Jump to content

Infected with Money pak virus


Recommended Posts

I am running Win 7 32 but and been infected with MoneyPak virus .I am getting FBi error message in Safe mode also and not able to do anything. I followed the instruction on site and run Farbar Recovery Scan Tool and please see the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2013

Ran by SYSTEM on 25-05-2013 09:24:59

Running from E:\

Windows 7 Enterprise (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet002

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey [5720072 2007-12-07] (Microsoft Corporation)

HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [161088 2011-01-12] (McAfee, Inc.)

HKLM\...\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [215360 2011-01-12] (McAfee, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [soundDrivers] "C:\ProgramData\f34rfcdsfwe.exe" [x]

HKLM\...\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)

HKLM\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [74752 2013-05-24] ()

HKLM\...\Winlogon: [shell] C:\ProgramData\DisplaySwitch.exe [x ] ()

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess

HKU\user\...\Run: [soundDrivers] "C:\ProgramData\f34rfcdsfwe.exe" [x]

Startup: C:\ProgramData\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()

========================== Services (Whitelisted) =================

S2 BBCA; C:\program files\BMC Software\BBCA\Tuner\Tuner.exe [36953 2013-05-01] (BMC Software, Inc.)

S2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [757792 2008-05-20] (Microsoft Corporation)

S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [159320 2011-03-18] (McAfee, Inc.)

S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [145936 2011-03-18] (McAfee, Inc.)

S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-08-09] (O2Micro International)

S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [249888 2008-05-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 Acceler; C:\Windows\system32\drivers\accelern.sys [44144 2011-08-09] (ST Microelectronics)

S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [82432 2008-10-30] (Broadcom Corporation)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)

S3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [39656 2011-08-09] (Broadcom Corporation)

S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

S3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2011-08-09] (Intel Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [116104 2011-03-18] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [171296 2011-03-18] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [58456 2011-03-18] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [436728 2011-03-18] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [85152 2011-03-18] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [162928 2011-03-18] (McAfee, Inc.)

S3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-14] (Intel Corporation)

S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-08-09] (O2Micro )

S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [23584 2008-05-20] (Microsoft Corporation)

S3 risdxc; C:\Windows\system32\drivers\risdxc86.sys [76288 2011-05-25] (REDC)

S3 5U877; system32\DRIVERS\5U877.sys [x]

S3 btwaudio; system32\drivers\btwaudio.sys [x]

S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]

S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]

S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]

S3 JMCR; system32\DRIVERS\jmcr.sys [x]

S3 mfeavfk01; No ImagePath

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-25 09:24 - 2013-05-25 09:24 - 00000000 ____D C:\FRST

2013-05-24 21:46 - 2013-05-24 21:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes

2013-05-24 21:43 - 2013-05-24 21:43 - 00074752 ____A C:\ProgramData\DisplaySwitch.exe

2013-05-22 20:10 - 2013-05-22 20:10 - 00000090 ____A C:\Users\user1\Desktop\raymond.txt

2013-05-17 04:20 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-17 04:20 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-17 04:20 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-17 04:20 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-17 04:20 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-17 04:20 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-17 04:20 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-17 04:20 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-17 04:20 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-17 04:20 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-17 04:20 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-17 04:20 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-17 04:20 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-17 04:20 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-17 04:17 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-17 04:17 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 20:20 - 2013-05-16 20:20 - 00003452 ____A C:\Users\user1\Desktop\toll.txt

2013-05-16 20:20 - 2013-05-16 20:20 - 00000890 ____A C:\Users\user1\Desktop\goals.txt

2013-05-16 04:08 - 2013-04-09 19:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-16 04:08 - 2013-03-18 20:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-16 04:08 - 2013-03-18 19:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-16 04:07 - 2013-04-09 21:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-16 04:07 - 2013-04-09 21:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-16 04:07 - 2013-02-26 21:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-16 04:07 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-16 04:07 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-16 04:07 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-16 04:07 - 2013-02-26 20:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-09 18:07 - 2013-05-09 18:07 - 00012096 ____A C:\Users\user1\Desktop\T&M SOW_Resource Table.xlsx

2013-05-09 18:01 - 2013-05-09 18:01 - 00012096 ____A C:\Users\user1\Desktop\Copy of SOW_Resource Table.xlsx

2013-05-09 14:16 - 2013-05-09 14:16 - 00004096 ___AH C:\Users\user1\AppData\Local\keyfile3.drm

