Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with fbi virus im using farbar


  • This topic is locked This topic is locked
27 replies to this topic

#1 birdman1221

birdman1221

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 09:04 AM

Please help i got a dell winxp with the fbi virus that just goes to a white screen i cannot boot in safe mode except for safe with command and only into my adminstrator account not my user account i have ran furbur and this is what i get.  Any help would great god bless.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by Administrator (administrator) on 27-06-2013 07:18:10
Running from G:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.)
HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: []  [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TimeServer] "C:\Documents and Settings\user1\Application Data\Adobe\WIN41.exe" [132096 2013-06-15] ()
HKLM\...\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
HKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x]
HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [x]
HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\user1\...\Run: [SearchProtect] C:\Documents and Settings\user1\Application Data\SearchProtect\bin\cltmng.exe [ 2013-05-08] (Conduit)
HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION!
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe ()
Startup: C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnk
ShortcutTarget: Registry Defender Platinum.lnk -> C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (No File)
Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm133YYus&ptnrS=YKxdm133YYus&ptb=EFE1E13C-2FEB-4A29-ACD9-C2824D8FDE2D&psa=&ind=2012101415&st=sb&n=77ee3b27&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope value is missing.
BHO: Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)
Toolbar: HKLM - Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It)
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation                           )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S2 5897; \??\C:\DOCUME~1\user1\LOCALS~1\Temp\5897.sys [x]
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 bvrp_pci; No ImagePath
S3 CA561; System32\Drivers\SPCA561.SYS [x]
S1 Changer; No ImagePath
S1 lbrtfdc; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-26 17:19 - 2013-06-27 07:16 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-26 17:19 - 2013-06-27 07:04 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec
2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin
2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun
2013-06-26 17:19 - 2005-08-16 19:52 - 00000136 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk
2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll
2013-06-23 18:24 - 2013-06-23 18:24 - 01097669 ____A C:\Documents and Settings\user1\Application Data\2433f433
2013-06-23 18:24 - 2013-06-23 18:24 - 01097642 ____A C:\Documents and Settings\user1\Local Settings\Application Data\2433f433
2013-06-23 18:24 - 2013-06-23 18:24 - 01097634 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-09 17:36 - 2013-06-24 21:00 - 00000876 ____A C:\Windows\Tasks\Security Center Update - 1109667663.job
2013-06-09 17:36 - 2013-06-24 21:00 - 00000872 ____A C:\Windows\Tasks\Security Center Update - 1358676618.job
2013-06-09 17:36 - 2013-06-09 19:10 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Ydfoeq
2013-06-09 17:36 - 2013-06-09 19:10 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Peeqadze
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\vlcplayer.exe
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\opera.exe
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\acrobat.exe
2013-06-08 16:43 - 2013-06-08 16:44 - 00148992 ____A (TPM-Software Systems LLC) C:\Documents and Settings\user1\teamviewer.exe
2013-06-08 11:48 - 2013-06-27 07:05 - 00000424 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_LG.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_UP.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RS.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RN.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RM.job
2013-06-08 11:39 - 2013-06-08 11:40 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-08 11:34 - 2013-06-08 11:40 - 00000000 ____D C:\Program Files\PC HealthBoost
2013-06-08 11:32 - 2013-06-08 11:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCHealthBoost
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect
2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll

==================== One Month Modified Files and Folders ========

2013-06-27 07:16 - 2013-06-26 17:19 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-27 07:16 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-27 07:06 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini
2013-06-27 07:06 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt
2013-06-27 07:06 - 2005-08-16 03:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 07:06 - 2005-08-16 03:40 - 01635316 ____A C:\Windows\WindowsUpdate.log
2013-06-27 07:06 - 2005-08-16 03:35 - 00000215 ____A C:\Windows\wiadebug.log
2013-06-27 07:06 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-27 07:05 - 2013-06-08 11:48 - 00000424 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_LG.job
2013-06-27 07:05 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration
2013-06-27 07:04 - 2013-06-26 17:19 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-27 07:04 - 2012-12-09 15:13 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 07:04 - 2009-11-11 15:25 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini
2013-06-27 07:04 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log
2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log
2013-06-26 18:54 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-26 17:30 - 2012-08-29 19:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 21:00 - 2013-06-09 17:36 - 00000876 ____A C:\Windows\Tasks\Security Center Update - 1109667663.job
2013-06-24 21:00 - 2013-06-09 17:36 - 00000872 ____A C:\Windows\Tasks\Security Center Update - 1358676618.job
2013-06-23 18:24 - 2013-06-23 18:24 - 01097669 ____A C:\Documents and Settings\user1\Application Data\2433f433
2013-06-23 18:24 - 2013-06-23 18:24 - 01097642 ____A C:\Documents and Settings\user1\Local Settings\Application Data\2433f433
2013-06-23 18:24 - 2013-06-23 18:24 - 01097634 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-23 18:24 - 2012-01-11 10:24 - 00000234 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt
2013-06-23 12:34 - 2012-12-09 15:13 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe
2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-09 19:10 - 2013-06-09 17:36 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Ydfoeq
2013-06-09 19:10 - 2013-06-09 17:36 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Peeqadze
2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job
2013-06-08 19:17 - 2013-04-16 09:55 - 00000004 ____A C:\Documents and Settings\user1\Application Data\skype.ini
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\vlcplayer.exe
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\opera.exe
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\acrobat.exe
2013-06-08 16:44 - 2013-06-08 16:43 - 00148992 ____A (TPM-Software Systems LLC) C:\Documents and Settings\user1\teamviewer.exe
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_UP.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RS.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RN.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RM.job
2013-06-08 11:48 - 2013-06-08 11:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCHealthBoost
2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-08 11:40 - 2013-06-08 11:39 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-08 11:40 - 2013-06-08 11:34 - 00000000 ____D C:\Program Files\PC HealthBoost
2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect
2013-06-08 11:28 - 2012-03-13 16:08 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Conduit
2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe

Files to move or delete:
====================
C:\Documents and Settings\user1\acrobat.exe
C:\Documents and Settings\user1\acrobatreader.exe
C:\Documents and Settings\user1\java.exe
C:\Documents and Settings\user1\notepad.exe
C:\Documents and Settings\user1\opera.exe
C:\Documents and Settings\user1\teamviewer.exe
C:\Documents and Settings\user1\vlcplayer.exe
C:\Documents and Settings\user1\Application Data\skype.dat
C:\Documents and Settings\user1\Application Data\skype.ini

==================== Bamital & volsnap Check =================

 

 



BC AdBot (Login to Remove)

 


#2 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 09:05 AM

i meant to say farbar sorry



#3 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 09:17 AM

I have tried kickstarter on usb with f12 boot, i cant use safe mode, or safe mode with networking, just safe mode w command prompt using admin if i try user it just reboots, i dont have option when i press f8 to repair computer or restore computer that is usually at the top, just safe mode through ect.



#4 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 10:01 AM

i tried doing some myself n fixed some myself i had under zero access  and under registry white this and scan then fixed but the 3rd line did not go away it said value not found but i did get rid of line 1 2 4 and 5 as you can see below this scan

 

HKU\t\...\Run: [qcgcc2mrvjq91kk1e7pnbb19m52fx] C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe [ 2013-06-23] (NVIDIA Corporation) <=====ATTENTION
HKU\t\...\Winlogon: [Shell] cmd.exe [ 2008-04-13] (MicrosoftCorporation) <=====ATTENTION!

HKU\T\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <=====ATTENTION!

zero access

C:\RECYCLER\S-1-5-21-3861836865-4004345313-2949810384-10091$c91c07110ddae425648460308f15d8f1
C:\RECYCLER\S-1-5-18\$c91c07110ddae425648460308f15d8f1

 

this after i ran first fixlist

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02
Ran by Administrator at 2013-06-27 07:02:03 Run:1
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

HKU\user1\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\user1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found.
C:\RECYCLER\S-1-5-21-3861836865-4004345313-2949810384-1009\$c91c07110ddae425648460308f15d8f1 => Moved successfully.
C:\RECYCLER\S-1-5-18\$c91c07110ddae425648460308f15d8f1 => Deleted successfully.

==== End of Fixlog ====

 

But im till having promblems


Edited by birdman1221, 27 June 2013 - 10:04 AM.


#5 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 12:25 PM

gringo please help god bless



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 27 June 2013 - 12:29 PM


Hello birdman1221

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
Start
HKLM\...\Run: [Cleanup] C:\DOCUME~1\Hillary\LOCALS~1\Temp\20091111135328_mcappins.exe /v=3 /cleanup [x] <===== ATTENTION
HKLM\...\Run: [msci] C:\DOCUME~1\Hillary\LOCALS~1\Temp\20091111135325_mcinfo.exe /insfin [x] <===== ATTENTION
HKLM\...\Run: [TimeServer] "C:\Documents and Settings\user1\Application Data\Adobe\WIN41.exe" [132096 2013-06-15] ()
HKLM\...\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKU\Rick.DBVW4W91\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [x]
HKU\user1\...\Run: [SearchProtect] C:\Documents and Settings\user1\Application Data\SearchProtect\bin\cltmng.exe [ 2013-05-08] (Conduit)
HKU\user1\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe [ 2013-06-23] (NVIDIA Corporation) <===== ATTENTION
HKU\user1\...\Winlogon: [Shell] cmd.exe [ 2008-04-13] (Microsoft Corporation) <==== ATTENTION
HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION!
Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-05-31] (Just Develop It)
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit)
S2 5897; \??\C:\DOCUME~1\user1\LOCALS~1\Temp\5897.sys [x]
2013-06-23 18:24 - 2013-06-23 18:24 - 01097669 ____A C:\Documents and Settings\user1\Application Data\2433f433
2013-06-23 18:24 - 2013-06-23 18:24 - 01097642 ____A C:\Documents and Settings\user1\Local Settings\Application Data\2433f433
2013-06-23 18:24 - 2013-06-23 18:24 - 01097634 ____A C:\Documents and Settings\All Users\Application Data\2433f433
2013-06-09 17:36 - 2013-06-24 21:00 - 00000876 ____A C:\Windows\Tasks\Security Center Update - 1109667663.job
2013-06-09 17:36 - 2013-06-24 21:00 - 00000872 ____A C:\Windows\Tasks\Security Center Update - 1358676618.job
2013-06-09 17:36 - 2013-06-09 19:10 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Ydfoeq
2013-06-09 17:36 - 2013-06-09 19:10 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Peeqadze
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\vlcplayer.exe
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\opera.exe
2013-06-08 16:44 - 2013-06-08 16:44 - 00000000 ____A C:\Documents and Settings\user1\acrobat.exe
2013-06-08 16:43 - 2013-06-08 16:44 - 00148992 ____A (TPM-Software Systems LLC) C:\Documents and Settings\user1\teamviewer.exe
2013-06-08 11:48 - 2013-06-26 18:56 - 00000424 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_LG.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_UP.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RS.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RN.job
2013-06-08 11:48 - 2013-06-08 11:48 - 00000376 ____A C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RM.job
2013-06-08 11:39 - 2013-06-08 11:40 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-08 11:34 - 2013-06-08 11:40 - 00000000 ____D C:\Program Files\PC HealthBoost
2013-06-08 11:32 - 2013-06-08 11:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCHealthBoost
C:\RECYCLER\S-1-5-21-3861836865-4004345313-2949810384-1009\$c91c07110ddae425648460308f15d8f1
C:\RECYCLER\S-1-5-18\$c91c07110ddae425648460308f15d8f1
C:\Documents and Settings\user1\acrobat.exe
C:\Documents and Settings\user1\acrobatreader.exe
C:\Documents and Settings\user1\java.exe
C:\Documents and Settings\user1\notepad.exe
C:\Documents and Settings\user1\opera.exe
C:\Documents and Settings\user1\teamviewer.exe
C:\Documents and Settings\user1\vlcplayer.exe
C:\Documents and Settings\user1\Application Data\skype.dat
C:\Documents and Settings\user1\Application Data\skype.ini
cmd: Dir /b /a:l "C:\Program Files" /s
end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system



Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 12:43 PM

thx trying now give me a few  mins



#8 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 12:53 PM

it stills goes to white screen after boot heres the fixlog


Edited by birdman1221, 27 June 2013 - 01:04 PM.


#9 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 01:02 PM

it still goes to white screen

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02
Ran by Administrator at 2013-06-27 11:48:39 Run:5
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Cleanup => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\msci => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Rick.DBVW4W91\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => Value deleted successfully.
HKU\user1\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
HKU\user1\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.
HKU\user1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found.
C:\Documents and Settings\user1\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files\MyPC Backup\MyPC Backup.exe => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
BackupStack => Service deleted successfully.
CltMngSvc => Service deleted successfully.
5897 => Service deleted successfully.
C:\Documents and Settings\user1\Application Data\2433f433 => Moved successfully.
C:\Documents and Settings\user1\Local Settings\Application Data\2433f433 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\2433f433 => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1109667663.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1358676618.job => Moved successfully.
C:\Documents and Settings\user1\Application Data\Ydfoeq => Moved successfully.
C:\Documents and Settings\user1\Application Data\Peeqadze => Moved successfully.
C:\Documents and Settings\user1\vlcplayer.exe => Moved successfully.
C:\Documents and Settings\user1\opera.exe => Moved successfully.
C:\Documents and Settings\user1\acrobat.exe => Moved successfully.
C:\Documents and Settings\user1\teamviewer.exe => Moved successfully.
C:\Windows\Tasks\PCHB_user1_PCHealthBoost_LG.job => Moved successfully.
C:\Windows\Tasks\PCHB_user1_PCHealthBoost_UP.job => Moved successfully.
C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RS.job => Moved successfully.
C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RN.job => Moved successfully.
C:\Windows\Tasks\PCHB_user1_PCHealthBoost_RM.job => Moved successfully.
C:\Program Files\MyPC Backup => Moved successfully.
C:\Program Files\PC HealthBoost => Moved successfully.
C:\Documents and Settings\All Users\Application Data\PCHealthBoost => Moved successfully.
C:\RECYCLER\S-1-5-21-3861836865-4004345313-2949810384-1009\$c91c07110ddae425648460308f15d8f1 => File/Directory not found.
C:\RECYCLER\S-1-5-18\$c91c07110ddae425648460308f15d8f1 => File/Directory not found.
C:\Documents and Settings\user1\acrobat.exe => File/Directory not found.
C:\Documents and Settings\user1\acrobatreader.exe => Moved successfully.
C:\Documents and Settings\user1\java.exe => Moved successfully.
C:\Documents and Settings\user1\notepad.exe => Moved successfully.
C:\Documents and Settings\user1\opera.exe => File/Directory not found.
C:\Documents and Settings\user1\teamviewer.exe => File/Directory not found.
C:\Documents and Settings\user1\vlcplayer.exe => File/Directory not found.
C:\Documents and Settings\user1\Application Data\skype.dat => Moved successfully.
C:\Documents and Settings\user1\Application Data\skype.ini => Moved successfully.

