Jump to content

Windows 7 64-bit Home Premium FBI Malware Scam

Ajsewell
 Share

Recommended Posts

Ajsewell

Ajsewell

Posted
Posted

My windows 7 64 bit home premium computer has been infected with that FBI malware scam virus and I can't even access safe mode. Right now I'm in an iPad though I do have an extra computer I could use for USB flash drive downloads. Help would be much appreciated.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, here's how we deal with that malware:

  1. Please download Farbar Recovery Scan Tool and save it to a flash drive.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Plug the flash drive into the infected PC.
  2. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
    If you are using Vista or Windows 7 enter System Recovery Options.
    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

[*]On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
      Select Command Prompt
      Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Link to post
Share on other sites
Ajsewell

Ajsewell

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01

Ran by SYSTEM on 11-05-2013 21:05:25

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)

HKLM\...\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2278504 2011-10-13] (Realtek Semiconductor)

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()

HKLM\...\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide [3006240 2012-03-12] ()

HKLM\...\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [3603152 2013-04-15] (COMODO)

HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)

HKLM\...\Winlogon: [shell] regsvr32 /n /i /s "C:\Users\Owner\AppData\Local\cdrlodt.omu" [x ] ()

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3c42eb883e76c42fe757e3ec8d556822\n. ATTENTION! ====> ZeroAccess

HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] "H:\Drivers\Video Card Drivers\Catalyst 13.1\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2011-12-19] (ASUS)

HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [107816 2010-08-20] (CyberLink)

HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [802136 2013-05-03] (BitTorrent Inc.)

HKU\Owner\...\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" [x]

HKU\Owner\...\Run: [ASRockXTU] [x]

HKU\Owner\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [4032968 2012-11-06] (Binary Fortress Software)

AppInit_DLLs: C:\Windows\system32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\ctfmon.lnk

ShortcutTarget: ctfmon.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ygoqyt.exe ()

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ygoqyt.exe ()

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (No File)

==================== Services (Whitelisted) =================

S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)

S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5784472 2013-04-24] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158928 2013-04-15] (COMODO)

S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()

S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()

S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-15] (Alcatel-Lucent)

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-16] ()

S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()

==================== Drivers (Whitelisted) ====================

S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)

S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)

S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-04-15] (COMODO)

S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [706560 2013-04-15] (COMODO)

S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-04-15] (COMODO)

S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)

S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()

S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()

S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-04-25] (COMODO)

S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S3 RTCore64; H:\Utilites\Afterburner\MSI Afterburner\RTCore64.sys [13368 2012-11-19] ()

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-05-11] ()

S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]

S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

S1 smndpktw; \??\C:\Windows\system32\drivers\smndpktw.sys [x]

S1 uzabbxyr; \??\C:\Windows\system32\drivers\uzabbxyr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-11 21:05 - 2013-05-11 21:05 - 00000000 ____D C:\FRST

2013-05-11 15:21 - 2013-05-11 15:21 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp

2013-05-11 10:10 - 2013-05-11 10:10 - 00055808 ____A C:\Users\Owner\AppData\Local\cdrlodt.omu

2013-05-11 10:10 - 2013-05-11 10:10 - 00055808 ____A C:\ProgramData\rfyue.cvi

2013-05-10 18:58 - 2013-05-10 18:58 - 00002261 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-05-10 18:52 - 2013-05-11 15:21 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-10 18:52 - 2013-05-11 09:57 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-10 18:52 - 2013-05-10 18:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Google

2013-05-10 18:52 - 2013-05-10 18:58 - 00000000 ____D C:\Program Files (x86)\Google

2013-05-10 18:51 - 2013-05-10 18:52 - 00781768 ____A (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe

2013-05-07 16:30 - 2013-05-07 16:30 - 00000000 ____A C:\cookies.sqlite

2013-05-04 19:32 - 2013-05-04 19:32 - 00000699 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2013-05-04 19:27 - 2013-05-04 19:27 - 00000000 ____D C:\Users\Owner\Documents\Nexus Mod Manager

