Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode


  • This topic is locked This topic is locked
3 replies to this topic

#1 Dinx

Dinx

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 PM

Posted 01 November 2013 - 02:04 PM

Hi - I was following another post where Afflack (splng?) was helping someone with the same issue.  I was able to create a FRST text file as he instructed.  However, in the post I was following, Afflack took this info and created a fix file for the user's computer.  I am hoping the same can be done for me.  Here is the contents of the FRST scan.  If I need to provide anything else, please let me know.

Thanks - Dinx

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-06-09] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DagentUI] - C:\Program Files\Altiris\Dagent\dagentui.exe [554320 2009-08-11] (Altiris, Inc.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096 2012-11-11] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AS2014] - C:\ProgramData\VgVW7sW6\VgVW7sW6.exe [541320 2013-10-28] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\VgVW7sW6\VgVW7sW6.exe -sm,
HKU\minottid\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\minottid\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2012-04-26] (Google Inc.)
HKU\minottid\...\Run: [SugarSync] - C:\Program Files\SugarSync\SugarSyncManager.exe [ 2013-04-03] (SugarSync, Inc.)
HKU\minottid\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [ 2012-10-17] (Hewlett-Packard Co.)
HKU\minottid\...\Run: [AS2014] - C:\ProgramData\VgVW7sW6\VgVW7sW6.exe [ 2013-10-28] ()
Startup: C:\Users\minottid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\minottid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\minottid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\minottid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
 
