Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI virus - No safe mode, No restore points


  • This topic is locked This topic is locked
2 replies to this topic

#1 aure.k

aure.k

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 01 August 2013 - 04:05 PM

Hello, FBI got me, I DL'd Farbar and scanned here is the log report.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 01-08-2013 13:55:11
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-14] (Sun Microsystems, Inc.)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2009-06-22] ()
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PCPowerSpeed] - C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe [374880 2013-04-01] (Crawler.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\meridian\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\meridian\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\meridian\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-01] (Google Inc.)
HKU\meridian\...\Run: [RebateInformer] - C:\PROGRA~2\REBATE~1\REBATE~1.EXE [972800 2011-05-09] (Inbox.com, Inc.)
HKU\meridian\...\Run: [Adobe CSS5.1 Manager] - C:\Users\meridian\AppData\Local\68e9fe54-2ddc-4dd9-9d0c-ee288d080ef4ad\efeddcdddceedefad.exe [126976 2013-05-31] () <===== ATTENTION
HKU\meridian\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\meridian\AppData\Local\Temp\gwvrwtaalwqecdwjf.exe [68608 2013-07-31] () <===== ATTENTION
HKU\meridian\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\meridian\AppData\Local\68e9fe54-2ddc-4dd9-9d0c-ee288d080ef4ad\efeddcdddceedefad.exe [126976 2013-05-31] () <===== ATTENTION
HKU\meridian\...\Policies\system: [WallpaperStyle] 2
HKU\meridian\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\meridian\...\Command Processor: "C:\Users\meridian\AppData\Local\Temp\gwvrwtaalwqecdwjf.exe" <===== ATTENTION!

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2009-08-21] (Symantec Corporation)
S1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-27] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-13] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130731.001\IDSvia64.sys [513184 2013-07-12] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130731.001\IDSvia64.sys [513184 2013-07-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130731.018\ENG64.SYS [126040 2013-07-31] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130731.018\ENG64.SYS [126040 2013-07-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130731.018\EX64.SYS [2098776 2013-07-31] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130731.018\EX64.SYS [2098776 2013-07-31] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-21] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2009-11-29] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-21] (Symantec Corporation)
S3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S4 eabfiltr;
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 11:51 - 2013-08-01 11:51 - 00000000 ____D C:\FRST
2013-08-01 11:50 - 2013-08-01 11:50 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-31 19:08 - 2013-07-31 19:08 - 02019321 _____ C:\Users\meridian\AppData\Roaming\2433f433
2013-07-31 19:08 - 2013-07-31 19:08 - 02019315 _____ C:\ProgramData\2433f433
2013-07-31 19:08 - 2013-07-31 19:08 - 02019284 _____ C:\Users\meridian\AppData\Local\2433f433
2013-07-31 18:36 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-31 18:36 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-31 18:36 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-31 18:36 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-31 18:36 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-31 18:36 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-31 18:36 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-31 18:36 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-31 18:36 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-31 18:36 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-31 18:36 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-31 18:36 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-31 18:36 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-31 18:36 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-31 18:36 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-31 18:36 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-31 18:36 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-31 18:36 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-31 18:36 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-31 18:36 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-31 18:36 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-31 18:36 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-14 09:48 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-14 09:47 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 09:47 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-14 07:37 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-14 07:37 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 07:37 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-14 07:37 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-08-01 11:51 - 2013-08-01 11:51 - 00000000 ____D C:\FRST
2013-08-01 11:50 - 2013-08-01 11:50 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-08-01 11:50 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-01 11:50 - 2009-07-13 20:51 - 00106466 _____ C:\Windows\setupact.log
2013-08-01 11:49 - 2010-06-01 14:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 11:49 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 10:20 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 10:20 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 10:16 - 2009-11-28 12:30 - 01700093 _____ C:\Windows\WindowsUpdate.log
2013-08-01 10:10 - 2009-11-28 15:43 - 00000000 ____D C:\users\meridian
2013-08-01 10:00 - 2013-05-31 13:57 - 00000346 ____H C:\Windows\Tasks\{9A25A2AD-FA54-4D0A-8B7C-AC08F3BFDB73}.job
2013-08-01 10:00 - 2010-06-01 14:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 09:57 - 2012-03-31 18:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 19:08 - 2013-07-31 19:08 - 02019321 _____ C:\Users\meridian\AppData\Roaming\2433f433
2013-07-31 19:08 - 2013-07-31 19:08 - 02019315 _____ C:\ProgramData\2433f433
2013-07-31 19:08 - 2013-07-31 19:08 - 02019284 _____ C:\Users\meridian\AppData\Local\2433f433
2013-07-31 18:56 - 2009-07-13 20:45 - 00348464 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-31 18:54 - 2013-03-27 18:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-31 18:54 - 2013-03-27 18:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-31 18:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-31 18:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-31 18:17 - 2011-05-15 15:36 - 00000000 ____D C:\Program Files (x86)\RebateInformer
2013-07-28 16:55 - 2010-06-01 14:15 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-28 16:55 - 2010-06-01 14:15 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-28 15:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-15 17:01 - 2010-04-29 18:04 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-08 18:17 - 2009-11-28 12:40 - 00039664 _____ C:\Windows\PFRO.log

Files to move or delete:
====================
C:\Users\meridian\AppData\Local\68e9fe54-2ddc-4dd9-9d0c-ee288d080ef4ad\efeddcdddceedefad.exe
C:\Users\meridian\AppData\Local\Temp\gwvrwtaalwqecdwjf.exe
C:\Windows\Tasks\{9A25A2AD-FA54-4D0A-8B7C-AC08F3BFDB73}.job

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-04-29 05:26:24
Restore point made on: 2013-06-11 19:05:26
Restore point made on: 2013-06-17 13:12:47
Restore point made on: 2013-06-24 18:44:06
Restore point made on: 2013-06-26 18:52:51
Restore point made on: 2013-06-28 16:15:27
Restore point made on: 2013-07-08 18:01:39
Restore point made on: 2013-07-15 17:00:35
Restore point made on: 2013-07-31 18:22:11
Restore point made on: 2013-08-01 09:46:27

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3836.2 MB
Available physical RAM: 3132.84 MB
Total Pagefile: 3834.35 MB
Available Pagefile: 3123.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.13 GB) (Free:389.7 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.52 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive g: (HBCD 15.1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:7.3 GB) (Free:6.1 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6FE0338E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2011-09-30 17:50

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 aure.k

aure.k
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 01 August 2013 - 04:36 PM

Fixed, delete thread



#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:13 AM

Posted 01 August 2013 - 05:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users