Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Security Pro, can't boot to safe mode, read previous threads...


  • This topic is locked This topic is locked
6 replies to this topic

#1 yonibloch

yonibloch

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 October 2013 - 10:02 AM

...and followed them to boot into the System Recovery Options and through the Command Prompt I've ran FRST and here is the log it generated-- trying to fix my dad's laptop, any help appreciated! :)

 

Yoni

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-G8V99FN on 12-10-2013 17:56:56
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\7ga7sn37\7ga7sn37.exe [683632 2013-10-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\7ga7sn37\7ga7sn37.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-01] ()
HKU\bloch\...\Run: [Google Update] - C:\Users\bloch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-05] (Google Inc.)
HKU\bloch\...\Run: [AS2014] - C:\ProgramData\7ga7sn37\7ga7sn37.exe [683632 2013-10-10] ()
Startup: C:\Users\bloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-30] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-30] (BonanzaDeals)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-01] (AVG Secure Search)
S4 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-12 17:56 - 2013-10-12 17:56 - 00000000 ____D C:\FRST
2013-10-10 19:40 - 2013-10-12 06:50 - 00001668 _____ C:\Users\bloch\Desktop\Antivirus Security Pro.lnk
2013-10-10 19:40 - 2013-10-12 06:50 - 00000118 _____ C:\Users\bloch\Desktop\Antivirus Security Pro support.url
2013-10-10 17:18 - 2013-10-10 19:42 - 00000000 ____D C:\ProgramData\7ga7sn37
2013-10-10 16:09 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 16:09 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 16:09 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 16:09 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 16:09 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 16:09 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-10 16:09 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-10 16:09 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-10 16:09 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-10 16:09 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-10 16:09 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-10 16:09 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-10 16:09 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 16:09 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-10 16:09 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 16:08 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 16:08 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 16:08 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 16:08 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 16:08 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 16:08 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 16:08 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 16:08 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 16:08 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-10 16:08 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-10 16:08 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-10 16:08 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 16:08 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-10 16:08 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-10 16:08 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-10 16:08 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 02:44 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 02:44 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 02:44 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 02:44 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 02:44 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-10 02:44 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 02:44 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 02:44 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 02:44 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 02:44 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 02:44 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 02:44 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 02:44 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 02:44 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 02:44 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 02:44 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 02:44 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 02:44 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 02:44 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 02:44 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 02:44 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 02:44 - 2012-11-28 14:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-10 02:44 - 2012-11-28 14:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-10-10 02:44 - 2012-11-28 14:56 - 00000003 _____ C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-06 04:58 - 2013-10-06 17:10 - 00000000 ____D C:\Users\bloch\Desktop\תמונות
