Jump to content

MichaelAnomoly

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. MichaelAnomoly
    Hey all, you folks are most helpful, I don't know where this one came from, I've gone only to sites like ebay, youtube, etsy...adobe, I literally just had the fbi virus on my other laptop and vowed never to even go to a site like hulu in order to stream anything ever again, it was just to much! how could I have got this one? (maybe wikianswers?) A few google searches reveals to me that this little virus can be pretty nasty? and I think it's disabled sound...does that sounds like it's trademark to anybody? or is there another one that does that? Please help guys, I know you can wipe it out, thanks!! and to Mr. Charlie and the other team mates who helped me kick that fbi virus out into the cold, thanks so much!
  2. MichaelAnomoly
    Here's the log... wow, there sure are alot of steps, so this malware has some pretty long tentacles, huh? ComboFix 13-01-13.01 - A 01/12/2013 22:33:14.3.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.824 [GMT -6:00] Running from: c:\users\A\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 ))))))))))))))))))))))))))))))) . . 2013-01-13 04:42 . 2013-01-13 04:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-12 22:48 . 2013-01-12 23:48 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-01-12 22:34 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA37DF96-F436-4A36-B2CF-CD07AA08702D}\mpengine.dll 2013-01-12 22:33 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-12 22:33 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-12 22:32 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-12 22:32 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-12 22:32 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-12 22:32 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-12 22:32 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-12 22:32 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-12 22:32 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-12 22:30 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-12 22:24 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-12 22:09 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-12 09:57 . 2013-01-12 09:57 -------- d-----w- C:\FRST 2013-01-09 17:49 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll 2013-01-07 20:15 . 2013-01-07 20:15 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-21 22:02 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 22:02 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 22:02 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 22:02 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 23:49 . 2012-04-18 06:07 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-12 23:49 . 2011-07-05 22:37 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-07 20:15 . 2012-09-28 17:12 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-01-07 20:15 . 2011-11-04 05:00 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-30 04:45 . 2013-01-12 22:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-28 08:55 . 2012-11-28 08:56 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DB3719-85C7-4CB6-AC3C-9949E2B5FF5E}\gapaengine.dll 2012-11-14 07:06 . 2012-12-12 22:03 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 22:03 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 22:04 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 22:04 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 22:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 22:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 22:04 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 22:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 22:04 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 22:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 22:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 22:04 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 22:04 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 22:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 22:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 22:04 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 22:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 22:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 22:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 22:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 22:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 22:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 16:26 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 16:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 16:20 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 16:20 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-16 08:38 . 2012-11-28 11:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 11:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 11:21 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3}] c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll [bU] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-08-19 16:45 790304 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864] "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-29 708608] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-08 1255736] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 145408] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-04-27 57344] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] . . Contents of the 'Scheduled Tasks' folder . 2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:49] . 2013-01-13 c:\windows\Tasks\FinalTorrent Update Checker.job - c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-10-10 20:24] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 12:31] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02 12:31] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1002288550-3500451634-2136258424-1000Core.job - c:\users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 15:07] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1002288550-3500451634-2136258424-1000UA.job - c:\users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 15:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 358912] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273611103206l0383z1l5w4931r72o mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273611103206l0383z1l5w4931r72o mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{6C4103BD-356A-47FE-8112-F785E4576138}: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{6C4103BD-356A-47FE-8112-F785E4576138}\16474777966696: DhcpNameServer = 10.130.220.129 64.134.255.2 64.134.255.10 TCP: Interfaces\{6C4103BD-356A-47FE-8112-F785E4576138}\2375942554335303: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{6C4103BD-356A-47FE-8112-F785E4576138}\2456C6B696E6F5052756D2E4F5238373638363: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6C4103BD-356A-47FE-8112-F785E4576138}\65562796A7F6E60275962756C6563737D27657563747: DhcpNameServer = 192.168.7.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML.F7Z7ID2FUMVLXX7TA2XHHPG35M" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML.F7Z7ID2FUMVLXX7TA2XHHPG35M" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML.F7Z7ID2FUMVLXX7TA2XHHPG35M" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML.F7Z7ID2FUMVLXX7TA2XHHPG35M" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) @Denied: (2) (LocalSystem) "Progid"="ChromeHTML.F7Z7ID2FUMVLXX7TA2XHHPG35M" . [HKEY_USERS\S-1-5-21-1002288550-3500451634-2136258424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-1002288550-3500451634-2136258424-1000) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 22:47:12 ComboFix-quarantined-files.txt 2013-01-13 04:47 ComboFix2.txt 2013-01-13 04:18 . Pre-Run: 136,426,524,672 bytes free Post-Run: 136,365,617,152 bytes free . - - End Of File - - 24763E0FF602CB2805C3725EEDC0A99A
  3. MichaelAnomoly
    Oh I see, well alright, here's the RK report" RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : A [Admin rights] Mode : Scan -- Date : 01/12/2013 19:17:39 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++ --- User --- [MBR] 144e7a4309129cc8e45132fac3a3cc68 [bSP] 9aaf140d59838c9f44199345a563cd61 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 226085 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01122013_02d1917.txt >> RKreport[1]_S_01122013_02d1917.txt
  4. MichaelAnomoly
    Yes! Mr. Charlie, you're a genuis...you know honestly, I'm intruiged...not to sound like a fanboy or anything, but do you think it would be possible to start learning what it is that you're doing here to help people?
