Jump to content

clementine21

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you for helping me and fixing my laptop :)

  2. Thank you very much for helping me I have a quick question. I use Avira for protection but I should delete it because I also have Microsoft Security Essentials. I see on your suggestion page that I would need a firewall and anti-malware too. Is my windows firewall good enough or should I download one? So if I have Microsoft Security Essentials, my laptop firewall, and download the anti-malware... I should be better protected.
  3. And the security check Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 35 Java 7 Update 17 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader XI Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  4. Here is the log. I have looked over the files and there's nothing I want to keep, but I do recognize the conduit folders. Sometimes my internet will open with this as a search bar. I have tried to delete in the past because I have no idea how it got on my laptop. AdwCleanerR1.txt
  5. I ran the scan twice and it didn't find any threats. Here are the logs. mbar-log-2013-06-10 (10-45-51).txt system-log.txt Fixlog.txt
  6. Thank you very much for helping me. Here is my FRST.text Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013 Ran by SYSTEM on 09-06-2013 23:04:50 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor) HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.) HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [79872 2009-08-26] (Sony Electronics Corporation) HKLM-x32\...\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [1596096 2009-08-05] (Leader Technologies Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Andrea\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-02] (Google Inc.) HKU\Andrea\...\Run: [Epson Stylus NX430(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\Andrea\AppData\Local\Temp\E_S6FC2.tmp" /EF "HKCU" [x] HKU\Andrea\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [916480 2013-02-16] (Ares Development Group) HKU\Andrea\...\Run: [Amazon Cloud Drive] C:\Users\Andrea\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [646528 2012-11-12] () HKU\Andrea\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Andrea\AppData\Local\Temp\moniragi.exe [45056 2013-06-09] (Adobe Systems Incorporated) HKU\Andrea\...\Command Processor: "C:\Users\Andrea\AppData\Local\Temp\moniragi.exe" Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2008-09-29] (Intel Corporation) S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation) S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] ==================== Drivers (Whitelisted) ==================== S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-09 23:04 - 2013-06-09 23:04 - 00000000 ____D C:\FRST 2013-06-09 16:44 - 2013-06-09 16:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-09 16:44 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-09 16:23 - 2013-06-09 16:23 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Desktop\mbam-setup-1.75.0.1300.com 2013-06-06 09:07 - 2013-06-06 09:15 - 00000000 ____D C:\Users\Andrea\Downloads\DS & 3DS 2013-06-06 08:58 - 2013-06-06 09:00 - 00000000 ____D C:\Users\Andrea\Downloads\Old School 2013-06-03 07:10 - 2013-06-08 08:59 - 00000000 ____D C:\Users\Andrea\Downloads\Roms 2013-06-02 20:32 - 2012-10-11 02:34 - 00014871 ____A C:\Users\Andrea\Downloads\Readme.txt 2013-06-02 16:19 - 2013-06-06 20:06 - 00000000 ____D C:\Users\Andrea\Downloads\Games 2013-06-02 12:29 - 2013-06-03 07:09 - 00000000 ____D C:\Users\Andrea\Downloads\Hack Wii 2013-06-02 11:31 - 2013-06-02 11:31 - 07815799 ____A C:\Users\Andrea\Downloads\WiiBackupManager Build78.zip 2013-06-01 15:23 - 2013-06-02 07:09 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Nico Mak Computing 2013-06-01 15:23 - 2013-02-13 07:07 - 00019840 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot64.exe 2013-06-01 15:21 - 2013-06-03 08:26 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\uTorrent 2013-06-01 14:58 - 2013-06-01 14:58 - 00000000 ____D C:\Users\Andrea\AppData\Local\WBFSManager 2013-06-01 14:56 - 2013-06-01 16:38 - 00000000 ____D C:\Users\Andrea\Downloads\WBFS Manager Covers 2013-06-01 14:56 - 2013-06-01 14:56 - 00000954 ____A C:\Users\Andrea\Desktop\WBFS Manager 3.0.lnk 2013-06-01 14:56 - 2013-06-01 14:56 - 00000000 ____D C:\Program Files\WBFS 2013-06-01 14:55 - 2013-06-01 14:55 - 02845640 ____A C:\Users\Andrea\Downloads\WBFSManager3.0-RTW-x64.zip 2013-06-01 14:51 - 2013-06-01 14:51 - 02623374 ____A C:\Users\Andrea\Downloads\WBFSManager3.0.1-RTW-x86.zip 2013-06-01 11:52 - 2013-06-01 11:52 - 00000181 ____A C:\Windows\WININIT.INI 2013-06-01 11:49 - 2013-06-01 11:49 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Roxio Log Files 