2013-10-06 04:52 - 2013-10-06 05:12 - 00000000 ____D C:\Users\bloch\Desktop\מתכונים
2013-10-05 04:24 - 2013-10-05 04:24 - 00000000 ____D C:\Windows\Sun
2013-10-04 14:56 - 2013-10-04 14:56 - 01219072 _____ C:\Users\bloch\Downloads\Fresh Grocer Coupons.msg
2013-10-01 15:58 - 2013-10-01 15:58 - 00003746 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-09-30 19:09 - 2013-10-10 16:28 - 00002257 _____ C:\Users\bloch\Desktop\Google Chrome.lnk
2013-09-30 19:05 - 2013-09-30 19:05 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1845317913-736893763-2893107741-1000
2013-09-30 19:05 - 2013-09-30 19:05 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1845317913-736893763-2893107741-1000
2013-09-30 19:05 - 2013-09-30 19:05 - 00000000 ____D C:\Users\bloch\AppData\Local\WordOv
2013-09-30 19:04 - 2013-10-12 06:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-30 19:04 - 2013-10-12 06:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-30 19:04 - 2013-10-09 03:50 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-30 19:04 - 2013-10-09 03:50 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-30 19:04 - 2013-09-30 19:07 - 00000000 ____D C:\Users\bloch\AppData\Roaming\Real
2013-09-30 19:04 - 2013-09-30 19:07 - 00000000 ____D C:\ProgramData\Real
2013-09-30 19:04 - 2013-09-30 19:07 - 00000000 ____D C:\Program Files (x86)\Real
2013-09-30 19:02 - 2013-09-30 19:02 - 01762968 _____ (ExpressInstaller) C:\Users\bloch\Downloads\Google_Chrome_Setup.exe
2013-09-30 14:45 - 2013-09-30 14:45 - 00000000 ____D C:\Users\bloch\AppData\Local\Mozilla
2013-09-30 14:45 - 2013-09-30 14:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-30 14:44 - 2013-10-12 06:50 - 00000920 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-09-30 14:44 - 2013-10-12 06:44 - 00000292 _____ C:\Windows\Tasks\UpdaterEX.job
2013-09-30 14:44 - 2013-10-12 06:34 - 00000924 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-09-30 14:44 - 2013-10-01 15:58 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-09-30 14:44 - 2013-10-01 15:58 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-09-30 14:44 - 2013-09-30 14:44 - 22404568 _____ (Mozilla) C:\Users\bloch\Downloads\Firefox_Setup [1].exe
2013-09-30 14:44 - 2013-09-30 14:44 - 00003920 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-09-30 14:44 - 2013-09-30 14:44 - 00003668 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-09-30 14:44 - 2013-09-30 14:44 - 00003386 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-09-30 14:44 - 2013-09-30 14:44 - 00003232 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Users\bloch\AppData\Roaming\UpdaterEX
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Users\bloch\AppData\Local\BonanzaDealsLive
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Users\bloch\AppData\Local\AVG SafeGuard toolbar
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-09-30 14:43 - 2013-09-30 14:43 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-30 14:41 - 2013-09-30 14:41 - 00675952 _____ C:\Users\bloch\Downloads\Firefox_Setup.exe
2013-09-29 09:21 - 2013-10-10 02:45 - 00002418 _____ C:\Users\bloch\Desktop\Google Chrome Canary.lnk
2013-09-29 09:20 - 2013-09-29 09:20 - 00784832 _____ (Google Inc.) C:\Users\bloch\Downloads\ChromeSetup.exe
2013-09-27 15:43 - 2013-10-09 10:24 - 00000000 ____D C:\Users\bloch\AppData\Roaming\Mozilla
2013-09-24 06:35 - 2013-09-24 06:35 - 00000060 _____ C:\Users\bloch\Desktop\פייסבוק.url
2013-09-21 18:39 - 2013-09-21 18:40 - 06024464 _____ C:\Users\bloch\Downloads\Gmail (3).zip
2013-09-21 18:38 - 2013-09-21 18:38 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-21 18:38 - 2013-09-21 18:38 - 00002021 _____ C:\ProgramData\Desktop\Adobe Reader X.lnk
2013-09-17 07:00 - 2013-09-17 07:00 - 00018968 _____ C:\Users\bloch\Downloads\Unconfirmed 211222.crdownload
2013-09-16 15:19 - 2013-09-16 15:19 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-16 15:19 - 2013-09-16 15:19 - 00001068 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-09-16 15:17 - 2013-09-16 15:17 - 23003252 _____ C:\Users\bloch\Downloads\vlc-2.0.8-win32.exe
 