  5. MichaelAnomoly
    Hey no problem, whatever I have to do, short of a full wipe to get this thing outta my hair... Followed instructions here's the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-12 16:04:17 Run:1 Running from F:\ ============================================== DEFAULT hive was successfully copied to System32\config\HiveBackup DEFAULT hive was successfully restored from registry back up. SAM hive was successfully copied to System32\config\HiveBackup SAM hive was successfully restored from registry back up. SECURITY hive was successfully copied to System32\config\HiveBackup SECURITY hive was successfully restored from registry back up. SOFTWARE hive was successfully copied to System32\config\HiveBackup SOFTWARE hive was successfully restored from registry back up. SYSTEM hive was successfully copied to System32\config\HiveBackup SYSTEM hive was successfully restored from registry back up. ==== End of Fixlog ====
  6. MichaelAnomoly
    I got it yesterday night around 9 oclock while streaming television...for the record, what happened is that at first I could enter safemode, but when I tried following some instructions, like %appdata% it appeared there too, is there any way of using OTLPE via usb?
  7. MichaelAnomoly
    Oh this is great, you work so quickly, it's beautiful, really! First, the FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013 Ran by SYSTEM at 12-01-2013 14:16:46 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] () HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation) HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.) HKLM-x32\...\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] () HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2010-12-09] (Nullsoft, Inc.) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x] HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\A\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\A\...\Run: [Google Update] "C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-17] (Google Inc.) HKU\A\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17875120 2012-10-19] (Skype Technologies S.A.) HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x] HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x] HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) =================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com) 2 FTSvc; "C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe" [11776 2011-12-12] (Brand Affinity Technologies) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation) 3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation) 2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) 2 Stuffit Archive Name Service; "C:\Program Files (x86)\Smith Micro\StuffIt\ArcNameService.exe" [157016 2008-01-31] (Smith Micro Software, Inc.) ==================== Drivers (Whitelisted) ===================== 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) 2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 3 swmsflt; C:\Windows\System32\Drivers\swmsflt.sys [28808 2008-03-05] () 3 swmsflt; C:\Windows\SysWow64\Drivers\swmsflt.sys [28808 2008-03-05] () 3 SWNC5E00; C:\Windows\System32\Drivers\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.) 3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x] 3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-09 13:38 - 2013-01-12 01:38 - 00000000 ____D C:\Users\A\AppData\Roaming\Adobe 2013-01-09 09:49 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-08 16:14 - 2013-01-08 16:14 - 00000000 ____D C:\Users\A\AppData\Local\{11B94B33-8E73-472E-80E9-E0DFCEDFF21F} 2013-01-07 12:16 - 2013-01-07 12:15 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-01-07 12:15 - 2013-01-07 12:15 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-01-07 12:15 - 2013-01-07 12:15 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-01-07 12:15 - 2013-01-07 12:15 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-01-02 08:35 - 2013-01-02 08:35 - 00277056 ____A C:\Windows\Minidump\010213-71776-01.dmp 2012-12-27 02:22 - 2012-12-27 02:22 - 00277112 ____A C:\Windows\Minidump\122712-26067-01.dmp 2012-12-21 14:02 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-21 14:02 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 14:02 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-21 14:02 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll ==================== One Month Modified Files and Folders ======= 2013-01-12 01:57 - 2013-01-12 01:57 - 00000000 ____D C:\FRST 2013-01-12 01:42 - 2011-11-18 19:57 - 00000000 ____D C:\Windows\System32\Macromed 2013-01-12 01:42 - 2010-11-01 08:48 - 00000000 ____D C:\users\A 2013-01-12 01:42 - 2009-10-29 00:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2013-01-12 01:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-01-12 01:41 - 2012-09-28 09:14 - 00000000 ____D C:\Users\All Users\McAfee Security Scan 2013-01-12 01:41 - 2011-12-01 19:44 - 00000000 ____D C:\Users\A\Desktop\PhotoshopPortable 2013-01-12 01:41 - 2011-10-09 19:53 - 00000000 ____D C:\Users\A\AppData\Roaming\FinalTorrent 2013-01-12 01:41 - 2009-10-29 00:34 - 00000000 ____D C:\Users\All Users\Symantec 2013-01-12 01:41 - 2009-10-28 23:55 - 00000000 ____D C:\Users\All Users\Microsoft Help 2013-01-12 01:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-01-12 01:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2013-01-12 01:38 - 2013-01-09 13:38 - 00000000 ____D C:\Users\A\AppData\Roaming\Adobe 2013-01-12 01:33 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-01-11 20:11 - 2011-11-30 11:32 - 01851904 __ASH C:\Users\A\Desktop\Thumbs.db 2013-01-11 17:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing 2013-01-09 14:00 - 2011-12-02 04:31 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-09 14:00 - 2010-11-01 05:37 - 01344437 ____A C:\Windows\WindowsUpdate.log 2013-01-09 13:47 - 2012-04-17 22:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-09 13:37 - 2012-08-31 04:27 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1002288550-3500451634-2136258424-1000UA.job 2013-01-09 09:33 - 2012-08-31 04:27 - 00000840 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1002288550-3500451634-2136258424-1000Core.job 2013-01-08 23:32 - 2011-10-09 19:51 - 00000384 ____A C:\Windows\Tasks\FinalTorrent Update Checker.job 2013-01-08 19:22 - 2012-09-14 10:17 - 00000428 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-01-08 18:00 - 2011-12-02 04:31 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-08 16:14 - 2013-01-08 16:14 - 00000000 ____D C:\Users\A\AppData\Local\{11B94B33-8E73-472E-80E9-E0DFCEDFF21F} 2013-01-07 12:15 - 2013-01-07 12:16 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-01-07 12:15 - 2013-01-07 12:15 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-01-07 12:15 - 2013-01-07 12:15 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-01-07 12:15 - 2013-01-07 12:15 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-01-07 12:15 - 2012-09-28 09:12 - 00859072 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-01-07 12:15 - 2011-11-03 21:00 - 00779704 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-01-07 12:15 - 2011-03-10 09:00 - 00000000 ____D C:\Program Files (x86)\Java 2013-01-06 16:55 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-06 16:55 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-04 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-01-02 08:35 - 2013-01-02 08:35 - 00277056 ____A C:\Windows\Minidump\010213-71776-01.dmp 2013-01-02 08:35 - 2011-08-28 14:26 - 00000000 ____D C:\Windows\Minidump 2013-01-02 08:35 - 2010-11-04 17:55 - 00327680 ____A C:\Windows\System32\Ikeext.etl 2013-01-02 08:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-02 08:35 - 2009-07-13 20:51 - 00074849 ____A C:\Windows\setupact.log 2013-01-02 08:34 - 2012-09-02 18:56 - 294335352 ____A C:\Windows\MEMORY.DMP 2012-12-31 17:53 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-27 08:20 - 2012-11-05 16:44 - 00000000 ____D C:\Users\A\AppData\Roaming\Skype 2012-12-27 02:22 - 2012-12-27 02:22 - 00277112 ____A C:\Windows\Minidump\122712-26067-01.dmp 2012-12-22 10:59 - 2009-07-13 20:45 - 00366160 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-16 09:11 - 2012-12-21 14:02 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 06:45 - 2012-12-21 14:02 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:13 - 2012-12-21 14:02 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 06:13 - 2012-12-21 14:02 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-13 12:54 - 2012-08-31 04:36 - 00002467 ____A C:\Users\A\Desktop\Google Chrome.lnk ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-09 14:02:28 ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 1978.92 MB Available physical RAM: 1395.64 MB Total Pagefile: 1978.92 MB Available Pagefile: 1383.05 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: (Acer) (Fixed) (Total:220.79 GB) (Free:40.03 GB) NTFS 2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.02 GB) NTFS 3 Drive f: () (Removable) (Total:1.97 GB) (Free:1.97 GB) FAT 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 Online 2015 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 12 GB 1024 KB Partition 2 Primary 100 MB 12 GB Partition 3 Primary 220 GB 12 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E PQSERVICE NTFS Partition 12 GB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C Acer NTFS Partition 220 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 2014 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT Removable 2014 MB Healthy ========================================================= Last Boot: 2013-01-03 23:03 ==================== End Of Log ============================= now Services.exe: Farbar Recovery Scan Tool (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-12 14:18:34 Running from F:\ ================== Search: "services,exe" =================== ====== End Of Search ======
  8. MichaelAnomoly
    Thanks for your suggestion, Mr. Charlie, but my acer is one of those mini-laptops with no disk drives...are you familiar with the Farbar Recovery Scan tool? I don't mean to undermine but after this post I kept searching around and found that on another forum...I'm not sure whether the programs make the same types of logs, but I have one that I would be happy to paste for examination! Would you like me to? Thanks so much!
  9. MichaelAnomoly
    Hi guys glad to be here, shame we have to meet under these circumstances Just what the headline says, I really need a solution that I won't have to buy and please don't tell me to wipe my hd... What happened is that at first safemode was available, but then as I tried to enter the command screen and the virus came up and since then it has not been avoidable in safemode - it shows its face within moments of booting up. Please give me a step by step response to beat this thing over the head! a quick note, the virus says the fine is $500, not $100 or something else... does this matter? Thanks so much for your help and timely responses...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.