2013-05-04 19:11 - 2013-05-10 19:00 - 1137194083 ____A C:\Windows\MEMORY.DMP

2013-05-04 19:11 - 2013-05-04 19:11 - 00279760 ____A C:\Windows\Minidump\050413-28719-01.dmp

2013-05-02 17:22 - 2013-05-02 17:37 - 00000000 ____D C:\Users\Owner\Downloads\Ultimate

2013-05-02 16:07 - 2013-05-11 08:51 - 00000000 ____D C:\Users\Owner\AppData\Local\Game Dev Tycoon

2013-05-01 13:16 - 2013-05-01 14:31 - 00000000 ____D C:\Users\Owner\Downloads\YogCraft

2013-04-28 13:56 - 2013-04-30 16:44 - 00000000 ____D C:\Users\Owner\Downloads\High Voltage Server 1.01

2013-04-28 10:34 - 2013-04-28 10:34 - 00000000 ____D C:\Users\Owner\Downloads\USBXTAFGUI_v44

2013-04-23 13:53 - 2013-04-23 13:53 - 00000000 ____D C:\Windows\pss

2013-04-22 13:47 - 2013-04-22 13:47 - 00000000 ____D C:\Users\Owner\Documents\My Cheat Tables

2013-04-21 09:33 - 2013-04-21 09:33 - 00000000 ____D C:\Users\Owner\Documents\Klei

2013-04-20 12:43 - 2013-05-04 19:30 - 00000000 ____D C:\Users\Owner\Documents\my games

2013-04-20 12:09 - 2013-04-20 12:09 - 00000000 ____D C:\Users\Owner\Documents\School Stuff

2013-04-20 10:23 - 2013-04-20 10:23 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-20 10:23 - 2013-04-04 02:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-04-20 10:23 - 2013-04-04 02:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-04-20 10:23 - 2013-04-04 02:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-04-15 16:07 - 2013-04-15 16:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Intel_Corporation

2013-04-15 15:56 - 2013-03-22 17:02 - 07558640 ____A (Intel Corporation) C:\Windows\System32\GfxUIEx.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00745968 ____A (Intel Corporation) C:\Windows\System32\GfxUIHotKeyMenu.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00534000 ____A (Intel Corporation) C:\Windows\System32\DPTopologyApp.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00529392 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00441840 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00407536 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00397808 ____A (Intel Corporation) C:\Windows\System32\CustomModeApp.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00279024 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00250864 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00185840 ____A (Intel Corporation) C:\Windows\System32\difx64.exe

2013-04-15 15:56 - 2013-03-22 17:02 - 00165872 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe

2013-04-15 15:56 - 2013-03-19 20:37 - 00442368 ____A (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys

2013-04-15 15:56 - 2013-03-19 20:37 - 00109056 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v3071.dll

2013-04-15 15:56 - 2013-03-19 20:37 - 00015360 ____A (Intel® Corporation) C:\Windows\System32\IntcDAuC.dll

2013-04-15 15:56 - 2013-03-19 20:35 - 00017502 ____A C:\Windows\System32\iglhxs64.vp

2013-04-15 15:56 - 2013-03-19 20:34 - 01758208 ____A (Intel Corporation) C:\Windows\System32\igdrcl64.dll

2013-04-15 15:56 - 2013-03-19 20:33 - 01631744 ____A (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll

2013-04-15 15:56 - 2013-03-19 20:33 - 00322560 ____A (Intel Corporation) C:\Windows\System32\igdbcl64.dll

2013-04-15 15:56 - 2013-03-19 20:33 - 00279040 ____A (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll

2013-04-15 15:56 - 2013-03-19 20:33 - 00258560 ____A (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll

2013-04-15 15:56 - 2013-03-19 20:33 - 00203264 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll

2013-04-15 15:56 - 2013-03-19 20:32 - 24283136 ____A C:\Windows\System32\igdfcl64.dll

2013-04-15 15:56 - 2013-03-19 20:32 - 09362944 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll

2013-04-15 15:56 - 2013-03-19 20:32 - 07861760 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll

2013-04-15 15:56 - 2013-03-19 20:32 - 05528576 ____A (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll

2013-04-15 15:56 - 2013-03-19 20:32 - 00240640 ____A C:\Windows\SysWOW64\igdde32.dll

2013-04-15 15:56 - 2013-03-19 20:32 - 00103936 ____A C:\Windows\SysWOW64\igdail32.dll

2013-04-15 15:56 - 2013-03-19 20:31 - 09802240 ____A (Intel Corporation) C:\Windows\System32\igd10iumd64.dll

2013-04-15 15:56 - 2013-03-19 20:31 - 08647680 ____A (Intel Corporation) C:\Windows\System32\igdumdim64.dll

2013-04-15 15:56 - 2013-03-19 20:31 - 07093248 ____A (Intel Corporation) C:\Windows\System32\ig7icd64.dll

2013-04-15 15:56 - 2013-03-19 20:31 - 04534784 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys

2013-04-15 15:56 - 2013-03-19 20:31 - 00286720 ____A C:\Windows\System32\igdde64.dll

2013-04-15 15:56 - 2013-03-19 20:31 - 00117760 ____A C:\Windows\System32\igdail64.dll

2013-04-15 15:56 - 2013-03-19 20:29 - 19586560 ____A C:\Windows\SysWOW64\igdfcl32.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 08901632 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 03988480 ____A (Microsoft) C:\Windows\System32\MetroIntelGenericUIFramework.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 02384896 ____A C:\Windows\System32\GfxRes.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 00443904 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00443904 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00443392 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00443392 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00442880 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00442880 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00442880 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00442880 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00442368 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00442368 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00442368 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00441856 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00441856 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00441856 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00441856 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00441344 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00441344 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00440832 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00440832 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00440832 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00440320 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00440320 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00434176 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00432640 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00430592 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00430080 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00348160 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 00345600 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 00288256 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc

2013-04-15 15:56 - 2013-03-19 20:27 - 00256973 ____A C:\Windows\System32\Gfxres.th-TH.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00243062 ____A C:\Windows\System32\Gfxres.el-GR.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00225909 ____A C:\Windows\System32\Gfxres.ru-RU.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00192779 ____A C:\Windows\System32\Gfxres.ar-SA.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00191488 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 00189982 ____A C:\Windows\System32\Gfxres.ja-JP.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00184704 ____A C:\Windows\System32\Gfxres.he-IL.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00173641 ____A C:\Windows\System32\Gfxres.it-IT.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00173255 ____A C:\Windows\System32\Gfxres.ko-KR.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00171308 ____A C:\Windows\System32\Gfxres.es-ES.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00170949 ____A C:\Windows\System32\Gfxres.fr-FR.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00170868 ____A C:\Windows\System32\Gfxres.de-DE.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00169419 ____A C:\Windows\System32\Gfxres.ro-RO.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00168766 ____A C:\Windows\System32\Gfxres.tr-TR.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00168624 ____A C:\Windows\System32\Gfxres.hu-HU.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00168145 ____A C:\Windows\System32\Gfxres.pl-PL.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00167827 ____A C:\Windows\System32\Gfxres.nl-NL.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00167279 ____A C:\Windows\System32\Gfxres.pt-BR.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00166207 ____A C:\Windows\System32\Gfxres.fi-FI.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00166115 ____A C:\Windows\System32\Gfxres.sk-SK.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00165888 ____A C:\Windows\System32\Gfxres.pt-PT.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00165805 ____A C:\Windows\System32\Gfxres.sv-SE.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00165389 ____A C:\Windows\System32\Gfxres.cs-CZ.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00164428 ____A C:\Windows\System32\Gfxres.hr-HR.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00161093 ____A C:\Windows\System32\Gfxres.sl-SI.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00160055 ____A C:\Windows\System32\Gfxres.nb-NO.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00159440 ____A C:\Windows\System32\Gfxres.da-DK.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00154905 ____A C:\Windows\System32\Gfxres.en-US.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00148171 ____A C:\Windows\System32\Gfxres.zh-TW.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00146480 ____A C:\Windows\System32\Gfxres.zh-CN.resources