==================== One Month Modified Files and Folders =======
 
2013-10-12 17:56 - 2013-10-12 17:56 - 00000000 ____D C:\FRST
2013-10-12 06:50 - 2013-10-10 19:40 - 00001668 _____ C:\Users\bloch\Desktop\Antivirus Security Pro.lnk
2013-10-12 06:50 - 2013-10-10 19:40 - 00000118 _____ C:\Users\bloch\Desktop\Antivirus Security Pro support.url
2013-10-12 06:50 - 2013-09-30 19:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 06:50 - 2013-09-30 14:44 - 00000920 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-12 06:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-12 06:50 - 2009-07-13 20:51 - 00061738 _____ C:\Windows\setupact.log
2013-10-12 06:44 - 2013-09-30 14:44 - 00000292 _____ C:\Windows\Tasks\UpdaterEX.job
2013-10-12 06:37 - 2009-07-13 21:13 - 00006210 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-12 06:36 - 2012-10-05 14:53 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-12 06:34 - 2013-09-30 19:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 06:34 - 2013-09-30 14:44 - 00000924 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-12 06:34 - 2012-10-14 03:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-10-12 06:34 - 2012-10-05 15:00 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1845317913-736893763-2893107741-1000UA.job
2013-10-12 06:34 - 2012-10-05 15:00 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1845317913-736893763-2893107741-1000Core.job
2013-10-12 06:34 - 2012-10-05 14:53 - 00003448 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-10-12 06:34 - 2012-05-31 19:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 04:17 - 2009-07-13 20:45 - 00020720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 04:17 - 2009-07-13 20:45 - 00020720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 19:49 - 2012-05-31 18:53 - 01767966 _____ C:\Windows\WindowsUpdate.log
2013-10-10 19:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-10-10 19:42 - 2013-10-10 17:18 - 00000000 ____D C:\ProgramData\7ga7sn37
2013-10-10 17:15 - 2012-10-12 11:47 - 00000000 ____D C:\Users\bloch\AppData\Roaming\Dropbox
2013-10-10 16:29 - 2012-10-12 11:49 - 00000000 ___RD C:\Users\bloch\Dropbox
2013-10-10 16:28 - 2013-09-30 19:09 - 00002257 _____ C:\Users\bloch\Desktop\Google Chrome.lnk
2013-10-10 16:28 - 2012-10-05 14:53 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-10 16:28 - 2009-07-13 20:45 - 00341896 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 16:27 - 2012-10-05 15:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 16:27 - 2012-10-05 15:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 16:27 - 2010-11-20 19:47 - 00027530 _____ C:\Windows\PFRO.log
2013-10-10 16:21 - 2012-10-06 05:44 - 00000000 ____D C:\Users\bloch\AppData\Roaming\Skype
2013-10-10 16:10 - 2012-10-06 06:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 16:01 - 2013-08-06 16:00 - 00000000 ____D C:\Windows\System32\MRT
2013-10-10 16:01 - 2012-10-05 15:09 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-10 15:01 - 2012-10-23 04:22 - 00000000 ____D C:\Users\bloch\AppData\Roaming\vlc
2013-10-10 02:45 - 2013-09-29 09:21 - 00002418 _____ C:\Users\bloch\Desktop\Google Chrome Canary.lnk
2013-10-09 10:24 - 2013-09-27 15:43 - 00000000 ____D C:\Users\bloch\AppData\Roaming\Mozilla
2013-10-09 03:50 - 2013-09-30 19:04 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 03:50 - 2013-09-30 19:04 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-06 17:10 - 2013-10-06 04:58 - 00000000 ____D C:\Users\bloch\Desktop\תמונות
2013-10-06 05:12 - 2013-10-06 04:52 - 00000000 ____D C:\Users\bloch\Desktop\מתכונים
2013-10-05 20:00 - 2012-10-05 14:53 - 00004266 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-10-05 04:48 - 2013-06-16 06:31 - 00000000 ____D C:\Users\bloch\AppData\Local\CrashDumps
2013-10-05 04:24 - 2013-10-05 04:24 - 00000000 ____D C:\Windows\Sun
2013-10-04 14:56 - 2013-10-04 14:56 - 01219072 _____ C:\Users\bloch\Downloads\Fresh Grocer Coupons.msg
2013-10-01 15:58 - 2013-10-01 15:58 - 00003746 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-01 15:58 - 2013-09-30 14:44 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-10-01 15:58 - 2013-09-30 14:44 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-01 15:58 - 2012-10-05 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 19:07 - 2013-09-30 19:04 - 00000000 ____D C:\Users\bloch\AppData\Roaming\Real
2013-09-30 19:07 - 2013-09-30 19:04 - 00000000 ____D C:\ProgramData\Real
2013-09-30 19:07 - 2013-09-30 19:04 - 00000000 ____D C:\Program Files (x86)\Real
2013-09-30 19:05 - 2013-09-30 19:05 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1845317913-736893763-2893107741-1000
2013-09-30 19:05 - 2013-09-30 19:05 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1845317913-736893763-2893107741-1000
2013-09-30 19:05 - 2013-09-30 19:05 - 00000000 ____D C:\Users\bloch\AppData\Local\WordOv