========================== Services (Whitelisted) =================
 
S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-06-09] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-06-09] (Symantec Corporation)
S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [691888 2012-09-19] (Juniper Networks)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2010-02-17] (Symantec Corporation)
S2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [240816 2010-02-02] (Aventail Corporation)
S2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1881368 2010-06-09] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [349512 2010-06-09] (Symantec Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\STacSV.exe [221266 2009-06-29] (IDT, Inc.)
S2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1822296 2010-06-09] (Symantec Corporation)
S2 Altiris Deployment Agent; "C:\Program Files\Altiris\Dagent\dagent.exe" -load=default.dll,config.dll,autoupdate.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-09-19] (Juniper Networks)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-29] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-29] (Symantec Corporation)
S3 NAVENG; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20131010.007\NAVENG.SYS [93272 2013-09-16] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20131010.007\NAVEX15.SYS [1612376 2013-09-16] (Symantec Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [22600 2010-02-02] (Aventail Corporation)
S3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [27208 2010-02-02] (Aventail Corporation)
S3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [79944 2010-02-02] (Aventail Corporation)
S3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [25160 2010-02-02] (Aventail Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
S1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2010-06-09] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-06-09] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-06-09] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-06-09] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2010-06-09] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-11-13] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-11-13] (Symantec Corporation)
S1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [97096 2010-06-09] (Symantec Corporation)
S3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67472 2010-06-09] (Symantec Corporation)
S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43336 2010-06-09] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-10-02] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-01 14:12 - 2013-11-01 14:12 - 00000000 ____D C:\FRST
2013-10-28 07:40 - 2013-11-01 09:08 - 00001666 _____ C:\Users\minottid\Desktop\Antivirus Security Pro.lnk
2013-10-28 07:40 - 2013-11-01 09:08 - 00000118 _____ C:\Users\minottid\Desktop\Antivirus Security Pro support.url
2013-10-28 06:57 - 2013-10-28 07:57 - 00000000 ____D C:\ProgramData\VgVW7sW6
2013-10-28 05:44 - 2013-10-28 05:44 - 00000000 ____D C:\Users\minottid\AppData\Local\{6BF94FA4-1B31-418E-9DD6-AA6409273C5F}
2013-10-25 14:27 - 2013-10-25 14:27 - 00000000 ____D C:\Users\minottid\AppData\Local\{5F9EE7DB-CACF-4B1F-B8FD-0B5392A15D5B}
2013-10-24 15:45 - 2013-10-24 15:46 - 00000000 ____D C:\Users\minottid\AppData\Local\{6DF161CB-3B60-4457-8515-E0D7A8A89437}
2013-10-23 04:43 - 2013-10-23 04:43 - 00000000 ____D C:\Users\minottid\AppData\Local\{7E255AFF-C06B-4585-8208-DE3F52AEA33A}
2013-10-22 06:57 - 2013-10-22 06:57 - 00000000 ____D C:\Users\minottid\AppData\Local\{9D1D7036-9A5E-43E3-9EB3-0A0236D86D89}
2013-10-21 06:19 - 2013-10-21 06:19 - 00000000 ____D C:\Users\minottid\AppData\Local\{C10CAB41-E81C-4C6A-B9E5-CD096AF47186}
2013-10-20 09:07 - 2013-10-20 09:07 - 00000000 ____D C:\Users\minottid\AppData\Local\{5CAE822C-477B-411F-BC77-EBA900FB570D}
2013-10-19 05:01 - 2013-10-19 05:01 - 00000000 ____D C:\Users\minottid\AppData\Local\{A4EA719A-7261-493E-8E1C-69FDCF1F2E08}
2013-10-18 05:14 - 2013-10-18 05:14 - 00000000 ____D C:\Users\minottid\AppData\Local\{6D0F00BA-8DD0-43FD-96C6-44003F3ADA42}
2013-10-16 10:57 - 2013-10-16 10:58 - 00000000 ____D C:\Users\minottid\AppData\Local\{3AF73606-68F0-4183-A6D9-653D39AC96C3}
2013-10-15 08:14 - 2013-10-15 08:14 - 00000215 _____ C:\Users\minottid\Desktop\Google.url
2013-10-15 07:09 - 2013-10-15 07:09 - 00000000 ____D C:\Users\minottid\AppData\Local\{06FAFEB8-DF29-4CA1-868D-CF28600F67D5}
2013-10-14 10:18 - 2013-10-14 10:18 - 00000000 ____D C:\Users\minottid\AppData\Local\{17CE1764-2583-41D4-AF77-61069C5BBFE4}
2013-10-13 11:59 - 2013-10-13 11:59 - 00000000 ____D C:\Users\minottid\AppData\Local\{1952A316-0141-498A-9A86-08BE59CD6FC3}
