Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows firewall cant change some of your settings error 0x80070424


  • This topic is locked This topic is locked
13 replies to this topic

#1 BigPC123

BigPC123

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 01 July 2013 - 06:42 PM

hey i've tried what every other website told me to do but 

nothing seems to work. i have run up to date norton 360 full scan and sophos rootkit removal but

nothing seems to work

 

TIA

 

Tyler



BC AdBot (Login to Remove)

 


#2 BigPC123

BigPC123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 01 July 2013 - 06:48 PM

sorry also i cannot download files as they " fail to pass virus check"



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 02 July 2013 - 01:59 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

 

Tell me:

 

  • Do you have another computer nearby?
  • Which Windows version is runnin on the sick computer? Also tell me, if it is 32- or 64bit.

Edited by TB-Psychotic, 02 July 2013 - 01:59 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 BigPC123

BigPC123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 02 July 2013 - 02:58 AM

I am running a 32-bit version of Windows
I do have a computer nearby that can download
The sick computer is running Windows 7

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 02 July 2013 - 03:09 AM

Download the following on the clean one, but run it on the sick computer:

 

 

Scan with FRST


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 BigPC123

BigPC123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 02 July 2013 - 03:35 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by SYSTEM on 02-07-2013 18:29:22
Running from F:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-27] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-13] ()
HKLM\...\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [x]
HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-26] (Wondershare)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-27] (Hewlett-Packard)
HKLM\...\Run: []  [x]
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-19] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-14] (LogMeIn Inc.)
HKLM\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-05-07] (McAfee, Inc.)
HKLM\...\Run: [McAfeeWrapperApplication] "C:\Program Files\McAfeeMOBK\WrapperTrayIcon.exe" [458696 2013-03-26] (McAfee, Inc.)
HKU\sam\...\Run: [Facebook Update] "C:\Users\sam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2012-07-12] (Facebook Inc.)
HKU\sam\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\sam\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode [x]
HKU\sam\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [ 2013-06-05] (Valve Corporation)
HKU\sam\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2012-03-08] (Microsoft Corporation)
HKU\sam\...\Run: [iCloudServices] C:\iCloudServices.exe [ 2013-04-04] (Apple Inc.)
HKU\sam\...\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe [ 2013-04-04] (Apple Inc.)
HKU\sam\...\Run: [com.apple.dav.bookmarks.daemon] C:\BookmarkDAV_client.exe [ 2013-04-04] (Apple Inc.)
HKU\sam\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-04-18] (Skype Technologies S.A.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Camera Monitor HD.lnk
ShortcutTarget: Camera Monitor HD.lnk -> C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk ->  (No File)
Startup: C:\Users\sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
========================== Services (Whitelisted) =================
 