2013-09-30 19:04 - 2012-10-06 05:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-30 19:02 - 2013-09-30 19:02 - 01762968 _____ (ExpressInstaller) C:\Users\bloch\Downloads\Google_Chrome_Setup.exe
2013-09-30 14:45 - 2013-09-30 14:45 - 00000000 ____D C:\Users\bloch\AppData\Local\Mozilla
2013-09-30 14:45 - 2013-09-30 14:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-30 14:45 - 2012-10-05 14:59 - 00001149 ___HT C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-30 14:45 - 2012-10-05 14:59 - 00001149 ___HT C:\ProgramData\Desktop\Mozilla Firefox.lnk
2013-09-30 14:44 - 2013-09-30 14:44 - 22404568 _____ (Mozilla) C:\Users\bloch\Downloads\Firefox_Setup [1].exe
2013-09-30 14:44 - 2013-09-30 14:44 - 00003920 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-09-30 14:44 - 2013-09-30 14:44 - 00003668 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-09-30 14:44 - 2013-09-30 14:44 - 00003386 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-09-30 14:44 - 2013-09-30 14:44 - 00003232 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Users\bloch\AppData\Roaming\UpdaterEX
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Users\bloch\AppData\Local\BonanzaDealsLive
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Users\bloch\AppData\Local\AVG SafeGuard toolbar
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-09-30 14:44 - 2013-09-30 14:44 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-09-30 14:43 - 2013-09-30 14:43 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-30 14:41 - 2013-09-30 14:41 - 00675952 _____ C:\Users\bloch\Downloads\Firefox_Setup.exe
2013-09-29 09:21 - 2012-10-05 15:00 - 00000000 ____D C:\Users\bloch\AppData\Local\Google
2013-09-29 09:20 - 2013-09-29 09:20 - 00784832 _____ (Google Inc.) C:\Users\bloch\Downloads\ChromeSetup.exe
2013-09-24 06:35 - 2013-09-24 06:35 - 00000060 _____ C:\Users\bloch\Desktop\פייסבוק.url
2013-09-22 15:28 - 2013-10-10 16:08 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 15:28 - 2013-10-10 16:08 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 15:27 - 2013-10-10 16:09 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 15:27 - 2013-10-10 16:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 15:27 - 2013-10-10 16:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 15:27 - 2013-10-10 16:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 15:27 - 2013-10-10 16:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 15:27 - 2013-10-10 16:08 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 15:27 - 2013-10-10 16:08 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 15:27 - 2013-10-10 16:08 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 15:27 - 2013-10-10 16:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 15:27 - 2013-10-10 16:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 15:27 - 2013-10-10 16:08 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 14:55 - 2013-10-10 16:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-22 14:55 - 2013-10-10 16:08 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-22 14:55 - 2013-10-10 16:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-22 14:54 - 2013-10-10 16:09 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-22 14:54 - 2013-10-10 16:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-22 14:54 - 2013-10-10 16:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-22 14:54 - 2013-10-10 16:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-22 14:54 - 2013-10-10 16:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-22 14:54 - 2013-10-10 16:08 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-22 14:54 - 2013-10-10 16:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-22 14:54 - 2013-10-10 16:08 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-22 14:54 - 2013-10-10 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-22 14:54 - 2013-10-10 16:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-22 14:54 - 2013-10-10 16:08 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-21 18:40 - 2013-09-21 18:39 - 06024464 _____ C:\Users\bloch\Downloads\Gmail (3).zip
2013-09-21 18:38 - 2013-09-21 18:38 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-21 18:38 - 2013-09-21 18:38 - 00002021 _____ C:\ProgramData\Desktop\Adobe Reader X.lnk
2013-09-20 19:38 - 2013-10-10 16:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-20 19:30 - 2013-10-10 16:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 18:48 - 2013-10-10 16:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-20 18:39 - 2013-10-10 16:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-18 15:05 - 2012-10-14 08:30 - 00000000 ____D C:\Sefi
2013-09-17 07:00 - 2013-09-17 07:00 - 00018968 _____ C:\Users\bloch\Downloads\Unconfirmed 211222.crdownload
2013-09-16 15:19 - 2013-09-16 15:19 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-16 15:19 - 2013-09-16 15:19 - 00001068 _____ C:\ProgramData\Desktop\VLC media player.lnk
2013-09-16 15:17 - 2013-09-16 15:17 - 23003252 _____ C:\Users\bloch\Downloads\vlc-2.0.8-win32.exe
 