2013-06-01 11:35 - 2013-06-01 11:35 - 00495096 ____A C:\Users\Andrea\Downloads\Desktunes_RocketFuelInstaller.exe 2013-05-21 08:17 - 2013-05-21 08:17 - 02162344 ____A (Catalina Marketing Corp) C:\Users\Andrea\AppData\Local\BcsKtYcHW.dll 2013-05-21 08:17 - 2013-05-21 08:17 - 00926010 ____A C:\Users\Andrea\AppData\Local\a.zip 2013-05-15 23:06 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 23:06 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 23:06 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 23:06 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 23:02 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 23:02 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 23:02 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 23:02 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 23:02 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-15 23:02 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-15 23:02 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 23:02 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-15 23:02 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 23:02 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-15 23:02 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 23:02 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 23:02 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-15 23:02 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 23:02 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 23:02 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 23:02 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-15 23:02 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 23:02 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 23:02 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-15 23:02 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 23:02 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 23:02 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-15 23:02 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-15 23:02 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 23:02 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 23:02 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-15 23:02 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 21:12 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 21:12 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 21:12 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 21:12 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 21:12 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 21:12 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 21:12 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 21:12 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 21:12 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 21:12 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-15 21:12 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-15 21:11 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 21:11 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 21:11 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-12 17:58 - 2013-05-13 09:12 - 00000955 ____A C:\Users\Public\Desktop\Ares.lnk ==================== One Month Modified Files and Folders ======= 2013-06-09 23:04 - 2013-06-09 23:04 - 00000000 ____D C:\FRST 2013-06-09 17:25 - 2009-08-18 15:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-09 17:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system 2013-06-09 17:17 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-09 17:17 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-09 17:13 - 2013-04-29 19:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\Deployment 2013-06-09 17:09 - 2009-09-02 22:08 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-09 17:08 - 2012-07-25 19:18 - 00008962 ____A C:\Windows\setupact.log 2013-06-09 17:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-09 16:44 - 2013-06-09 16:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-09 16:23 - 2013-06-09 16:23 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Desktop\mbam-setup-1.75.0.1300.com 2013-06-09 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-09 13:35 - 2012-10-10 06:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-09 13:30 - 2009-09-02 22:08 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-09 08:30 - 2009-09-26 00:49 - 01423445 ____A C:\Windows\WindowsUpdate.log 2013-06-08 20:46 - 2011-05-26 14:08 - 00000000 ____D C:\Users\Andrea\Documents\Surveys 2013-06-08 08:59 - 2013-06-03 07:10 - 00000000 ____D C:\Users\Andrea\Downloads\Roms 2013-06-06 20:06 - 2013-06-02 16:19 - 00000000 ____D C:\Users\Andrea\Downloads\Games 2013-06-06 09:15 - 2013-06-06 09:07 - 00000000 ____D C:\Users\Andrea\Downloads\DS & 3DS 