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-14] (LogMeIn Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [280512 2013-01-21] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [101552 2013-05-21] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [144576 2013-05-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [280512 2013-01-21] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [280512 2013-01-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472104 2013-04-10] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [280512 2013-01-21] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [280512 2013-01-21] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976 2013-02-27] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-04-02] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-04-02] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [280512 2013-01-21] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-26] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-26] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] ()
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-04-02] (McAfee, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-17] (LogMeIn, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147472 2012-05-27] (McAfee, Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-06] ()
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [66296 2013-05-23] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-04-02] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235520 2013-04-02] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-04-02] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363432 2013-04-02] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [566656 2013-04-02] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [257496 2013-02-17] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80592 2013-02-17] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [212432 2013-04-02] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-19] (Microsoft Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-02-07] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58496 2011-02-07] (Silicon Laboratories)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-02 00:17 - 2013-07-02 00:17 - 00000000 ____D C:\FRST
2013-07-01 15:25 - 2013-07-01 15:25 - 00189736 ___AH C:\Windows\System32\mlfcache.dat
2013-07-01 02:13 - 2013-07-01 02:13 - 00003193 ____A C:\Users\tyler\Desktop\Sophos Virus Removal Tool.lnk
2013-07-01 02:13 - 2013-07-01 02:13 - 00000000 ____D C:\ProgramData\Sophos
2013-07-01 02:12 - 2013-07-01 02:12 - 00000000 ____D C:\Program Files\Sophos
2013-07-01 01:25 - 2013-07-01 01:45 - 00000000 ____D C:\Users\tyler\Downloads\Minecraft server
2013-07-01 00:56 - 2013-07-01 00:56 - 00000000 ____D C:\Users\tyler\AppData\Local\Paint.NET
2013-06-29 19:05 - 2013-07-01 15:15 - 00000000 __RSD C:\Users\tyler\Documents\McAfee Vaults
2013-06-29 19:05 - 2013-06-29 19:05 - 00000000 ____D C:\Users\tyler\AppData\Local\McAfee File Lock
2013-06-29 18:45 - 2013-06-29 18:45 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\Microsoft Corporation
2013-06-29 18:22 - 2013-06-29 18:22 - 00108544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.zys
2013-06-29 18:20 - 2013-06-29 18:21 - 00002007 ____A C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
2013-06-29 18:15 - 2013-07-01 15:17 - 00001854 ____A C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
2013-06-29 18:14 - 2013-06-29 18:17 - 00000000 __RSD C:\Users\hhffddfgdfgdfgd\Documents\McAfee Vaults
2013-06-29 18:14 - 2013-06-29 18:15 - 00000000 ____D C:\Program Files\McAfeeMOBK
2013-06-29 18:14 - 2013-06-29 18:14 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\McAfee File Lock
2013-06-29 18:14 - 2013-06-29 18:14 - 00000000 ____D C:\Program Files\McAfee Online Backup
2013-06-29 18:14 - 2013-05-23 23:45 - 00066296 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2013-06-29 18:14 - 2012-05-27 16:28 - 00147472 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-06-29 18:14 - 2010-04-13 02:10 - 00054776 ____A (Mozy, Inc.) C:\Windows\System32\Drivers\MOBK.sys
2013-06-29 18:12 - 2013-07-01 15:11 - 00000000 ____D C:\Program Files\McAfee
2013-06-29 18:12 - 2013-06-29 18:12 - 00000000 ____D C:\Program Files\McAfee.com
2013-06-29 17:54 - 2013-06-29 17:54 - 00000000 ____D C:\Users\sam\AppData\Local\{9EB41052-F855-45D0-9CF2-8BDD1F9FACFF}
2013-06-29 17:42 - 2013-06-29 18:14 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-06-29 17:42 - 2013-04-02 19:50 - 00172416 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2013-06-29 17:28 - 2013-06-29 23:22 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 17:28 - 2013-06-29 17:28 - 00110896 ____A C:\Users\hhffddfgdfgdfgd\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 17:28 - 2013-06-29 17:28 - 00002126 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-06-29 17:28 - 2013-06-29 17:28 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-29 17:28 - 2013-06-29 17:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-06-29 17:12 - 2013-06-29 17:12 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\Google
2013-06-29 17:11 - 2013-06-29 18:39 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\LogMeIn Hamachi
2013-06-29 17:11 - 2013-06-29 17:11 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Roaming\Apple Computer
2013-06-29 17:11 - 2013-06-29 17:11 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\Wondershare
2013-06-29 17:10 - 2013-06-29 17:11 - 00000000 ____D C:\users\hhffddfgdfgdfgd
2013-06-29 17:10 - 2013-06-29 17:10 - 00000020 __ASH C:\Users\hhffddfgdfgdfgd\ntuser.ini
2013-06-29 17:10 - 2013-06-29 17:10 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\VirtualStore
2013-06-29 17:10 - 2012-04-04 22:29 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Roaming\Macromedia
2013-06-29 17:10 - 2012-04-04 22:29 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\Microsoft Help
2013-06-28 23:24 - 2013-07-01 23:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 23:24 - 2013-06-29 00:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-28 23:24 - 2013-06-29 00:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-28 23:03 - 2013-06-28 23:03 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-06-28 22:56 - 2013-06-28 22:56 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-06-28 22:15 - 2013-06-28 22:37 - 00000000 ____D C:\Users\tyler\Downloads\The Internship 2013 [English] DVDRip.720p
2013-06-28 22:14 - 2013-06-28 22:14 - 00030892 ____A C:\Users\tyler\Downloads\The Internship 2013 [English] DVDRip.720p.torrent
2013-06-14 23:56 - 2013-06-14 23:57 - 00000000 ____D C:\Users\sam\Downloads\The Hangover Part III R6 2013 XViD UNiQUE
2013-06-14 23:53 - 2013-06-15 01:58 - 00000000 ____D C:\Users\sam\Downloads\Fast.And.Furious.6.2013.CAM.XviD-NYDIC
2013-06-14 23:46 - 2013-06-14 23:48 - 00000000 ____D C:\Users\sam\Downloads\[ www.UsaBit.com ] - Iron Man 3 2013 R6 LiNE READNFO XViD - JUSTiCE
2013-06-14 21:59 - 2013-06-14 21:59 - 00000000 ____D C:\Users\sam\Downloads\Brakes Direct - Arkon iPad & Tablet Front Seat Mount TABPB088_files
2013-06-14 21:58 - 2013-06-14 21:59 - 00125903 ____A C:\Users\sam\Downloads\Brakes Direct - Arkon iPad & Tablet Front Seat Mount TABPB088.htm
2013-06-12 23:53 - 2013-06-28 10:05 - 00000000 ____D C:\Users\sam\AppData\Local\{FE8D8CF4-BEB5-485A-888E-8FF209819218}
2013-06-12 09:27 - 2013-06-12 09:28 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-06-12 09:01 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 09:01 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 09:01 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 09:01 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 09:01 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 09:01 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 09:01 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 09:01 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 09:01 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 09:01 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 09:01 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 09:01 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 09:01 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:01 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 09:01 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 09:01 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 02:44 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 02:44 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 02:44 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 02:44 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 02:44 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 02:44 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 02:44 - 2013-05-07 21:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 02:44 - 2013-05-05 21:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 02:44 - 2013-05-05 21:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 02:44 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 02:44 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 02:44 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
 
