users\All Users\dsgsdgdsgdsgw.js moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Users\All Users\dsgsdgdsgdsgw.js not found.

==== End of Fixlog ====

Link to post
Share on other sites

Good.......next >>>

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

windows firewall said it was not using the recommended settings, when i clicked the button to use recommended, it said: "Windows can't change some of your settings" error code 0x80070424.

Windows update installed two new updates but failed while performing a third. error code 800F0A12

system-log.txt

mbar-log-2013-02-10 (20-06-54).txt

mbar-log-2013-02-10 (21-37-09).txt

Link to post
Share on other sites

OK...next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.