2013-04-15 15:56 - 2013-03-19 20:27 - 00140288 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 00124928 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl

2013-04-15 15:56 - 2013-03-19 20:27 - 00029184 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 00025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll

2013-04-15 15:56 - 2013-03-19 20:27 - 00012288 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 03511296 ____A (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 03121152 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 02813952 ____A C:\Windows\System32\iglhxa64.cpa

2013-04-15 15:56 - 2013-03-19 20:25 - 01040384 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00931840 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00861184 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00856576 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00575488 ____A (Intel Corporation) C:\Windows\System32\igfx11cmrt64.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00542720 ____A (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00216064 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00180224 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00064000 ____A (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD64.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00060416 ____A (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll

2013-04-15 15:56 - 2013-03-19 20:25 - 00044025 ____A C:\Windows\System32\iglhxo64.vp

2013-04-15 15:56 - 2013-03-19 20:25 - 00043816 ____A C:\Windows\System32\iglhxc64_dev.vp

2013-04-15 15:56 - 2013-03-19 20:25 - 00043494 ____A C:\Windows\System32\iglhxc64.vp

2013-04-15 15:56 - 2013-03-19 20:25 - 00043298 ____A C:\Windows\System32\iglhxg64_dev.vp

2013-04-15 15:56 - 2013-03-19 20:25 - 00043256 ____A C:\Windows\System32\iglhxg64.vp

2013-04-15 15:56 - 2013-03-19 20:25 - 00042079 ____A C:\Windows\System32\iglhxo64_dev.vp

2013-04-15 15:56 - 2013-03-19 20:25 - 00001125 ____A C:\Windows\System32\iglhxa64.vp

2013-04-15 15:56 - 2013-03-19 20:24 - 03401728 ____A (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll

2013-04-15 15:56 - 2013-03-19 20:23 - 04359168 ____A (Intel Corporation) C:\Windows\System32\igdusc64.dll

2013-04-12 16:42 - 2013-04-12 16:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\LolClient

2013-04-12 15:36 - 2008-07-12 05:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2013-04-12 15:36 - 2008-07-12 05:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2013-04-12 15:36 - 2008-07-12 05:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

==================== One Month Modified Files and Folders =======

2013-05-11 21:05 - 2013-05-11 21:05 - 00000000 ____D C:\FRST

2013-05-11 15:21 - 2013-05-11 15:21 - 00094656 ____A (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp

2013-05-11 15:21 - 2013-05-10 18:52 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-11 15:21 - 2012-12-27 04:53 - 00034752 ____A C:\Windows\System32\Drivers\WPRO_41_2001.sys

2013-05-11 15:20 - 2012-08-21 00:10 - 00416982 ____A C:\Windows\PFRO.log

2013-05-11 15:20 - 2012-08-20 06:51 - 00030796 ____A C:\Windows\setupact.log

2013-05-11 15:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-11 10:10 - 2013-05-11 10:10 - 00055808 ____A C:\Users\Owner\AppData\Local\cdrlodt.omu

2013-05-11 10:10 - 2013-05-11 10:10 - 00055808 ____A C:\ProgramData\rfyue.cvi

2013-05-11 10:09 - 2012-08-17 19:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox

2013-05-11 10:09 - 2012-03-03 14:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

2013-05-11 10:01 - 2012-04-05 19:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-11 09:57 - 2013-05-10 18:52 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-11 09:52 - 2012-08-17 20:01 - 00001025 ____A C:\Users\Owner\Desktop\Dropbox.lnk

2013-05-11 09:52 - 2012-08-17 20:01 - 00000000 ___RD C:\Users\Owner\Dropbox

2013-05-11 08:51 - 2013-05-02 16:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Game Dev Tycoon

2013-05-10 19:28 - 2012-05-02 16:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent

2013-05-10 19:06 - 2011-12-19 22:10 - 01662881 ____A C:\Windows\WindowsUpdate.log