==================== One Month Modified Files and Folders ========
 
2013-07-02 00:25 - 2012-04-04 22:10 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 00:25 - 2012-04-04 22:10 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 00:24 - 2012-08-17 14:19 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3792755983-3538604420-263727039-1006UA.job
2013-07-02 00:22 - 2013-04-09 18:43 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Skype
2013-07-02 00:17 - 2013-07-02 00:17 - 00000000 ____D C:\FRST
2013-07-02 00:15 - 2012-02-17 22:15 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3792755983-3538604420-263727039-1000UA.job
2013-07-02 00:04 - 2013-04-09 17:55 - 00000000 ____D C:\Users\tyler\AppData\Roaming\.minecraft
2013-07-02 00:04 - 2012-06-12 22:59 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3792755983-3538604420-263727039-1005UA.job
2013-07-01 23:47 - 2012-05-07 23:39 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 23:44 - 2012-01-27 23:22 - 00000320 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-07-01 23:31 - 2013-06-28 23:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 23:04 - 2012-06-12 22:59 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3792755983-3538604420-263727039-1005Core.job
2013-07-01 15:25 - 2013-07-01 15:25 - 00189736 ___AH C:\Windows\System32\mlfcache.dat
2013-07-01 15:17 - 2013-06-29 18:15 - 00001854 ____A C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
2013-07-01 15:15 - 2013-06-29 19:05 - 00000000 __RSD C:\Users\tyler\Documents\McAfee Vaults
2013-07-01 15:13 - 2013-04-09 17:54 - 00000000 ____D C:\Users\tyler\AppData\Local\LogMeIn Hamachi
2013-07-01 15:12 - 2012-05-07 23:39 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 15:11 - 2013-06-29 18:12 - 00000000 ____D C:\Program Files\McAfee
2013-07-01 15:11 - 2013-02-03 18:41 - 01098559 ____A C:\Windows\setupact.log
2013-07-01 15:11 - 2010-11-20 13:48 - 00571456 ____A C:\Windows\PFRO.log
2013-07-01 15:11 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 14:24 - 2012-08-17 14:19 - 00000874 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3792755983-3538604420-263727039-1006Core.job
2013-07-01 03:15 - 2012-02-17 22:15 - 00000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3792755983-3538604420-263727039-1000Core.job
2013-07-01 02:13 - 2013-07-01 02:13 - 00003193 ____A C:\Users\tyler\Desktop\Sophos Virus Removal Tool.lnk
2013-07-01 02:13 - 2013-07-01 02:13 - 00000000 ____D C:\ProgramData\Sophos
2013-07-01 02:12 - 2013-07-01 02:12 - 00000000 ____D C:\Program Files\Sophos
2013-07-01 01:45 - 2013-07-01 01:25 - 00000000 ____D C:\Users\tyler\Downloads\Minecraft server
2013-07-01 00:56 - 2013-07-01 00:56 - 00000000 ____D C:\Users\tyler\AppData\Local\Paint.NET
2013-06-29 23:22 - 2013-06-29 17:28 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 19:05 - 2013-06-29 19:05 - 00000000 ____D C:\Users\tyler\AppData\Local\McAfee File Lock
2013-06-29 18:45 - 2013-06-29 18:45 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\Microsoft Corporation
2013-06-29 18:39 - 2013-06-29 17:11 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\LogMeIn Hamachi
2013-06-29 18:22 - 2013-06-29 18:22 - 00108544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.zys
2013-06-29 18:22 - 2010-11-20 13:29 - 00108544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2013-06-29 18:21 - 2013-06-29 18:20 - 00002007 ____A C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
2013-06-29 18:17 - 2013-06-29 18:14 - 00000000 __RSD C:\Users\hhffddfgdfgdfgd\Documents\McAfee Vaults
2013-06-29 18:15 - 2013-06-29 18:14 - 00000000 ____D C:\Program Files\McAfeeMOBK
2013-06-29 18:14 - 2013-06-29 18:14 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\McAfee File Lock
2013-06-29 18:14 - 2013-06-29 18:14 - 00000000 ____D C:\Program Files\McAfee Online Backup
2013-06-29 18:14 - 2013-06-29 17:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-06-29 18:12 - 2013-06-29 18:12 - 00000000 ____D C:\Program Files\McAfee.com
2013-06-29 17:55 - 2012-02-21 00:20 - 00000000 ____D C:\Users\sam\AppData\Roaming\Skype
2013-06-29 17:54 - 2013-06-29 17:54 - 00000000 ____D C:\Users\sam\AppData\Local\{9EB41052-F855-45D0-9CF2-8BDD1F9FACFF}
2013-06-29 17:54 - 2012-05-26 20:46 - 00000000 ____D C:\Program Files\Steam
2013-06-29 17:54 - 2012-05-16 12:50 - 00000000 ____D C:\Users\sam\Tracing
2013-06-29 17:53 - 2012-07-14 03:19 - 00000000 ____D C:\Users\sam\AppData\Local\LogMeIn Hamachi
2013-06-29 17:28 - 2013-06-29 17:28 - 00110896 ____A C:\Users\hhffddfgdfgdfgd\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 17:28 - 2013-06-29 17:28 - 00002126 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-06-29 17:28 - 2013-06-29 17:28 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-29 17:28 - 2013-06-29 17:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-06-29 17:12 - 2013-06-29 17:12 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\Google
