Jump to content

Another Ransomware infection


Recommended Posts

I am trying to fix my computer. I have used norton's kaspersky rescue disk to no avail. it removed a bunch of stuff but my computer still has a "enter password to unlock" dialog that takes up the entire screen after I login. This happens even in safe mode. The only thing I can access is windows safe mode command prompt. I am on windows 8 64.

 

I have gleamed from previous posts that I need to run frst and post my log. It is attached:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Haydn (administrator) on GAMING-PC on 01-11-2013 10:19:28
Running from F:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\cmd.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Winlogon: [shell] C:\Users\Haydn\Downloads\Asphalt 8 Airborne Hack 2013 2.1 x64.exe [1518592 2013-10-20] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Driver Pro] - C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Haydn\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Haydn\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-15] (Facebook Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll,C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL [2255184 2013-06-28] ()
Startup: C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Haydn\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=60EA1206E69CFFC1&affID=119351&tsp=4983
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10025&barid={E158A6C7-61C9-11E2-BE83-D4BED9E2B746}
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKCU - (No Name) - {9f248e54-6a4c-4db0-ab05-2a1a68fbc811} - No File
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCzy0C0F0F0CtCzy0B0C0CtN0D0Tzu0CtAyBzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1548681093
SearchScopes: HKLM - {9A6B8209-0B2A-40A7-A084-EC833B7880C2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCzy0C0F0F0CtCzy0B0C0CtN0D0Tzu0CtAyBzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1548681093
SearchScopes: HKLM-x32 - DefaultScope {43E63FF0-378A-43D1-A67A-0378EA3625F9} URL = 
SearchScopes: HKLM-x32 - {9A6B8209-0B2A-40A7-A084-EC833B7880C2} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10025&barid={E158A6C7-61C9-11E2-BE83-D4BED9E2B746}
SearchScopes: HKCU - DefaultScope {43E63FF0-378A-43D1-A67A-0378EA3625F9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3300237&CUI=UN22192485112863265&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=60EA1206E69CFFC1&affID=119351&tsp=4983
SearchScopes: HKCU - {43E63FF0-378A-43D1-A67A-0378EA3625F9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3300237&CUI=UN22192485112863265&UM=2
SearchScopes: HKCU - {492990D3-CDE4-43E0-B04B-09AD40618AC8} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={84E5D1E3-0A1D-48A2-B69C-F8DBEE223051}&mid=21959a3555f147d09d3f05f79f065eb5-d38b154cef539ae68f04fe7b39b65400afb9a795〈=en&ds=AVG&pr=pr&d=2013-01-21 12:06:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9A6B8209-0B2A-40A7-A084-EC833B7880C2} URL = 
SearchScopes: HKCU - {9F968539-6D6E-43B1-91E7-F8A86FED3C1C} URL = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
SearchScopes: HKCU - {AC5A6717-08FC-45E9-815A-705379532064} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C870E606-8182-49E0-89C9-39C4BB6502F0&apn_sauid=08B526F2-1906-4743-8F78-C0EB71AF088B
SearchScopes: HKCU - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&ir=download&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCzy0C0F0F0CtCzy0B0C0CtN0D0Tzu0CtAyBzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1548681093
SearchScopes: HKCU - {E6A676ED-4E69-4D7A-8938-C939DDE9772A} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130103,17118,0,25,0
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10025&barid={E158A6C7-61C9-11E2-BE83-D4BED9E2B746}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: No Name - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -  No File
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} -  No File
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - No Name - {9f248e54-6a4c-4db0-ab05-2a1a68fbc811} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
 