Some content of TEMP:
====================
C:\Users\bloch\AppData\Local\Temp\4uajadly.dll
C:\Users\bloch\AppData\Local\Temp\hw_6wejt.dll
C:\Users\bloch\AppData\Local\Temp\oi_{1D9DD945-5369-4543-8564-0012C7750F5B}.exe
C:\Users\bloch\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\bloch\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\bloch\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 17%
Total physical RAM: 6052.27 MB
Available physical RAM: 5019.2 MB
Total Pagefile: 6050.47 MB
Available Pagefile: 5015.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:349.85 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:19.53 GB) (Free:11.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:3.72 GB) (Free:3.7 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F4482694)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
 
LastRegBack: 2013-10-10 15:39
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:43 AM

Posted 12 October 2013 - 11:13 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Download the following file => [attachment=142702:fixlist.txt] and save it to the USB Flash Drive.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 12 October 2013 - 11:13 AM.

cXfZ4wS.png


#3 yonibloch

yonibloch
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 October 2013 - 01:49 PM

OK, did that, restarting now.

This is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-12 21:48:51 Run:1
Running from E:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [AS2014] - C:\ProgramData\7ga7sn37\7ga7sn37.exe [683632 2013-10-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\7ga7sn37\7ga7sn37.exe -sm,
HKU\bloch\...\Run: [AS2014] - C:\ProgramData\7ga7sn37\7ga7sn37.exe [683632 2013-10-10] ()
2013-10-10 19:40 - 2013-10-12 06:50 - 00001668 _____ C:\Users\bloch\Desktop\Antivirus Security Pro.lnk
2013-10-10 19:40 - 2013-10-12 06:50 - 00000118 _____ C:\Users\bloch\Desktop\Antivirus Security Pro support.url
2013-10-10 17:18 - 2013-10-10 19:42 - 00000000 ____D C:\ProgramData\7ga7sn37
C:\Users\bloch\AppData\Local\Temp
end
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\bloch\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
C:\Users\bloch\Desktop\Antivirus Security Pro.lnk => Moved successfully.
C:\Users\bloch\Desktop\Antivirus Security Pro support.url => Moved successfully.
C:\ProgramData\7ga7sn37 => Moved successfully.
C:\Users\bloch\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====


#4 yonibloch

yonibloch
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 12 October 2013 - 02:00 PM

Looks like it's working! Thank you so much!!
Any additional steps I should take?



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:43 AM

Posted 12 October 2013 - 02:25 PM

Hi,

 

Nice work! :)
Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    cjiTO5e.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 5

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

 

 

 

STEP 6

 

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 12 October 2013 - 02:31 PM.

cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:43 AM

Posted 14 October 2013 - 05:27 AM

Hi,

 

Are you still with me?

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:43 AM

Posted 17 October 2013 - 05:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users