2013-10-12 18:16 - 2013-10-12 18:16 - 00000000 ____D C:\Users\minottid\AppData\Local\{7FD512B2-1AFB-4F52-AA71-EFAA13D8BFC4}
2013-10-12 05:01 - 2013-10-12 05:01 - 00000000 ____D C:\Users\minottid\AppData\Local\{319D242A-220B-4989-BE4F-948331AE3F40}
2013-10-11 06:49 - 2013-10-11 06:49 - 00000000 ____D C:\Users\minottid\AppData\Local\{F9EBEE34-A4EC-4ADE-883A-148CC787197D}
2013-10-11 06:42 - 2013-10-11 06:42 - 331478029 _____ C:\Windows\MEMORY.DMP
2013-10-11 06:42 - 2013-10-11 06:42 - 00154184 _____ C:\Windows\Minidump\101113-52806-01.dmp
2013-10-11 06:42 - 2013-10-11 06:42 - 00000000 ____D C:\Windows\Minidump
2013-10-10 18:50 - 2013-09-22 02:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-10 18:50 - 2013-09-22 02:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 18:50 - 2013-09-22 02:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-10 18:50 - 2013-09-22 02:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-10 18:50 - 2013-09-22 02:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-10 18:50 - 2013-09-22 02:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-10 18:50 - 2013-09-22 02:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-10 18:50 - 2013-09-22 02:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 18:50 - 2013-09-22 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-10 18:50 - 2013-09-22 02:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-10 18:50 - 2013-09-22 02:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-10 18:50 - 2013-09-22 02:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-10 18:50 - 2013-09-22 02:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-10 18:50 - 2013-09-22 02:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-10 18:50 - 2013-09-22 02:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-10 18:50 - 2013-09-22 01:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-10 17:20 - 2013-09-13 16:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-10 17:20 - 2013-09-07 18:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-10 17:20 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-10 17:20 - 2013-08-27 17:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 17:20 - 2013-08-27 16:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-10 17:20 - 2013-08-01 03:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 17:20 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:20 - 2013-07-12 02:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 17:20 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-10 17:20 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-10 17:20 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 17:20 - 2013-07-04 01:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-10 17:20 - 2013-07-02 19:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 17:20 - 2013-07-02 19:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 17:20 - 2013-06-25 14:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 17:20 - 2013-06-05 20:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 17:20 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 17:20 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 17:20 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 17:20 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 17:19 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-10-10 17:19 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-10 17:19 - 2013-08-28 17:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-10 17:19 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-10 17:19 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-10 16:36 - 2013-10-10 16:36 - 00000000 ____D C:\Users\minottid\AppData\Local\{B2E81E7F-95EA-4291-BF5C-D94423D114CC}
2013-10-09 15:25 - 2013-10-09 15:25 - 00000000 ____D C:\Users\minottid\AppData\Local\{66652DDC-3FD2-4637-8CEC-D4D002C430DC}
2013-10-08 10:08 - 2013-10-08 10:08 - 00000000 ____D C:\Users\minottid\AppData\Local\{D4CB3D5A-F86B-4349-AE29-CE33E63F67BD}
2013-10-07 05:10 - 2013-10-07 05:10 - 00000000 ____D C:\Users\minottid\AppData\Local\{70CBAF8A-B441-4175-BD3A-A834D7F72D06}
2013-10-05 09:31 - 2013-10-05 09:31 - 00000000 ____D C:\Users\minottid\AppData\Local\{1E38B88D-DCD2-44D6-BDC7-4B7DFB873CD1}
2013-10-04 06:06 - 2013-10-04 06:06 - 00000000 ____D C:\Users\minottid\AppData\Local\{81F3BC76-0869-4A72-B914-17A769313D0F}
2013-10-03 08:14 - 2013-10-03 08:14 - 00000000 ____D C:\Users\minottid\AppData\Local\{5790A5C1-E3FB-4EBB-8DE5-AA35E3F64084}
2013-10-02 17:05 - 2013-10-02 17:06 - 00000000 ____D C:\Users\minottid\AppData\Local\{33FA9F66-AE77-437D-A1CC-3A369E53A973}
 