2013-05-10 19:03 - 2012-12-27 04:54 - 00000600 ____A C:\lucid.log

2013-05-10 19:01 - 2012-08-14 11:42 - 00000000 ____D C:\Windows\Minidump

2013-05-10 19:00 - 2013-05-04 19:11 - 1137194083 ____A C:\Windows\MEMORY.DMP

2013-05-10 18:58 - 2013-05-10 18:58 - 00002261 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-05-10 18:58 - 2013-05-10 18:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Google

2013-05-10 18:58 - 2013-05-10 18:52 - 00000000 ____D C:\Program Files (x86)\Google

2013-05-10 18:52 - 2013-05-10 18:51 - 00781768 ____A (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe

2013-05-09 19:25 - 2012-03-04 21:00 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps

2013-05-08 18:59 - 2012-12-23 22:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc

2013-05-08 17:59 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-08 17:59 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-07 16:30 - 2013-05-07 16:30 - 00000000 ____A C:\cookies.sqlite

2013-05-07 16:29 - 2013-03-15 15:26 - 00000000 ____D C:\Users\Owner\Downloads\Gaming

2013-05-07 15:10 - 2012-11-19 10:02 - 00000000 ____D C:\Users\Owner\Desktop\Games

2013-05-05 16:42 - 2013-01-06 15:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Skyrim

2013-05-04 22:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-05-04 19:32 - 2013-05-04 19:32 - 00000699 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2013-05-04 19:30 - 2013-04-20 12:43 - 00000000 ____D C:\Users\Owner\Documents\my games

2013-05-04 19:27 - 2013-05-04 19:27 - 00000000 ____D C:\Users\Owner\Documents\Nexus Mod Manager

2013-05-04 19:11 - 2013-05-04 19:11 - 00279760 ____A C:\Windows\Minidump\050413-28719-01.dmp

2013-05-04 18:27 - 2012-02-18 10:16 - 00000000 ____D C:\ProgramData\Norton

2013-05-04 18:12 - 2012-03-03 14:34 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-04 18:12 - 2012-03-03 14:33 - 00000000 ____D C:\ProgramData\Skype

2013-05-03 20:50 - 2012-05-02 16:30 - 00000000 ____D C:\Program Files (x86)\uTorrent

2013-05-03 14:30 - 2013-03-08 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.technic

2013-05-02 18:03 - 2012-10-27 14:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft

2013-05-02 17:37 - 2013-05-02 17:22 - 00000000 ____D C:\Users\Owner\Downloads\Ultimate

2013-05-01 23:06 - 2012-02-18 09:55 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-01 14:47 - 2013-01-21 17:38 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW

2013-05-01 14:31 - 2013-05-01 13:16 - 00000000 ____D C:\Users\Owner\Downloads\YogCraft

2013-05-01 13:15 - 2013-03-15 15:26 - 00000000 ____D C:\Users\Owner\Downloads\Stuff

2013-05-01 13:13 - 2013-03-28 22:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ftblauncher

2013-04-30 16:44 - 2013-04-28 13:56 - 00000000 ____D C:\Users\Owner\Downloads\High Voltage Server 1.01

2013-04-28 10:34 - 2013-04-28 10:34 - 00000000 ____D C:\Users\Owner\Downloads\USBXTAFGUI_v44

2013-04-28 10:30 - 2009-07-13 21:13 - 00799192 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-25 13:12 - 2012-08-26 21:08 - 00000000 ____D C:\ProgramData\Adobe

2013-04-25 13:11 - 2012-04-05 19:56 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-04-25 13:11 - 2012-03-03 19:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-04-25 02:05 - 2013-01-16 16:51 - 00096800 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys

2013-04-23 13:53 - 2013-04-23 13:53 - 00000000 ____D C:\Windows\pss

2013-04-23 13:42 - 2011-12-19 22:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-04-23 06:04 - 2013-01-24 19:43 - 00437176 ____A (COMODO) C:\Windows\System32\guard64.dll

2013-04-23 06:04 - 2013-01-24 19:43 - 00348048 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll

2013-04-22 13:47 - 2013-04-22 13:47 - 00000000 ____D C:\Users\Owner\Documents\My Cheat Tables