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========


==== End of Fixlog ====


Edited by birdman1221, 27 June 2013 - 01:03 PM.


#10 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 01:41 PM

gringo plz help when you can god bless



#11 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 01:55 PM

here is my recent scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by Administrator (administrator) on 27-06-2013 12:50:38
Running from G:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.)
HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: []  [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
HKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x]
HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x]
HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION!
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe ()
Startup: C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnk
ShortcutTarget: Registry Defender Platinum.lnk -> C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm133YYus&ptnrS=YKxdm133YYus&ptb=EFE1E13C-2FEB-4A29-ACD9-C2824D8FDE2D&psa=&ind=2012101415&st=sb&n=77ee3b27&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope value is missing.
BHO: Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.)
Toolbar: HKLM - Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation                           )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 bvrp_pci; No ImagePath
S3 CA561; System32\Drivers\SPCA561.SYS [x]
S1 Changer; No ImagePath
S1 lbrtfdc; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-26 17:19 - 2013-06-27 12:49 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-26 17:19 - 2013-06-27 11:49 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec
2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin
2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun
2013-06-26 17:19 - 2005-08-16 19:52 - 00000136 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk
2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect
2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll

==================== One Month Modified Files and Folders ========

2013-06-27 12:49 - 2013-06-26 17:19 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-27 12:48 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-27 11:51 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini
2013-06-27 11:51 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt
2013-06-27 11:51 - 2005-08-16 03:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 11:51 - 2005-08-16 03:40 - 01638844 ____A C:\Windows\WindowsUpdate.log
2013-06-27 11:51 - 2005-08-16 03:35 - 00000216 ____A C:\Windows\wiadebug.log
2013-06-27 11:51 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-27 11:50 - 2012-12-09 15:13 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 11:50 - 2009-11-11 15:25 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini
2013-06-27 11:50 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-27 11:50 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration
2013-06-27 11:49 - 2013-06-26 17:19 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-27 07:38 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-27 07:24 - 2012-01-11 10:24 - 00000234 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST
2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log
2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log
2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC
2013-06-26 17:30 - 2012-08-29 19:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt
2013-06-23 12:34 - 2012-12-09 15:13 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.5
2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5
2013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx
2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml
2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe
2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log
2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log
2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log
2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log
2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job
2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong
2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat
2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END
2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE
2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect
2013-06-08 11:28 - 2012-03-13 16:08 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Conduit
2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#12 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 02:15 PM

somebody plz help i know you guys are very busy but when you can please take look


Edited by birdman1221, 27 June 2013 - 05:40 PM.


#13 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 03:06 PM

Is there anybody out there that can help me?



#14 birdman1221

birdman1221
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 27 June 2013 - 05:14 PM

im trying the avg rescue cd now but not having much luck is there anybody out there that can help with more tips plz.  its just says iso linux etd and a date and no matter what key i press it does nothing


Edited by birdman1221, 27 June 2013 - 05:18 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:01 AM

Posted 27 June 2013 - 10:02 PM

Hello birdman1221,

I am not employed by bleeping computer - I work two jobs - have a wife and two boys and volunteer here to help people like yourself - I have a real life that I need to live also - you posted 8 times before I had a chance to get back then started running things that I have not asked for that is very dangerous and please do not do it again

I need you to download this script I have made for you --> Attached File  fixlist.txt   173bytes   7 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users