==================== One Month Modified Files and Folders =======
 
2013-11-01 14:12 - 2013-11-01 14:12 - 00000000 ____D C:\FRST
2013-11-01 09:42 - 2010-02-17 06:16 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-01 09:08 - 2013-10-28 07:40 - 00001666 _____ C:\Users\minottid\Desktop\Antivirus Security Pro.lnk
2013-11-01 09:08 - 2013-10-28 07:40 - 00000118 _____ C:\Users\minottid\Desktop\Antivirus Security Pro support.url
2013-11-01 08:56 - 2009-07-13 20:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-01 08:56 - 2009-07-13 20:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 08:48 - 2009-07-13 20:39 - 00112040 _____ C:\Windows\setupact.log
2013-10-28 09:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-10-28 07:57 - 2013-10-28 06:57 - 00000000 ____D C:\ProgramData\VgVW7sW6
2013-10-28 07:55 - 2010-05-29 03:45 - 00000000 ____D C:\Users\minottid\Tracing
2013-10-28 07:55 - 2010-02-17 09:09 - 01100515 _____ C:\Windows\WindowsUpdate.log
2013-10-28 05:44 - 2013-10-28 05:44 - 00000000 ____D C:\Users\minottid\AppData\Local\{6BF94FA4-1B31-418E-9DD6-AA6409273C5F}
2013-10-28 05:44 - 2012-01-10 14:55 - 00000000 ___RD C:\Users\minottid\Dropbox
2013-10-28 05:44 - 2012-01-10 14:52 - 00000000 ____D C:\Users\minottid\AppData\Roaming\Dropbox
2013-10-25 14:27 - 2013-10-25 14:27 - 00000000 ____D C:\Users\minottid\AppData\Local\{5F9EE7DB-CACF-4B1F-B8FD-0B5392A15D5B}
2013-10-24 15:47 - 2012-06-10 06:20 - 00000000 ____D C:\Users\minottid\AppData\Local\SugarSync
2013-10-24 15:46 - 2013-10-24 15:45 - 00000000 ____D C:\Users\minottid\AppData\Local\{6DF161CB-3B60-4457-8515-E0D7A8A89437}
2013-10-23 04:43 - 2013-10-23 04:43 - 00000000 ____D C:\Users\minottid\AppData\Local\{7E255AFF-C06B-4585-8208-DE3F52AEA33A}
2013-10-22 06:57 - 2013-10-22 06:57 - 00000000 ____D C:\Users\minottid\AppData\Local\{9D1D7036-9A5E-43E3-9EB3-0A0236D86D89}
2013-10-21 06:19 - 2013-10-21 06:19 - 00000000 ____D C:\Users\minottid\AppData\Local\{C10CAB41-E81C-4C6A-B9E5-CD096AF47186}
2013-10-20 09:07 - 2013-10-20 09:07 - 00000000 ____D C:\Users\minottid\AppData\Local\{5CAE822C-477B-411F-BC77-EBA900FB570D}
2013-10-19 11:33 - 2013-04-14 06:56 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-19 05:01 - 2013-10-19 05:01 - 00000000 ____D C:\Users\minottid\AppData\Local\{A4EA719A-7261-493E-8E1C-69FDCF1F2E08}
2013-10-18 05:14 - 2013-10-18 05:14 - 00000000 ____D C:\Users\minottid\AppData\Local\{6D0F00BA-8DD0-43FD-96C6-44003F3ADA42}
2013-10-16 10:58 - 2013-10-16 10:57 - 00000000 ____D C:\Users\minottid\AppData\Local\{3AF73606-68F0-4183-A6D9-653D39AC96C3}
2013-10-15 08:14 - 2013-10-15 08:14 - 00000215 _____ C:\Users\minottid\Desktop\Google.url
2013-10-15 07:09 - 2013-10-15 07:09 - 00000000 ____D C:\Users\minottid\AppData\Local\{06FAFEB8-DF29-4CA1-868D-CF28600F67D5}
2013-10-14 10:18 - 2013-10-14 10:18 - 00000000 ____D C:\Users\minottid\AppData\Local\{17CE1764-2583-41D4-AF77-61069C5BBFE4}
2013-10-13 11:59 - 2013-10-13 11:59 - 00000000 ____D C:\Users\minottid\AppData\Local\{1952A316-0141-498A-9A86-08BE59CD6FC3}
2013-10-12 18:16 - 2013-10-12 18:16 - 00000000 ____D C:\Users\minottid\AppData\Local\{7FD512B2-1AFB-4F52-AA71-EFAA13D8BFC4}
2013-10-12 05:01 - 2013-10-12 05:01 - 00000000 ____D C:\Users\minottid\AppData\Local\{319D242A-220B-4989-BE4F-948331AE3F40}
2013-10-11 16:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-10-11 11:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 06:49 - 2013-10-11 06:49 - 00000000 ____D C:\Users\minottid\AppData\Local\{F9EBEE34-A4EC-4ADE-883A-148CC787197D}
2013-10-11 06:47 - 2009-07-13 20:33 - 00412744 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-11 06:42 - 2013-10-11 06:42 - 331478029 _____ C:\Windows\MEMORY.DMP
2013-10-11 06:42 - 2013-10-11 06:42 - 00154184 _____ C:\Windows\Minidump\101113-52806-01.dmp
2013-10-11 06:42 - 2013-10-11 06:42 - 00000000 ____D C:\Windows\Minidump
2013-10-10 18:51 - 2010-02-18 04:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 18:49 - 2013-08-15 08:59 - 00000000 ____D C:\Windows\System32\MRT
2013-10-10 18:47 - 2010-02-18 04:58 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-10 18:46 - 2010-05-29 03:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 16:36 - 2013-10-10 16:36 - 00000000 ____D C:\Users\minottid\AppData\Local\{B2E81E7F-95EA-4291-BF5C-D94423D114CC}
2013-10-10 16:34 - 2010-02-17 06:18 - 00040750 _____ C:\Windows\PFRO.log
2013-10-09 15:30 - 2011-01-10 14:06 - 00000000 ____D C:\Users\minottid\AppData\Local\Google
2013-10-09 15:25 - 2013-10-09 15:25 - 00000000 ____D C:\Users\minottid\AppData\Local\{66652DDC-3FD2-4637-8CEC-D4D002C430DC}
2013-10-08 10:48 - 2012-11-30 13:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-08 10:48 - 2011-12-21 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-08 10:08 - 2013-10-08 10:08 - 00000000 ____D C:\Users\minottid\AppData\Local\{D4CB3D5A-F86B-4349-AE29-CE33E63F67BD}
2013-10-07 05:10 - 2013-10-07 05:10 - 00000000 ____D C:\Users\minottid\AppData\Local\{70CBAF8A-B441-4175-BD3A-A834D7F72D06}
2013-10-05 09:31 - 2013-10-05 09:31 - 00000000 ____D C:\Users\minottid\AppData\Local\{1E38B88D-DCD2-44D6-BDC7-4B7DFB873CD1}
2013-10-04 06:06 - 2013-10-04 06:06 - 00000000 ____D C:\Users\minottid\AppData\Local\{81F3BC76-0869-4A72-B914-17A769313D0F}
2013-10-03 08:14 - 2013-10-03 08:14 - 00000000 ____D C:\Users\minottid\AppData\Local\{5790A5C1-E3FB-4EBB-8DE5-AA35E3F64084}
2013-10-02 17:06 - 2013-10-02 17:05 - 00000000 ____D C:\Users\minottid\AppData\Local\{33FA9F66-AE77-437D-A1CC-3A369E53A973}
 