2013-04-21 09:33 - 2013-04-21 09:33 - 00000000 ____D C:\Users\Owner\Documents\Klei

2013-04-20 12:09 - 2013-04-20 12:09 - 00000000 ____D C:\Users\Owner\Documents\School Stuff

2013-04-20 12:09 - 2012-10-01 13:04 - 00000000 ____D C:\Users\Owner\Documents\Random Shizzle

2013-04-20 10:23 - 2013-04-20 10:23 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-20 10:23 - 2012-09-04 14:23 - 00000000 ____D C:\Program Files (x86)\Java

2013-04-15 16:07 - 2013-04-15 16:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Intel_Corporation

2013-04-15 16:00 - 2011-12-19 22:13 - 00000000 ____D C:\Program Files (x86)\Intel

2013-04-15 09:38 - 2013-01-24 19:43 - 00043216 ____A (COMODO) C:\Windows\System32\cmdcsr.dll

2013-04-15 09:38 - 2013-01-24 19:42 - 00343760 ____A (COMODO) C:\Windows\System32\cmdvrt64.dll

2013-04-15 09:38 - 2013-01-24 19:42 - 00276688 ____A (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll

2013-04-15 09:38 - 2013-01-24 19:42 - 00045776 ____A (COMODO) C:\Windows\System32\cmdkbd64.dll

2013-04-15 09:38 - 2013-01-24 19:42 - 00040656 ____A (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll

2013-04-15 09:38 - 2013-01-16 16:51 - 00706560 ____A (COMODO) C:\Windows\System32\Drivers\cmdguard.sys

2013-04-15 09:38 - 2013-01-16 16:51 - 00048360 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys

2013-04-15 09:38 - 2013-01-16 16:51 - 00023168 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys

2013-04-13 16:51 - 2012-12-31 15:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer

2013-04-13 13:14 - 2012-08-21 00:48 - 00414899 ____A C:\Windows\DirectX.log

2013-04-12 16:42 - 2013-04-12 16:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\LolClient

2013-04-12 12:59 - 2009-07-13 20:45 - 00411312 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-12 12:57 - 2012-09-14 20:00 - 00000000 ____D C:\Windows\SysWOW64\WNLT

2013-04-11 12:58 - 2012-04-13 14:22 - 00000000 ____D C:\ProgramData\Blizzard Entertainment

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-1438647113-3739464098-1088250541-1001\$3c42eb883e76c42fe757e3ec8d556822

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$3c42eb883e76c42fe757e3ec8d556822

Other Malware:

===========

C:\Windows\svchost.exe

ATTENTION ====> Check for partition/boot infection.

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-09 19:17:16

==================== Memory info ===========================

Percentage of memory in use: 8%

Total physical RAM: 12183.05 MB

Available physical RAM: 11207.48 MB

Total Pagefile: 12181.2 MB

Available Pagefile: 11203.66 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:27.58 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.71 GB) NTFS (Disk=0 Partition=3)

Drive f: (FLASH DRIVE) (Removable) (Total:7.43 GB) (Free:7.43 GB) FAT32 (Disk=2 Partition=1)

Drive h: (Storage) (Fixed) (Total:931.51 GB) (Free:500.48 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3102A4B)

Partition 00: (Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=119 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 082D91E0)

Partition 1: (Not Active) - (Size=932 GB) - (Type=42)

========================================================

Disk: 2 (Size: 7 GB) (Disk ID: F7AAE397)

Partition 1: (Active) - (Size=7 GB) - (Type=0B)

Last Boot: 2013-05-07 10:00

==================== End Of Log ============================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Attachment removed...MrC

Link to post
Share on other sites
Ajsewell

Ajsewell

Posted
  • Author
Posted

It still boots into the virus screen but here is the fixlist:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2013 01

Ran by SYSTEM at 2013-05-11 21:40:07 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

HKEY_USERS\aafes\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value not found.

HKEY_USERS\aafes\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.

HKEY_USERS\aafes\Software\Microsoft\Windows\CurrentVersion\Run\\wauiz => Value not found.

