Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Security Pro


  • Please log in to reply
26 replies to this topic

#1 HJake

HJake

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 15 November 2013 - 04:13 PM

Hi Folks,

New to posting so I hope not to waste too much of your valuable commodity, TIME.  This machine I'm presently using is fine but I am trying to remove the above noted Malware from a friends machine a Compaq desktop running Windows 7.  How should I start with the removal procedure as I do not want to connect the infested machine to my network?  Any help you can provide is appreciated by myself and my friend especially if we can jointly remove this malady from his computer. Thanks for any and all your help.

HJake



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 15 November 2013 - 04:16 PM

Hello HJake

Please try this Guide first.. let me know...

Antivirus Security Pro Removal Guide


I also moved this to the Am I Infected forum for now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 HJake

HJake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 21 November 2013 - 03:45 PM

Hi Boopme,
I tried with some success to remove Antivirus Security Pro using the aforementioned guide. When I checked on the results the morning after running R kill & Malware bytes for over 9 hours I unfortunately found that while we had made some progress (five items removed ie 2-Rogue antivirus, 1-hijack security, 2-Trojan redirect files) Antivirus Security Pro was still messing with my head & taking my picture as well!
To get my mind in a better place I've left it alone until today but I'm ready to get after this buggar once again. Any help with direction and guidance would be very much appreciated. Its a Compaq desktop running windows 7. So far I've not connected the infested machine to the internet but used a thumb drive to load R kill and malware bytes onto the questionable machine. Your input is requested and very much appreciated.
Regards,
HJake

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 21 November 2013 - 09:59 PM

Ok lets run these next and see. First 2 are quick and second long.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
    .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 HJake

HJake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 07 December 2013 - 03:25 PM

Hi Boopme,

Sorry for the long silence. I've downloaded both MiniToolBox and AdwCleaner to a USB drive. The infected computer when booted in safe mode does not allow me to run MiniToolBox before either 1)shutting down or 2)rebooting in normal mode. Again the infected computer is not connected to the internet andI can only use this good machine to download files and then try to run them on the infected machine (Windows 7) with a thumb drive.
Do you know how we can run MiniToolBox before being shut down? Thanks for all your help and advice.

Regards,
HJake

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 09 December 2013 - 12:07 PM

Lets see if you can run the Avira Rescue CD


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 HJake

HJake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 10 December 2013 - 05:21 PM

Hi Boopme,

 

I've downloaded the ISO version of the rescue system and associated manual files. The EXE version would not work today for me.  If using the ISO files is incorrect please advise.  

Now I have homework to do.  Thanks for your guidance and help. 

 

Regards,

HJake



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 10 December 2013 - 11:33 PM

See if this tutorial is easier

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 HJake

HJake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 11 December 2013 - 08:06 AM

Hi Boopme,

I've read the new info and will work with this one first.  If clarification is needed then I'll refer to the more in depth tutorials.  Thanks for your help.

 

Regards,

HJake



#10 HJake

HJake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 12 December 2013 - 09:30 AM

Hi Boopme,

 

Thus far we've downloaded both ISO and EXE files of the rescue program and burned four CDs on  two different clean machines' optical drives.  I believe the CD used as the rescue disc is good but have used at least three different ones to no avail. Just can't get any of the CDs to load.  From the infected machine you hear its optical drive working for about 20 - 30 seconds (black screen cursor flashing) then the windows start screen appears and windows loads.  Have done this several times and rechecked bios to make certain the optical drive loads first.  Still windows ends up on the screen.   HELP!!

 

Regards,

HJake



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 12 December 2013 - 10:53 AM

I am getting us some help.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:52 PM

Posted 12 December 2013 - 11:07 AM

Hi and welcome.

 

Lets give it a try.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:52 PM

Posted 12 December 2013 - 11:10 AM

Hello, just letting you know I moved this topic o here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 12 December 2013 - 11:15 AM

Disregard.

Edited by JSntgRvr, 12 December 2013 - 12:09 PM.


#15 HJake

HJake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 12 December 2013 - 02:02 PM

Hi Boopme/JSntgRvr,

After scanning the Compaq Desktop running Windows 7 64 bit here is the file.