Files to move or delete:
====================
C:\Users\minottid\AppData\Roaming\skype.ini
 
 
Some content of TEMP:
====================
C:\Users\minottid\AppData\Local\Temp\2jfuweif.exe
C:\Users\minottid\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\minottid\AppData\Local\Temp\epiMsiBootstraper.exe
C:\Users\minottid\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\minottid\AppData\Local\Temp\GLF8670.tmp.exe
C:\Users\minottid\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\minottid\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\minottid\AppData\Local\Temp\HitmanPro_x64.exe
C:\Users\minottid\AppData\Local\Temp\Java.exe
C:\Users\minottid\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\minottid\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\minottid\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\minottid\AppData\Local\Temp\Kickstarter.exe
C:\Users\minottid\AppData\Local\Temp\lowproc.exe
C:\Users\minottid\AppData\Local\Temp\MyClaroTB.exe
C:\Users\minottid\AppData\Local\Temp\nswEB8F.tmp.exe
C:\Users\minottid\AppData\Local\Temp\nsxED8B.tmp.tbMapi.dll
C:\Users\minottid\AppData\Local\Temp\rnsetup0.exe
C:\Users\minottid\AppData\Local\Temp\stubhelper.dll
C:\Users\minottid\AppData\Local\Temp\wget.exe
C:\Users\richardsonr\AppData\Local\Temp\epiMsiBootstraper.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 2035.9 MB
Available physical RAM: 1364.05 MB
Total Pagefile: 2035.9 MB
Available Pagefile: 1392.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.2 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.71 GB) (Free:111.75 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:1.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 74B474B4)
Partition 1: (Not Active) - (Size=251 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-11-01 09:25
 
==================== End Of Log ============================

Edited by hamluis, 01 November 2013 - 02:29 PM.
Moved from AII to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Dinx

Dinx
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 PM

Posted 01 November 2013 - 03:34 PM

Sorry for the mis-spelling - the person who was helping was Aaflac.



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 01 November 2013 - 05:20 PM

replied to other topic
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 01 November 2013 - 05:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users