C:\Users\aafes\AppData\Roaming\wauiz.dll => File/Directory not found.

C:\Users\aafes\AppData\Roaming\amsecure.exe => File/Directory not found.

C:\Users\aafes\AppData\Roaming\2433f433 => File/Directory not found.

C:\Users\aafes\Documents\2d81c129.exe => File/Directory not found.

C:\Users\aafes\Documents\2d81c129.exe => File/Directory not found.

C:\Users\aafes\58jql7k462ull.exe => File/Directory not found.

C:\Windows\Installer\{3fe1ed98-4b56-6173-9443-99dbda880a72} => File/Directory not found.

C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.

C:\Users\aafes\AppData\Local\{3fe1ed98-4b56-6173-9443-99dbda880a72} => File/Directory not found.

C:\Users\aafes\58jql7k462ull.exe => File/Directory not found.

C:\Users\aafes\acrobat.exe => File/Directory not found.

C:\Users\aafes\chrome.exe => File/Directory not found.

C:\Users\aafes\googleupdate.exe => File/Directory not found.

C:\ProgramData\lhl1.pad => File/Directory not found.

C:\ProgramData\as98213.txt => File/Directory not found.

C:\ProgramData\lhl1.js => File/Directory not found.

==== End of Fixlog ====

And I want to everything I can to protect my computer from being used by others. I dont do any banking on this machine but there are a few accounts with purchases on them. Any and all help with further protecting my computer would be appreciated although I dont really have a way to re-install my OS and I dont exactly have the funds to purchase a new copy but if that is your best recommended course of action then I will do what I can.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I'm, sorry, I uploaded the wrong fixlist.txt to you...that one was for a different computer.

Attached it the correct one.....and please read this too:

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

--------------------------------

Then run MBAR:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.

  • Open the folder where the contents were unzipped and run mbar.exe

  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.

  • Wait while the system shuts down and the cleanup process is performed.

  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, Great...it's important to follow with some additional scans because of the infect you had.

  • Download ListParts to a USB flash drive.
  • Download ListParts64 to a USB flash drive. <-----use this one
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

W7InstallDisk2.png

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.

    [*]Back in the command window ....

    • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • ListParts will start to run.
      • Press the Scan button.
      • When finished scanning it will make a log Result.txt on the flash drive.

    [*]Close the command window.

    [*]Boot back into normal mode and post me the Result.txt log please.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Looks OK, MBAR fixed it......please run this scan next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Looks Good.....

Lets check for any adware while you're here:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites
Ajsewell

Ajsewell

Posted
  • Author
Posted

Alright here's the adware cleaner log :

# AdwCleaner v2.300 - Logfile created 05/13/2013 at 20:59:27

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Owner - AJS-COMPUTER

# Boot Mode : Normal

# Running from : C:\Users\Owner\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bxp7thz9.default-1346472275158\searchplugins\MyStart Search.xml

Folder Deleted : C:\Program Files\Web Assistant

Folder Deleted : C:\ProgramData\Speedbit

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Owner\AppData\Roaming\ExpressFiles

Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ExpressFiles

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\SpeedBit

Key Deleted : HKCU\Software\WNLT

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\ExpressFiles

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SpeedBit

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Key Deleted : HKLM\SOFTWARE\Web Assistant

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16540

[OK] Registry is clean.

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bxp7thz9.default-1346472275158\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bxp7thz9.default-1346472275158\user.js ... Deleted !

Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]

Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]

Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [6757 octets] - [13/05/2013 20:59:27]

########## EOF - C:\AdwCleaner[s1].txt - [6817 octets] ##########

And here is the Security check results:

Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 37

Java 7 Update 21

Adobe Flash Player 11.7.700.169

Adobe Reader 10.1.6 Adobe Reader out of Date!

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Comodo Firewall cmdagent.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 8%

````````````````````End of Log``````````````````````

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

Java™ 6 Update 37 <------Please uninstall from add/remove programs

Java 7 Update 21 <---OK

Adobe Reader 10.1.6 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept