Jump to content

felizw

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you again. Since I am working on a MAC to fix the PC, I believe it's not going to work. I tried to open the ISO file on my mac, and it is not recognizing it. I suppose I will need to work from another PC to be able to fix this issue, as I don't have access to my friends PC.
  2. Hello Marius, Thank you so much for your quick response. The computer with the ICE virus is my friends and it is a Windows OS 8. the Virus completely locked me out of the Computer, where everything I try to do or any program I try to open will put me in the Virus logo, asking for payment. I am able to access the Advanced Options. I tried to restore the PC, but I had no restore points created. I am able to access the Command Prompt, but copying and pasting on a flash drive on my MAC and opening it on the PC command prompt will not work. I tried to follow your instructions, and when I opened it it was not the same. In the Advanced Options I do not have an option to restart in Save Mode. Is there anything else I can do?
  3. Help me please. I have never encounter such a difficult to remove. I wound up in this great site and was reading up on a Blog MrCharlie was helping with. I downloaded the Farbar Recovery Scan Tool and fallowed the his instructions and printed out the log. I tried to restore my system, but did not have a restore date. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014 01 Ran by SYSTEM on MININT-0EU0E5Q on 14-04-2014 08:13:05Running from D:\Windows 8 Pro (X86) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKU\Sandro\...\Run: [AdobeBridge] => [X]HKU\Sandro\...\Run: [browser Infrastructure Helper] => C:\Users\Sandro\AppData\Local\Smartbar\Application\SnapDo.exe [21536 2014-02-06] (Smartbar)HKU\Sandro\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [135048 2014-04-07] (PC Utilities Software Limited)AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050400 2014-03-30] (Conduit)AppInit_DLLs: c:\progra~1\optimi~1\optpro~2.dll => C:\Program Files\Optimizer Pro\OptProCrash.dll [4110728 2014-04-12] ()Startup: C:\Users\Sandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnkShortcutTarget: DesktopWeatherAlerts.lnk -> (No File)Startup: C:\Users\Sandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\or8jazj.lnkShortcutTarget: or8jazj.lnk -> C:\ProgramData\2992199F9A\jzaj8ro.cpp (Корпорация Майкрософт)Startup: C:\Users\Sandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnkShortcutTarget: Weather Alerts.lnk -> (No File)Startup: C:\Users\william\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\or8jazj.lnkShortcutTarget: or8jazj.lnk -> C:\ProgramData\2992199F9A\jzaj8ro.cpp (Корпорация Майкрософт) ========================== Services (Whitelisted) ================= S2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [220800 2014-04-12] ()S2 consumerinput_update; C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-04-12] (ConsumerInput)S3 consumerinput_updatem; C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2014-04-12] (ConsumerInput)S2 hlsvc; C:\Program Files\Highlightly\Service\hlsvc.exe [273000 2014-02-05] (Highlightly)S2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [32288 2014-02-06] ()S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-25] (Microsoft Corporation)S2 winmgmt; C:\ProgramData\2992199F9A\jzaj8ro.cpp [200704 2014-04-12] (Корпорация Майкрософт)S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X] ==================== Drivers (Whitelisted) ==================== S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-25] (Microsoft Corporation)S1 hlnfd; C:\Windows\System32\drivers\hlnfd.sys [52752 2014-02-05] (Highlightly)S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-04-14] (Malwarebytes Corporation)S3 netwlv32; C:\Windows\system32\DRIVERS\netwlv32.sys [6637056 2012-06-02] (Intel Corporation)S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)S3 idsvc; S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [52224 2012-07-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-14 08:12 - 2014-04-14 08:12 - 00000000 ____D () C:\FRST2014-04-14 08:09 - 2014-04-14 08:09 - 00000000 _____ () C:\Recovery.txt2014-04-14 03:49 - 2014-04-14 03:49 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2014-04-13 13:31 - 2014-04-13 13:31 - 00000000 ____D () C:\Users\william\AppData\Roaming\Malwarebytes2014-04-13 13:09 - 2014-04-13 13:09 - 00000000 ____D () C:\Users\william\AppData\Roaming\Compete2014-04-12 06:12 - 2014-04-12 06:12 - 00000000 ____D () C:\Program Files\Setup Support for Consumer Input2014-04-12 06:10 - 2014-04-12 06:10 - 00000000 ____D () C:\Users\Sandro\AppData\Roaming\Compete2014-04-12 06:09 - 2014-04-12 06:09 - 00000000 ____D () C:\Users\Sandro\AppData\Roaming\Optimizer Pro2014-04-12 06:05 - 2014-04-12 06:11 - 00000000 ____D () C:\Program Files\Consumer Input2014-04-12 06:05 - 2014-04-12 06:06 - 00000000 ____D () C:\Program Files\LPT2014-04-12 06:05 - 2014-04-12 06:05 - 00000000 ____D () C:\Users\Sandro\AppData\Local\Consumer Input2014-04-12 06:05 - 2014-04-12 06:05 - 00000000 ____D () C:\Program Files\Highlightly2014-04-12 06:04 - 2014-04-12 06:04 - 00001024 _____ () C:\Users\Sandro\Desktop\Optimizer Pro.lnk2014-04-12 06:04 - 2014-04-12 06:04 - 00000000 ____D () C:\Program Files\Optimizer Pro2014-04-12 06:01 - 2014-04-12 06:01 - 00000000 ____D () C:\Users\Sandro\AppData\Local\Smartbar2014-04-12 06:01 - 2014-04-12 06:01 - 00000000 ____D () C:\Users\Sandro\AppData\Local\LPT2014-04-12 05:59 - 2014-04-12 05:59 - 00000000 ____D () C:\Program Files\Software Updater2014-04-12 05:57 - 2014-04-14 04:07 - 00000000 ____D () C:\ProgramData\2992199F9A2014-04-11 05:01 - 2013-04-30 16:58 - 00327680 _____ () C:\Users\Sandro\Desktop\Throne Rush Hack Tool Unlimited Gems Gold Food.dll2014-04-11 04:44 - 2014-04-11 04:45 - 00000000 ____D () C:\Program Files\Information2014-04-11 04:37 - 2014-04-11 04:37 - 00000000 ____D () C:\Users\Sandro\AppData\Local\VisualBeeExe2014-04-11 04:37 - 2014-04-11 04:37 - 00000000 ____D () C:\Users\Sandro\AppData\Local\VisualBeeClient2014-04-11 04:37 - 2014-04-11 04:37 - 00000000 ____D () C:\Program Files\HQvidPv1.12014-04-11 04:36 - 2014-04-11 04:37 - 00000000 ____D () C:\ProgramData\VisualBee2014-04-11 04:36 - 2014-04-11 04:36 - 00451832 _____ () C:\Users\Sandro\Downloads\Throne+Rush+Hack+Tool+Unlimited+Gems+Gold+Food.exe2014-04-11 04:36 - 2014-04-11 04:36 - 00001246 _____ () C:\Users\Sandro\Desktop\Create Amazing Presentations.lnk2014-04-11 04:36 - 2014-04-11 04:36 - 00000000 ____D () C:\Users\Sandro\AppData\Local\Local_Weather_LLC2014-04-11 04:36 - 2014-04-11 04:36 - 00000000 ____D () C:\Users\Sandro\AppData\Local\emaze2014-04-11 04:35 - 2014-04-13 13:19 - 00000000 ____D () C:\Users\Sandro\AppData\Local\WeatherAlerts2014-04-11 04:35 - 2014-04-12 06:02 - 00000000 ____D () C:\Program Files\SearchProtect2014-04-11 04:35 - 2014-04-11 04:35 - 00000000 ____D () C:\Users\Sandro\AppData\Local\SearchProtect ==================== One Month Modified Files and Folders ======= 2014-04-14 08:12 - 2014-04-14 08:12 - 00000000 ____D () C:\FRST2014-04-14 08:09 - 2014-04-14 08:09 - 00000000 _____ () C:\Recovery.txt2014-04-14 04:07 - 2014-04-12 05:57 - 00000000 ____D () C:\ProgramData\2992199F9A2014-04-14 04:06 - 2012-07-25 22:03 - 00589359 _____ () C:\Windows\setupact.log2014-04-14 04:00 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\System32\sru2014-04-14 03:49 - 2014-04-14 03:49 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2014-04-13 18:57 - 2013-02-20 16:05 - 02030097 _____ () C:\Windows\WindowsUpdate.log2014-04-13 18:47 - 2013-05-24 19:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-04-13 17:35 - 2013-02-20 00:01 - 00000000 __SHD () C:\Recovery2014-04-13 17:35 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\System32\LogFiles2014-04-13 13:31 - 2014-04-13 13:31 - 00000000 ____D () C:\Users\william\AppData\Roaming\Malwarebytes2014-04-13 13:26 - 2013-02-20 15:58 - 00000000 ____D () C:\users\Sandro2014-04-13 13:25 - 2013-02-20 15:55 - 00007760 _____ () C:\Windows\PFRO.log2014-04-13 13:22 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\Microsoft.NET2014-04-13 13:19 - 2014-04-11 04:35 - 00000000 ____D () C:\Users\Sandro\AppData\Local\WeatherAlerts2014-04-13 13:09 - 2014-04-13 13:09 - 00000000 ____D () C:\Users\william\AppData\Roaming\Compete2014-04-12 06:12 - 2014-04-12 06:12 - 00000000 ____D () C:\Program Files\Setup Support for Consumer Input2014-04-12 06:11 - 2014-04-12 06:05 - 00000000 ____D () C:\Program Files\Consumer Input2014-04-12 06:10 - 2014-04-12 06:10 - 00000000 ____D () C:\Users\Sandro\AppData\Roaming\Compete2014-04-12 06:09 - 2014-04-12 06:09 - 00000000 ____D () C:\Users\Sandro\AppData\Roaming\Optimizer Pro2014-04-12 06:06 - 2014-04-12 06:05 - 00000000 ____D () C:\Program Files\LPT2014-04-12 06:05 - 2014-04-12 06:05 - 00000000 ____D () C:\Users\Sandro\AppData\Local\Consumer Input2014-04-12 06:05 - 2014-04-12 06:05 - 00000000 ____D () C:\Program Files\Highlightly2014-04-12 06:04 - 2014-04-12 06:04 - 00001024 _____ () C:\Users\Sandro\Desktop\Optimizer Pro.lnk2014-04-12 06:04 - 2014-04-12 06:04 - 00000000 ____D () C:\Program Files\Optimizer Pro2014-04-12 06:02 - 2014-04-11 04:35 - 00000000 ____D () C:\Program Files\SearchProtect2014-04-12 06:01 - 2014-04-12 06:01 - 00000000 ____D () C:\Users\Sandro\AppData\Local\Smartbar2014-04-12 06:01 - 2014-04-12 06:01 - 00000000 ____D () C:\Users\Sandro\AppData\Local\LPT2014-04-12 05:59 - 2014-04-12 05:59 - 00000000 ____D () C:\Program Files\Software Updater2014-04-11 05:00 - 2014-03-07 09:42 - 00000000 ____D () C:\TMP2014-04-11 04:50 - 2013-12-14 17:48 - 00015360 ___SH () C:\Users\Sandro\Desktop\Thumbs.db2014-04-11 04:45 - 2014-04-11 04:44 - 00000000 ____D () C:\Program Files\Information2014-04-11 04:37 - 2014-04-11 04:37 - 00000000 ____D () C:\Users\Sandro\AppData\Local\VisualBeeExe2014-04-11 04:37 - 2014-04-11 04:37 - 00000000 ____D () C:\Users\Sandro\AppData\Local\VisualBeeClient2014-04-11 04:37 - 2014-04-11 04:37 - 00000000 ____D () C:\Program Files\HQvidPv1.12014-04-11 04:37 - 2014-04-11 04:36 - 00000000 ____D () C:\ProgramData\VisualBee2014-04-11 04:36 - 2014-04-11 04:36 - 00451832 _____ () C:\Users\Sandro\Downloads\Throne+Rush+Hack+Tool+Unlimited+Gems+Gold+Food.exe2014-04-11 04:36 - 2014-04-11 04:36 - 00001246 _____ () C:\Users\Sandro\Desktop\Create Amazing Presentations.lnk2014-04-11 04:36 - 2014-04-11 04:36 - 00000000 ____D () C:\Users\Sandro\AppData\Local\Local_Weather_LLC2014-04-11 04:36 - 2014-04-11 04:36 - 00000000 ____D () C:\Users\Sandro\AppData\Local\emaze2014-04-11 04:35 - 2014-04-11 04:35 - 00000000 ____D () C:\Users\Sandro\AppData\Local\SearchProtect2014-04-04 18:58 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\System32\NDF2014-03-24 17:07 - 2013-02-20 16:07 - 00848230 _____ () C:\Windows\System32\PerfStringBackup.INI2014-03-15 18:06 - 2013-05-31 12:01 - 00063488 ___SH () C:\Users\Sandro\Downloads\Thumbs.db Some content of TEMP:====================C:\Users\Sandro\AppData\Local\Temp\air1A49.exeC:\Users\Sandro\AppData\Local\Temp\air1F7B.exeC:\Users\Sandro\AppData\Local\Temp\air5087.exeC:\Users\Sandro\AppData\Local\Temp\air5692.exeC:\Users\Sandro\AppData\Local\Temp\air5D3D.exeC:\Users\Sandro\AppData\Local\Temp\airA724.exeC:\Users\Sandro\AppData\Local\Temp\ConsumerInputSetup.exeC:\Users\Sandro\AppData\Local\Temp\information.exeC:\Users\Sandro\AppData\Local\Temp\kIqh.dllC:\Users\Sandro\AppData\Local\Temp\nsaA8E8.exeC:\Users\Sandro\AppData\Local\Temp\nsc3C2E.exeC:\Users\Sandro\AppData\Local\Temp\nsg84C2.exeC:\Users\Sandro\AppData\Local\Temp\nsm888B.exeC:\Users\Sandro\AppData\Local\Temp\nsrACF0.exeC:\Users\Sandro\AppData\Local\Temp\SendMsg.dllC:\Users\Sandro\AppData\Local\Temp\setup.exeC:\Users\Sandro\AppData\Local\Temp\vbmz13.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 27%Total physical RAM: 1526.44 MBAvailable physical RAM: 1112.52 MBTotal Pagefile: 1526.44 MBAvailable Pagefile: 1115.01 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1940.16 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:116.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (TEMPER) (Removable) (Total:0.94 GB) (Free:0.86 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 4002DA01)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 964 MB) (Disk ID: 91F72D24)Partition 1: (Not Active) - (Size=964 MB) - (Type=0B) LastRegBack: 2014-04-09 15:09 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.