2013-06-06 09:00 - 2013-06-06 08:58 - 00000000 ____D C:\Users\Andrea\Downloads\Old School 2013-06-06 06:00 - 2009-09-02 22:09 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-05 19:16 - 2009-09-02 23:07 - 00455806 ____A C:\Windows\PFRO.log 2013-06-03 21:24 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-03 08:26 - 2013-06-01 15:21 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\uTorrent 2013-06-03 07:09 - 2013-06-02 12:29 - 00000000 ____D C:\Users\Andrea\Downloads\Hack Wii 2013-06-02 22:08 - 2012-07-25 20:51 - 00000000 ____D C:\Users\Andrea\AppData\Local\Conduit 2013-06-02 11:31 - 2013-06-02 11:31 - 07815799 ____A C:\Users\Andrea\Downloads\WiiBackupManager Build78.zip 2013-06-02 07:09 - 2013-06-01 15:23 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Nico Mak Computing 2013-06-01 16:38 - 2013-06-01 14:56 - 00000000 ____D C:\Users\Andrea\Downloads\WBFS Manager Covers 2013-06-01 15:25 - 2012-07-25 20:51 - 00000000 ____D C:\Users\Andrea\AppData\Local\CRE 2013-06-01 14:58 - 2013-06-01 14:58 - 00000000 ____D C:\Users\Andrea\AppData\Local\WBFSManager 2013-06-01 14:56 - 2013-06-01 14:56 - 00000954 ____A C:\Users\Andrea\Desktop\WBFS Manager 3.0.lnk 2013-06-01 14:56 - 2013-06-01 14:56 - 00000000 ____D C:\Program Files\WBFS 2013-06-01 14:55 - 2013-06-01 14:55 - 02845640 ____A C:\Users\Andrea\Downloads\WBFSManager3.0-RTW-x64.zip 2013-06-01 14:51 - 2013-06-01 14:51 - 02623374 ____A C:\Users\Andrea\Downloads\WBFSManager3.0.1-RTW-x86.zip 2013-06-01 11:58 - 2010-06-20 20:10 - 00000000 ____D C:\Program Files\WinRAR 2013-06-01 11:52 - 2013-06-01 11:52 - 00000181 ____A C:\Windows\WININIT.INI 2013-06-01 11:49 - 2013-06-01 11:49 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Roxio Log Files 2013-06-01 11:35 - 2013-06-01 11:35 - 00495096 ____A C:\Users\Andrea\Downloads\Desktunes_RocketFuelInstaller.exe 2013-05-27 15:41 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-27 10:08 - 2009-12-30 20:16 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Tutor 2013-05-27 10:07 - 2009-12-06 14:57 - 00000000 ____D C:\Users\Andrea\AppData\Local\VirtualStore 2013-05-27 09:59 - 2011-01-02 20:55 - 00000000 ____D C:\Users\Public\Documents\AAB 2013-05-27 09:58 - 2011-01-02 20:55 - 00000000 ____D C:\Users\Public\Documents\ASCP 2013-05-21 08:17 - 2013-05-21 08:17 - 02162344 ____A (Catalina Marketing Corp) C:\Users\Andrea\AppData\Local\BcsKtYcHW.dll 2013-05-21 08:17 - 2013-05-21 08:17 - 00926010 ____A C:\Users\Andrea\AppData\Local\a.zip 2013-05-16 06:35 - 2012-10-10 06:48 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-16 06:35 - 2012-10-10 06:48 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-16 05:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-15 23:42 - 2009-07-13 20:45 - 00451408 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 23:21 - 2009-09-02 22:16 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 23:12 - 2010-01-16 12:24 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-13 09:12 - 2013-05-12 17:58 - 00000955 ____A C:\Users\Public\Desktop\Ares.lnk 2013-05-13 08:51 - 2012-07-21 20:59 - 00000000 ____D C:\Users\Andrea\Desktop\My Shared Folder 2013-05-12 17:58 - 2013-04-27 16:28 - 00000000 ____D C:\Program Files (x86)\Ares 2013-05-12 13:43 - 2012-04-15 11:57 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Epson 2013-05-12 13:43 - 2012-04-14 13:51 - 00000000 ____D C:\ProgramData\EPSON ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-26 05:55:13 Restore point made on: 2013-05-27 11:22:38 Restore point made on: 2013-05-27 12:12:57 Restore point made on: 2013-05-29 07:05:55 Restore point made on: 2013-06-02 07:22:17 Restore point made on: 2013-06-02 15:51:21 Restore point made on: 2013-06-02 16:02:34 Restore point made on: 2013-06-05 19:28:45 Restore point made on: 2013-06-09 08:28:59 Restore point made on: 2013-06-09 13:49:10 Restore point made on: 2013-06-09 13:51:42 Restore point made on: 2013-06-09 14:02:13 Restore point made on: 2013-06-09 17:14:28 Restore point made on: 2013-06-09 17:16:21 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3935.02 MB Available physical RAM: 3313.34 MB Total Pagefile: 3933.17 MB Available Pagefile: 3299.4 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:290.37 GB) (Free:133.77 GB) NTFS (Disk=0 Partition=3) Drive e: (Recovery) (Fixed) (Total:7.62 GB) (Free:0.83 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 85EFE600) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 48183E69) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-03 22:09 ==================== End Of Log ============================
  7. Hello, My laptop has ransomware on it. I've tried to follow the steps in the Removal Guides and Self Help Guides forum, but it didn't work. I need help. -Clem
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.