2013-06-29 17:11 - 2013-06-29 17:11 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Roaming\Apple Computer
2013-06-29 17:11 - 2013-06-29 17:11 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\Wondershare
2013-06-29 17:11 - 2013-06-29 17:10 - 00000000 ____D C:\users\hhffddfgdfgdfgd
2013-06-29 17:10 - 2013-06-29 17:10 - 00000020 __ASH C:\Users\hhffddfgdfgdfgd\ntuser.ini
2013-06-29 17:10 - 2013-06-29 17:10 - 00000000 ____D C:\Users\hhffddfgdfgdfgd\AppData\Local\VirtualStore
2013-06-29 16:49 - 2013-04-11 16:57 - 00000000 ____D C:\Users\tyler\AppData\Roaming\BitTorrent
2013-06-29 00:00 - 2013-06-28 23:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-29 00:00 - 2013-06-28 23:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-28 23:03 - 2013-06-28 23:03 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-06-28 22:57 - 2013-04-27 15:37 - 00000000 ____D C:\Users\tyler\AppData\Roaming\vlc
2013-06-28 22:57 - 2012-04-04 22:42 - 01468422 ____A C:\Windows\WindowsUpdate.log
2013-06-28 22:56 - 2013-06-28 22:56 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-06-28 22:37 - 2013-06-28 22:15 - 00000000 ____D C:\Users\tyler\Downloads\The Internship 2013 [English] DVDRip.720p
2013-06-28 22:14 - 2013-06-28 22:14 - 00030892 ____A C:\Users\tyler\Downloads\The Internship 2013 [English] DVDRip.720p.torrent
2013-06-28 20:49 - 2012-05-16 01:46 - 00000000 ____D C:\Users\sam\Documents\Fonterra
2013-06-28 20:49 - 2012-03-01 11:24 - 00000000 ____D C:\Users\sam\AppData\Roaming\BitTorrent
2013-06-28 20:31 - 2012-09-23 01:58 - 00000000 ____D C:\Users\sam\AppData\Local\7FD3F8E1-51EE-4918-AD71-3E0015FD4117.aplzod
2013-06-28 10:05 - 2013-06-12 23:53 - 00000000 ____D C:\Users\sam\AppData\Local\{FE8D8CF4-BEB5-485A-888E-8FF209819218}
2013-06-28 09:03 - 2013-04-30 09:00 - 00129908 ____A C:\Windows\IE10_main.log
2013-06-20 23:56 - 2013-04-26 16:46 - 00002139 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-15 16:08 - 2010-11-20 13:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 01:58 - 2013-06-14 23:53 - 00000000 ____D C:\Users\sam\Downloads\Fast.And.Furious.6.2013.CAM.XviD-NYDIC
2013-06-14 23:57 - 2013-06-14 23:56 - 00000000 ____D C:\Users\sam\Downloads\The Hangover Part III R6 2013 XViD UNiQUE
2013-06-14 23:48 - 2013-06-14 23:46 - 00000000 ____D C:\Users\sam\Downloads\[ www.UsaBit.com ] - Iron Man 3 2013 R6 LiNE READNFO XViD - JUSTiCE
2013-06-14 21:59 - 2013-06-14 21:59 - 00000000 ____D C:\Users\sam\Downloads\Brakes Direct - Arkon iPad & Tablet Front Seat Mount TABPB088_files
2013-06-14 21:59 - 2013-06-14 21:58 - 00125903 ____A C:\Users\sam\Downloads\Brakes Direct - Arkon iPad & Tablet Front Seat Mount TABPB088.htm
2013-06-12 23:53 - 2012-05-26 20:46 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-12 10:05 - 2013-03-13 12:27 - 00000000 ____D C:\Windows\rescache
2013-06-12 09:28 - 2013-06-12 09:27 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-06-12 09:08 - 2012-01-27 21:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 09:02 - 2012-09-23 14:46 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 02:06 - 2013-05-20 01:48 - 00000000 ____D C:\Users\sam\AppData\Local\{3FB60A35-0FDA-4729-8218-FD0009804C62}
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-06-06 01:59:09
Restore point made on: 2013-06-09 02:02:21
Restore point made on: 2013-06-12 09:00:48
Restore point made on: 2013-06-15 13:57:49
Restore point made on: 2013-06-18 09:00:34
Restore point made on: 2013-06-19 09:01:01
Restore point made on: 2013-06-20 09:00:42
Restore point made on: 2013-06-21 09:00:52
Restore point made on: 2013-06-22 09:00:29
Restore point made on: 2013-06-23 09:01:20
Restore point made on: 2013-06-24 09:00:38
Restore point made on: 2013-06-25 09:01:03
Restore point made on: 2013-06-26 09:00:29
Restore point made on: 2013-06-27 09:01:50
Restore point made on: 2013-06-28 09:00:47
Restore point made on: 2013-06-29 18:15:28
Restore point made on: 2013-07-01 02:11:43
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 2039.55 MB
Available physical RAM: 1634.1 MB
Total Pagefile: 2039.55 MB
Available Pagefile: 1632.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.15 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:144.16 GB) (Free:3.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:4.88 GB) (Free:0.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (POCKET) (Removable) (Total:3.72 GB) (Free:3.34 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1D50DD7D)
Partition 1: (Not Active) - (Size=5 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: 534E40E0)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
 
