I have smart guard virus

sara · Jan 28, 2014

Edited.

TwinHeadedEagle · Jan 28, 2014

Hi, can you just attach FRST report? Like this is unreadable?

sara · Jan 28, 2014

TwinHeadedEagle said:
Hi, can you just attach FRST report? Like this is unreadable?

I can't because my mobile wil not do it
And I can't get in the Internet from my laptop

TwinHeadedEagle · Jan 28, 2014

Ok then, copy it the way you can. Just be sure not to forget something, every part of the report is important. I'll join it myself...

sara · Jan 28, 2014

I did that on my reply to this topic but you edited it
But I will try to do it again
Thank you very much for your help

sara · Jan 28, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by SYSTEM on MININT-PNMSGED on 28-01-2014 21:18:17
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

sara · Jan 28, 2014

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-29] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM\...\Run: [SCDEmuApp.exe] - C:\Program Files\PowerISO\SCDEmuApp.exe [180224 2005-10-29] (PowerISO Computing, Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\pnDXXn37\pnDXXn37.exe [533520 2014-01-26] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\pnDXXn37\pnDXXn37.exe -sm,
HKU\Esraa\...\Run: [Google Update] - C:\Users\Esraa\AppData\Local\Google\Update\GoogleUpdate.exe [ 2013-02-07] (Google Inc.)
HKU\Esraa\...\Run: [WinFLTray] - C:\Windows\system32\WinFLTray.exe [ 2013-10-15] ( New Softwares.net)
HKU\Esraa\...\Run: [FLBackup] - C:\Source\NewSoftware's\Folder Lock\FLComServCtrl.exe [ 2013-10-15] (New Softwares.net)
HKU\Esraa\...\RunOnce: [AS2014] - C:\ProgramData\pnDXXn37\pnDXXn37.exe [ 2014-01-26] ()

sara · Jan 28, 2014

========================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

sara · Jan 28, 2014

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-29] (AVAST Software)
S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-29] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-29] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-29] ()
S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-30] (ATK0100)
S2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2013-10-15] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
S1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-10-15] ()
S3 massfilter;

sara · Jan 28, 2014

system32\drivers\massfilter.sys [x]
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================

sara · Jan 28, 2014

==================== One Month Created Files and Folders ========

2014-01-28 21:18 - 2014-01-28 21:18 - 00000000 ____D C:\FRST
2014-01-28 09:10 - 2014-01-28 09:10 - 00000000 ____D C:\ProgramData\New folder_old
2014-01-27 14:27 - 2014-01-28 10:57 - 00001666 _____ C:\Users\Esraa\Desktop\Smart Guard Protection.lnk
2014-01-27 14:27 - 2014-01-28 10:57 - 00000112 _____ C:\Users\Esraa\Desktop\Smart Guard Protection support.url
2014-01-26 11:19 - 2014-01-27 15:28 - 00000000 ____D C:\ProgramData\pnDXXn37
2014-01-21 14:26 - 2014-01-21 14:27 - 00145576 _____ C:\Windows\Minidump\012214-18532-01.dmp
2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Windows\Minidump
2014-01-03 07:37 - 2014-01-03 07:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-31 23:17 - 2014-01-01 00:04 - 00123296 _____ C:\Users\Esraa\Desktop\شيت الرابع.xlsx
2013-12-31 22:55 - 2014-01-01 00:05 - 56545280 _____ C:\Users\Esraa\Desktop\الصف الرابع 20-11-2013.xls
2013-12-31 02:30 - 2013-12-31 03:06 - 00131250 _____ C:\Users\Esraa\Desktop\شيت الخامس.xlsx
2013-12-30 23:12 - 2013-12-30 23:12 - 00394085 _____ C:\Users\Esraa\Desktop\شيت الثالث.xlsx
2013-12-30 00:51 - 2013-12-30 00:51 - 00040162 _____ C:\Users\Esraa\Desktop\الأول.xlsx
2013-12-29 11:36 - 2013-12-29 11:37 - 00759219 _____ C:\Users\Esraa\Downloads\اعمال الكنترول.rar
2013-12-29 02:31 - 2013-12-31 02:28 - 56610304 _____ C:\Users\Esraa\Desktop\الصف الخامس20-11-2013.xls

sara · Jan 28, 2014

==================== One Month Modified Files and Folders =======

2014-01-28 21:18 - 2014-01-28 21:18 - 00000000 ____D C:\FRST
2014-01-28 21:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2014-01-28 11:02 - 2013-02-07 13:25 - 00713888 _____ C:\Windows\System32\PerfStringBackup.INI