2013-05-06 11:35 - 2013-05-16 13:37 - 00000353 ____A C:\Users\user1\Desktop\homfurniture.txt

2013-05-01 05:57 - 2013-05-04 20:03 - 00000000 ____D C:\Users\user1\Documents\Operations

2013-04-29 20:30 - 2013-04-29 20:43 - 00000000 ____D C:\Users\user1\Documents\SOW

2013-04-28 16:50 - 2013-04-28 16:50 - 00000000 ____D C:\Users\user1\Desktop\2013_04_28

2013-04-28 16:49 - 2013-04-28 16:49 - 00000000 ___HD C:\ProgramData\CanonIJScan

2013-04-28 09:40 - 2013-04-28 16:49 - 00000000 ____D C:\Users\user1\AppData\Roaming\Canon

2013-04-28 09:40 - 2013-04-28 09:40 - 00001971 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

2013-04-28 09:40 - 2013-04-28 09:40 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool

2013-04-28 09:40 - 2009-04-03 13:00 - 01310720 ____A (CANON INC.) C:\Windows\System32\CNC560C.dll

2013-04-28 09:40 - 2009-04-03 12:59 - 00110592 ____A (CANON INC.) C:\Windows\System32\CNC560I.dll

2013-04-28 09:40 - 2009-04-03 12:57 - 00106496 ____A (CANON INC.) C:\Windows\System32\CNC560U.dll

2013-04-28 09:40 - 2009-03-19 11:38 - 00303104 ____A (CANON INC.) C:\Windows\System32\CNC560L.dll

2013-04-28 09:40 - 2009-02-16 09:19 - 00012800 ____A C:\Windows\System32\CNC173ED.TBL

2013-04-28 09:40 - 2008-08-25 15:02 - 00015872 ____A (CANON INC.) C:\Windows\System32\CNHMCA.dll

2013-04-28 09:37 - 2013-04-28 09:38 - 00000000 ____D C:\Windows\System32\STRING

2013-04-28 09:37 - 2013-04-28 09:37 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information

2013-04-28 09:37 - 2012-06-14 14:18 - 00366592 ____A (CANON INC.) C:\Windows\System32\CNMNPPM.DLL

2013-04-28 09:37 - 2012-06-14 14:18 - 00035840 ____A (CANON INC.) C:\Windows\System32\CNMNPUI.DLL

2013-04-28 09:37 - 2010-04-24 02:00 - 00272384 ____A (CANON INC.) C:\Windows\System32\CNMLMA0.DLL

2013-04-28 09:36 - 2013-04-28 09:36 - 00000000 ___HD C:\Program Files\CanonBJ

2013-04-28 09:36 - 2009-03-18 06:09 - 00178176 ____A (CANON INC.) C:\Windows\System32\CNMIUA0.DLL

2013-04-28 09:35 - 2013-04-28 09:40 - 00000000 ____D C:\Program Files\Canon

2013-04-28 09:35 - 2013-04-28 09:35 - 00002045 ____A C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk

2013-04-25 19:04 - 2013-04-25 19:05 - 00106988 ____A C:\Users\user1\Downloads\securedoc_20130425T144709.html

==================== One Month Modified Files and Folders ========

2013-05-25 09:24 - 2013-05-25 09:24 - 00000000 ____D C:\FRST

2013-05-25 05:22 - 2013-04-11 10:05 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-25 05:19 - 2013-04-11 10:05 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-25 05:18 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-25 05:18 - 2009-07-13 20:39 - 00050215 ____A C:\Windows\setupact.log

2013-05-25 04:15 - 2012-06-13 13:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-24 22:11 - 2009-07-13 20:34 - 00016512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-24 22:11 - 2009-07-13 20:34 - 00016512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-24 22:03 - 2013-04-11 08:05 - 01622239 ____A C:\Windows\WindowsUpdate.log

2013-05-24 21:55 - 2013-04-24 14:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Intel

2013-05-24 21:46 - 2013-05-24 21:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes

2013-05-24 21:43 - 2013-05-24 21:43 - 00074752 ____A C:\ProgramData\DisplaySwitch.exe

2013-05-24 21:43 - 2013-04-11 10:33 - 00000000 ____D C:\Users\user1\Documents\Outlook Files

2013-05-23 17:23 - 2013-04-11 10:06 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-05-23 07:18 - 2013-04-17 17:38 - 00000000 ____D C:\Ameriprise