 
LastRegBack: 2013-06-22 06:19
 
==================== End Of Log ============================


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 02 July 2013 - 04:02 AM

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    C:\Windows\System32\%APPDATA%
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
     
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Start up ypur system in normal mode now.

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Run Malwarebytes´ Antimalware.
  • Once the program has loaded, select Perform full scan, mark all your hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Edited by TB-Psychotic, 02 July 2013 - 04:04 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 BigPC123

BigPC123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 02 July 2013 - 04:20 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-07-2013
Ran by SYSTEM at 2013-07-02 19:16:31 Run:1
Running from F:\
Boot Mode: Recovery
 
==============================================
 
C:\Windows\System32\%APPDATA% => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.
Error: DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client => entry should be fixed outside recovery mode.
 
==== End of Fixlog ====


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 02 July 2013 - 04:34 AM

Start your computer in normal mode.
  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST from your flashdrive and hit fix.
    Post up the log.

Edited by TB-Psychotic, 02 July 2013 - 04:34 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 BigPC123

BigPC123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 02 July 2013 - 04:45 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-07-2013
Ran by tyler at 2013-07-02 19:39:29 Run:2
Running from I:\
Boot Mode: Normal
 
==============================================
 
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 02 July 2013 - 04:46 AM

Reboot and do the Malwareybtes scan as instructed.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 BigPC123

BigPC123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 02 July 2013 - 07:15 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.07.02.02
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
tyler :: SAM-PC [administrator]
 
Protection: Enabled
 
2/07/2013 7:51:49 PM
mbam-log-2013-07-02 (19-51-49).txt
 
Scan type: Full scan (C:\|D:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 451317
Time elapsed: 2 hour(s), 12 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-3792755983-3538604420-263727039-1000\$RHAA0GD.sam-PC\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
 
(end)


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 03 July 2013 - 01:04 AM

Looks good

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 08 July 2013 - 03:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users