Chrome: 
=======
CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=60EA1206E69CFFC1&affID=119351&tsp=4983
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (WebConnect) - C:\Users\Haydn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon\1.0.0_0
CHR Extension: (Minecraft Enderdragon and Steve Theme) - C:\Users\Haydn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjfhcbnjfholecfmdgegnflipmknmlg\1_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Haydn\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Haydn\AppData\Local\funmoods-speeddial_sf.crx
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Haydn\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Haydn\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Haydn\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [lmblfngognklgemafekefcdjcnkdhmdm] - C:\Users\Haydn\AppData\Roaming\2YourFace\2YourFace.crx
CHR HKLM-x32\...\Chrome\Extension: [oahepomnpijmejhllnialnkhnadmcjdp] - C:\Users\Haydn\AppData\Local\CRE\oahepomnpijmejhllnialnkhnadmcjdp.crx
CHR HKLM-x32\...\Chrome\Extension: [peaihlgfkkhnflpijnnbhkmkcpjhnpel] - C:\Program Files (x86)\BuzzSocialPoints_DNS\chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-08-23] ()
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [296448 2013-04-30] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-02-27] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
S3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [792320 2012-12-20] (Hauppauge Computer Work, Inc.)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2012-11-19] ()
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-01 11:30 - 2013-11-01 11:30 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-01 09:49 - 2013-11-01 09:49 - 00000000 ____D C:\Users\Haydn\AppData\Local\CrashDumps
2013-11-01 08:55 - 2013-11-01 08:55 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-01 08:55 - 2013-11-01 08:55 - 00000000 ____D C:\Users\norton\AppData\Roaming\Malwarebytes
2013-11-01 08:55 - 2013-11-01 08:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-01 08:55 - 2013-11-01 08:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-01 08:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-01 08:54 - 2013-11-01 08:54 - 00000000 ____D C:\Users\norton\AppData\Local\NPE
2013-11-01 08:54 - 2013-11-01 08:54 - 00000000 ____D C:\ProgramData\Norton
2013-11-01 08:49 - 2013-11-01 08:49 - 00000020 ___SH C:\Users\norton\ntuser.ini
2013-11-01 08:49 - 2013-11-01 08:49 - 00000000 ____D C:\Users\norton\AppData\Roaming\Adobe
2013-11-01 08:49 - 2013-11-01 08:49 - 00000000 ____D C:\Users\norton
2013-11-01 08:49 - 2013-08-23 01:34 - 00000000 ___RD C:\Users\norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-01 08:49 - 2013-06-24 20:57 - 00000000 ___RD C:\Users\norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-01 08:49 - 2013-02-01 18:29 - 00000000 ____D C:\Users\norton\AppData\Roaming\TuneUp Software
2013-11-01 08:49 - 2012-07-26 03:13 - 00000000 ___RD C:\Users\norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-01 08:49 - 2012-07-26 03:13 - 00000000 ____D C:\Users\norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-31 15:00 - 2013-10-31 15:00 - 00000000 ____D C:\FRST
2013-10-20 16:17 - 2013-10-20 16:18 - 01518592 ___RH C:\Users\Haydn\Downloads\Asphalt 8 Airborne Hack 2013 2.1 x64.exe
2013-10-20 16:17 - 2013-10-20 16:17 - 01519616 _____ C:\Users\Haydn\Downloads\Asphalt 8 Airborne Hack 2013 2.1 x86.exe
2013-10-13 03:56 - 2013-10-13 03:56 - 00292688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-13 03:43 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-13 03:43 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-13 03:43 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-13 03:43 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-13 03:43 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-13 03:43 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-13 03:43 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-13 03:42 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-13 03:42 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-13 03:42 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-13 03:42 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-13 03:42 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-13 03:42 - 2013-08-02 01:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-10-13 03:42 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-13 03:42 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-13 03:42 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-13 03:42 - 2013-08-02 00:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-13 03:42 - 2013-08-01 05:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-13 03:42 - 2013-07-30 18:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-13 03:42 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-13 03:42 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-13 03:42 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-13 03:42 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-10-10 02:45 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 02:45 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 02:45 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 02:45 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 02:45 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 02:45 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 02:45 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 02:45 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 02:45 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 02:45 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 02:45 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 02:45 - 2013-07-05 19:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 02:45 - 2013-07-03 21:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 02:45 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-10 02:45 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-10 02:45 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 02:45 - 2013-05-14 04:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 02:45 - 2013-04-28 17:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-10 02:45 - 2013-02-21 05:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 02:45 - 2013-02-21 05:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 02:45 - 2013-02-21 05:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 02:45 - 2013-02-21 05:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 02:45 - 2013-02-21 05:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 02:45 - 2013-02-21 05:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 02:45 - 2013-02-19 04:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-10 02:45 - 2012-11-07 23:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 02:45 - 2012-11-07 23:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 02:44 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 02:44 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 02:44 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 02:44 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 02:44 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 02:44 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 02:43 - 2013-08-23 00:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 02:43 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 02:43 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 02:43 - 2013-07-05 17:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 02:43 - 2013-07-01 20:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-10 02:43 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-10 02:43 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-10 02:43 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-10 02:43 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 02:43 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 02:43 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 02:43 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 02:43 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 02:43 - 2013-06-28 22:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 02:43 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 02:43 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 02:43 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 02:43 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-10 02:43 - 2013-05-26 18:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 02:43 - 2013-05-26 17:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 02:43 - 2013-05-24 22:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 02:43 - 2013-05-24 21:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
 
==================== One Month Modified Files and Folders =======
 
2013-11-01 11:30 - 2013-11-01 11:30 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-01 10:16 - 2012-09-25 08:12 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-11-01 10:15 - 2013-07-04 23:17 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-01 10:15 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-01 09:54 - 2012-10-28 20:09 - 00000000 ____D C:\Users\Haydn
2013-11-01 09:49 - 2013-11-01 09:49 - 00000000 ____D C:\Users\Haydn\AppData\Local\CrashDumps
2013-11-01 09:48 - 2013-05-31 15:33 - 00000378 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-01 09:48 - 2013-05-15 15:43 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-01 09:48 - 2013-04-20 20:02 - 00000398 _____ C:\Windows\Tasks\FindLyrics Update.job
2013-11-01 09:47 - 2013-09-14 03:28 - 00055678 _____ C:\Windows\PFRO.log
2013-11-01 09:46 - 2012-12-18 17:37 - 00000000 ____D C:\Users\Haydn\AppData\Local\SwvUpdater
2013-11-01 08:55 - 2013-11-01 08:55 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-01 08:55 - 2013-11-01 08:55 - 00000000 ____D C:\Users\norton\AppData\Roaming\Malwarebytes
2013-11-01 08:55 - 2013-11-01 08:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-01 08:55 - 2013-11-01 08:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-01 08:54 - 2013-11-01 08:54 - 00000000 ____D C:\Users\norton\AppData\Local\NPE
2013-11-01 08:54 - 2013-11-01 08:54 - 00000000 ____D C:\ProgramData\Norton
2013-11-01 08:53 - 2012-07-26 02:28 - 00876116 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 08:49 - 2013-11-01 08:49 - 00000020 ___SH C:\Users\norton\ntuser.ini
2013-11-01 08:49 - 2013-11-01 08:49 - 00000000 ____D C:\Users\norton\AppData\Roaming\Adobe
2013-11-01 08:49 - 2013-11-01 08:49 - 00000000 ____D C:\Users\norton
2013-11-01 08:11 - 2013-09-29 19:45 - 00002473 _____ C:\Windows\setupact.log
2013-11-01 08:09 - 2013-07-05 13:14 - 00000000 ____D C:\Windows\system32\NV
2013-11-01 03:06 - 2013-07-19 21:42 - 00000000 ____D C:\Users\Haydn\AppData\Local\NexGenMediaPlayer
2013-11-01 03:06 - 2012-10-28 20:11 - 00000000 ___RD C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-31 15:00 - 2013-10-31 15:00 - 00000000 ____D C:\FRST
2013-10-31 14:44 - 2013-09-09 04:36 - 02015931 _____ C:\Windows\WindowsUpdate.log
2013-10-31 14:11 - 2013-04-20 20:01 - 00004130 _____ C:\Windows\System32\Tasks\Software Updater
2013-10-31 14:11 - 2013-01-21 12:58 - 00000000 ____D C:\ProgramData\MFAData
2013-10-29 21:20 - 2013-09-15 21:15 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4248307638-703774149-4267271662-1001UA.job
2013-10-29 21:20 - 2013-09-15 21:15 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4248307638-703774149-4267271662-1001Core.job
2013-10-29 21:06 - 2013-05-15 15:43 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 21:02 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-28 10:04 - 2012-12-21 09:22 - 00000157 _____ C:\Windows\SysWOW64\SystemPreferences.xml
2013-10-27 08:20 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-24 02:54 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-23 09:09 - 2013-08-27 08:20 - 00000140 _____ C:\Windows\SysWOW64\usergui.cfg
2013-10-23 09:09 - 2013-05-21 14:30 - 00001794 _____ C:\Windows\SysWOW64\userawacs.cfg
2013-10-20 18:27 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-20 16:18 - 2013-10-20 16:17 - 01518592 ___RH C:\Users\Haydn\Downloads\Asphalt 8 Airborne Hack 2013 2.1 x64.exe
2013-10-20 16:17 - 2013-10-20 16:17 - 01519616 _____ C:\Users\Haydn\Downloads\Asphalt 8 Airborne Hack 2013 2.1 x86.exe
2013-10-20 16:16 - 2012-11-04 20:37 - 00000000 ____D C:\Users\Haydn\AppData\Roaming\Skype
2013-10-20 14:46 - 2013-07-06 22:33 - 00000000 ____D C:\Users\Haydn\Documents\Movie Studio Platinum 12.0 Projects
2013-10-20 14:46 - 2013-05-15 10:38 - 00000000 ____D C:\Users\Haydn\Desktop\vidoes
2013-10-20 14:46 - 2012-10-28 20:21 - 00000000 ____D C:\Users\Haydn\AppData\Roaming\.minecraft
2013-10-18 18:08 - 2013-07-19 21:42 - 00000000 ____D C:\Users\Haydn\AppData\Local\LogMeIn Hamachi
2013-10-14 13:21 - 2012-10-28 20:18 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4248307638-703774149-4267271662-1001
2013-10-14 13:09 - 2012-10-28 20:11 - 00000000 ___RD C:\Users\Haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-13 04:21 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-10-13 03:56 - 2013-10-13 03:56 - 00292688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-13 03:55 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ToastData
2013-10-10 03:09 - 2013-08-15 00:37 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 03:05 - 2012-12-14 19:03 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-03 01:01 - 2013-05-15 15:43 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-03 01:01 - 2013-05-15 15:43 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-02 03:18 - 2013-05-20 19:13 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-10-02 03:18 - 2013-01-21 13:06 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-02 03:18 - 2013-01-21 13:06 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
 
Some content of TEMP:
====================
C:\Users\Haydn\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-29 03:00
 
==================== End Of Log ============================

FRST.txt

Link to post
Share on other sites

  • Staff

Hello tb520031

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 HKLM\...\Winlogon: [Shell] C:\Users\Haydn\Downloads\Asphalt 8 Airborne Hack 2013 2.1 x64.exe [1518592 2013-10-20] () <=== ATTENTIONHKCU\...\Run: [Driver Pro] - C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\Users\Haydn\AppData\Local\Temp\SkypeSetup.exe 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

Link to post
Share on other sites

Forgot to say thanks! I appreciate your help a ton! I want to learn to figure this stuff out too...how do you do it?

 

Here's my fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013

Ran by Haydn at 2013-11-07 13:34:42 Run:1

Running from F:\

Boot Mode: Safe Mode (minimal)

==============================================

 

Content of fixlist:

*****************

HKLM\...\Winlogon: [shell] C:\Users\Haydn\Downloads\Asphalt 8 Airborne Hack 2013 2.1 x64.exe [1518592 2013-10-20] () <=== ATTENTION

HKCU\...\Run: [Driver Pro] - C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Users\Haydn\AppData\Local\Temp\SkypeSetup.exe 

*****************

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Pro => Value deleted successfully.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

HKCU\SOFTWARE\Policies\Google => Key deleted successfully.

C:\Users\Haydn\AppData\Local\Temp\SkypeSetup.exe  => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hello tb520031

You should let me finish

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.