2013-05-22 20:10 - 2013-05-22 20:10 - 00000090 ____A C:\Users\user1\Desktop\raymond.txt

2013-05-19 06:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-05-19 06:21 - 2013-04-15 21:39 - 00000000 ____D C:\QUARANTINE

2013-05-18 20:45 - 2013-04-11 08:19 - 00000000 ____D C:\Users\user1\Tracing

2013-05-17 18:02 - 2012-02-23 12:34 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-05-17 17:59 - 2009-07-13 20:33 - 00414600 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-17 04:19 - 2011-03-18 08:00 - 00901744 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-17 04:15 - 2011-03-18 08:48 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-16 20:20 - 2013-05-16 20:20 - 00003452 ____A C:\Users\user1\Desktop\toll.txt

2013-05-16 20:20 - 2013-05-16 20:20 - 00000890 ____A C:\Users\user1\Desktop\goals.txt

2013-05-16 13:37 - 2013-05-06 11:35 - 00000353 ____A C:\Users\user1\Desktop\homfurniture.txt

2013-05-14 15:59 - 2012-06-13 13:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-05-14 15:59 - 2012-02-23 12:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-05-12 19:54 - 2011-03-18 08:27 - 00000000 ____D C:\ProgramData\McAfee

2013-05-12 16:55 - 2011-03-18 08:09 - 00033408 ____A C:\Windows\PFRO.log

2013-05-12 16:55 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\schemas

2013-05-12 16:21 - 2013-04-11 08:19 - 00000000 ____D C:\users\user1

2013-05-09 18:07 - 2013-05-09 18:07 - 00012096 ____A C:\Users\user1\Desktop\T&M SOW_Resource Table.xlsx

2013-05-09 18:01 - 2013-05-09 18:01 - 00012096 ____A C:\Users\user1\Desktop\Copy of SOW_Resource Table.xlsx

2013-05-09 14:16 - 2013-05-09 14:16 - 00004096 ___AH C:\Users\user1\AppData\Local\keyfile3.drm

2013-05-05 11:25 - 2013-05-17 04:17 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-05 11:12 - 2013-05-17 04:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-04 20:03 - 2013-05-01 05:57 - 00000000 ____D C:\Users\user1\Documents\Operations

2013-05-01 23:06 - 2011-03-18 08:08 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-04-29 20:43 - 2013-04-29 20:30 - 00000000 ____D C:\Users\user1\Documents\SOW

2013-04-28 16:50 - 2013-04-28 16:50 - 00000000 ____D C:\Users\user1\Desktop\2013_04_28

2013-04-28 16:49 - 2013-04-28 16:49 - 00000000 ___HD C:\ProgramData\CanonIJScan

2013-04-28 16:49 - 2013-04-28 09:40 - 00000000 ____D C:\Users\user1\AppData\Roaming\Canon

2013-04-28 09:40 - 2013-04-28 09:40 - 00001971 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

2013-04-28 09:40 - 2013-04-28 09:40 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool

2013-04-28 09:40 - 2013-04-28 09:35 - 00000000 ____D C:\Program Files\Canon

2013-04-28 09:40 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\twain_32

2013-04-28 09:40 - 2009-07-13 18:37 - 00000000 __RSD C:\Windows\Media

2013-04-28 09:38 - 2013-04-28 09:37 - 00000000 ____D C:\Windows\System32\STRING

2013-04-28 09:37 - 2013-04-28 09:37 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information

2013-04-28 09:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore

2013-04-28 09:36 - 2013-04-28 09:36 - 00000000 ___HD C:\Program Files\CanonBJ

2013-04-28 09:35 - 2013-04-28 09:35 - 00002045 ____A C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk

2013-04-25 19:05 - 2013-04-25 19:04 - 00106988 ____A C:\Users\user1\Downloads\securedoc_20130425T144709.html

Other Malware:

===========

C:\ProgramData\DisplaySwitch.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAcces. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 4051.17 MB

Available physical RAM: 3576.31 MB

Total Pagefile: 4049.45 MB

Available Pagefile: 3574.5 MB

Total Virtual: 2047.88 MB

Available Virtual: 1936.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:205.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.25 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 52A57356)

Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7 GB) - (Type=0C)

Last Boot: 2013-05-16 10:28

==================== End Of Log ============================

Appreciate quick help.

Link to post
Share on other sites

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.