 

Regards,

HJake

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by SYSTEM on MININT-DN7JG1S on 12-12-2013 13:42:58
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\Xrgsarvn\Xrgsarvn.exe [659056 2013-10-14] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\ProgramData\Xrgsarvn\Xrgsarvn.exe -sm,
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [454600 2013-02-28] (McAfee, Inc.)
HKU\Anthony\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Anthony\...\Run: [StartNow Search Protect] - C:\Program Files (x86)\StartNow Toolbar\search_protect.exe [1352048 2012-09-06] ()
HKU\Anthony\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-16] (Google Inc.)
HKU\Anthony\...\Run: [AS2014] - C:\ProgramData\Xrgsarvn\Xrgsarvn.exe [659056 2013-10-14] ()
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-09-04] (Alcatel-Lucent)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378952 2012-11-22] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-12-26] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182312 2012-12-26] (McAfee, Inc.)
S2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-01] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-09-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-09-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-12 13:42 - 2013-12-12 13:42 - 00000000 ____D C:\FRST
2013-12-11 08:28 - 2013-12-11 14:08 - 00001672 _____ C:\Users\Anthony\Desktop\Antivirus Security Pro.lnk
2013-12-07 12:39 - 2013-12-07 11:48 - 01110034 _____ C:\Users\Anthony\Desktop\AdwCleaner.exe
2013-12-07 12:31 - 2013-12-07 11:45 - 00760937 _____ (Farbar) C:\Users\Anthony\Desktop\MiniToolBox.exe
2013-11-16 04:31 - 2013-12-11 14:08 - 00000118 _____ C:\Users\Anthony\Desktop\Antivirus Security Pro support.url
2013-11-16 04:29 - 2013-11-16 04:29 - 00000610 _____ C:\Windows\PFRO.log
2013-11-15 15:01 - 2013-11-15 15:01 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Malwarebytes
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 15:00 - 2013-11-15 15:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-15 15:00 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-11-15 14:58 - 2013-12-12 10:30 - 00002050 _____ C:\Windows\setupact.log
2013-11-15 14:58 - 2013-11-15 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-15 14:10 - 2013-11-15 14:10 - 00000000 ____D C:\Users\Anthony\Desktop\rkill
2013-11-15 14:09 - 2013-11-15 14:40 - 00002490 _____ C:\Users\Anthony\Desktop\Rkill.txt

==================== One Month Modified Files and Folders =======

2013-12-12 13:42 - 2013-12-12 13:42 - 00000000 ____D C:\FRST
2013-12-12 10:30 - 2013-11-15 14:58 - 00002050 _____ C:\Windows\setupact.log
2013-12-12 10:30 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 14:13 - 2010-07-16 04:35 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 14:08 - 2013-12-11 08:28 - 00001672 _____ C:\Users\Anthony\Desktop\Antivirus Security Pro.lnk
2013-12-11 14:08 - 2013-11-16 04:31 - 00000118 _____ C:\Users\Anthony\Desktop\Antivirus Security Pro support.url
2013-12-11 07:46 - 2010-07-16 04:35 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 07:43 - 2012-04-04 03:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 13:20 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-07 13:20 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-07 13:20 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-07 11:48 - 2013-12-07 12:39 - 01110034 _____ C:\Users\Anthony\Desktop\AdwCleaner.exe
2013-12-07 11:45 - 2013-12-07 12:31 - 00760937 _____ (Farbar) C:\Users\Anthony\Desktop\MiniToolBox.exe
2013-11-16 04:29 - 2013-11-16 04:29 - 00000610 _____ C:\Windows\PFRO.log
2013-11-16 04:28 - 2010-07-16 04:36 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Skype
2013-11-15 15:01 - 2013-11-15 15:01 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Malwarebytes
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 15:01 - 2013-11-15 15:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-15 14:58 - 2013-11-15 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-11-15 14:40 - 2013-11-15 14:09 - 00002490 _____ C:\Users\Anthony\Desktop\Rkill.txt
2013-11-15 14:10 - 2013-11-15 14:10 - 00000000 ____D C:\Users\Anthony\Desktop\rkill

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

12
Restore point made on: 2013-09-10 11:57:45
Restore point made on: 2013-09-10 18:22:06
Restore point made on: 2013-09-12 18:07:59
Restore point made on: 2013-09-13 17:39:19
Restore point made on: 2013-09-17 11:40:07
Restore point made on: 2013-09-20 14:26:07
Restore point made on: 2013-09-24 03:46:01
Restore point made on: 2013-09-27 17:43:37
Restore point made on: 2013-10-01 01:07:05
Restore point made on: 2013-10-04 12:20:02
Restore point made on: 2013-10-11 03:23:09
Restore point made on: 2013-10-11 17:55:54

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 1790.49 MB
Available physical RAM: 1169.26 MB
Total Pagefile: 1790.49 MB
Available Pagefile: 1148.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:288.12 GB) (Free:237.31 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (STORE N GO) (Removable) (Total:3.73 GB) (Free:3.69 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-12-07 12:24

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users