sara · Jan 28, 2014

2014-01-28 11:02 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 11:02 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 10:57 - 2014-01-27 14:27 - 00001666 _____ C:\Users\Esraa\Desktop\Smart Guard Protection.lnk
2014-01-28 10:57 - 2014-01-27 14:27 - 00000112 _____ C:\Users\Esraa\Desktop\Smart Guard Protection support.url
2014-01-28 10:57 - 2009-07-13 20:39 - 00062679 _____ C:\Windows\setupact.log
2014-01-28 09:10 - 2014-01-28 09:10 - 00000000 ____D C:\ProgramData\New folder_old
2014-01-27 15:28 - 2014-01-26 11:19 - 00000000 ____D C:\ProgramData\pnDXXn37
2014-01-27 14:47 - 2013-02-13 08:44 - 00000000 ____D C:\ProgramData\Skype
2014-01-27 14:27 - 2013-02-07 21:51 - 01373682 _____ C:\Windows\WindowsUpdate.log
2014-01-26 11:12 - 2013-02-07 13:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-26 11:02 - 2013-11-21 08:53 - 00000000 ____D C:\Program Files\QuickTime
2014-01-26 11:01 - 2013-11-21 08:53 - 00054156 ____H C:\Windows\QTFont.qfn
2014-01-26 11:01 - 2013-11-21 08:53 - 00001409 _____ C:\Windows\QTFont.for
2014-01-26 10:54 - 2013-02-07 13:21 - 00000000 ____D C:\users\Esraa
2014-01-25 03:42 - 2013-02-07 13:39 - 00000000 ____D C:\esraa
2014-01-21 14:27 - 2014-01-21 14:26 - 00145576 _____ C:\Windows\Minidump\012214-18532-01.dmp

sara · Jan 28, 2014

2014-01-21 14:26 - 2014-01-21 14:26 - 00000000 ____D C:\Windows\Minidump
2014-01-16 10:10 - 2013-02-07 13:43 - 00002364 _____ C:\Users\Esraa\Desktop\Google Chrome.lnk
2014-01-05 06:51 - 2013-02-07 13:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 13:11 - 2013-10-15 04:35 - 00000700 ___SH C:\Users\Esraa\AppData\Local\systemFL7.dat
2014-01-03 13:11 - 2013-10-15 03:43 - 00002568 ___SH C:\ProgramData\win_mpwd_sys.dat
2014-01-03 13:11 - 2013-10-15 03:42 - 00003465 ___SH C:\Windows\System32\win_stlthdb_sys.dat
2014-01-03 13:11 - 2013-10-15 03:42 - 00003465 ___SH C:\Users\Esraa\AppData\Local\win_stlthdb_sys.dat
2014-01-03 07:37 - 2014-01-03 07:37 - 00000000 ____D C:\Program Files\Mozilla Firefox

sara · Jan 28, 2014

2014-01-01 00:05 - 2013-12-31 22:55 - 56545280 _____ C:\Users\Esraa\Desktop\الصف الرابع 20-11-2013.xls
2014-01-01 00:04 - 2013-12-31 23:17 - 00123296 _____ C:\Users\Esraa\Desktop\شيت الرابع.xlsx
2013-12-31 03:06 - 2013-12-31 02:30 - 00131250 _____ C:\Users\Esraa\Desktop\شيت الخامس.xlsx
2013-12-31 02:28 - 2013-12-29 02:31 - 56610304 _____ C:\Users\Esraa\Desktop\الصف الخامس20-11-2013.xls
2013-12-30 23:12 - 2013-12-30 23:12 - 00394085 _____ C:\Users\Esraa\Desktop\شيت الثالث.xlsx

sara · Jan 28, 2014

2013-12-30 00:51 - 2013-12-30 00:51 - 00040162 _____ C:\Users\Esraa\Desktop\الأول.xlsx
2013-12-29 23:36 - 2013-12-17 09:16 - 00000000 ____D C:\Users\Esraa\Downloads\كنترول قرار قديم
2013-12-29 11:37 - 2013-12-29 11:36 - 00759219 _____ C:\Users\Esraa\Downloads\اعمال الكنترول.rar
2013-12-29 02:04 - 2013-12-26 01:50 - 56746496 _____ C:\Users\Esraa\Desktop\الصف الرابع.xls

sara · Jan 28, 2014

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat

Some content of TEMP:
====================
C:\Users\Esraa\AppData\Local\Temp\Bit65B7.tmp.exe
C:\Users\Esraa\AppData\Local\Temp\Folder Lock Portable.exe
C:\Users\Esraa\AppData\Local\Temp\htmlayout.dll
C:\Users\Esraa\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Esraa\AppData\Local\Temp\launcher.exe

sara · Jan 28, 2014

C:\Users\Esraa\AppData\Local\Temp\siinst.exe
C:\Users\Esraa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Esraa\AppData\Local\Temp\strings.dll
C:\Users\Esraa\AppData\Local\Temp\{E246E0A0-570D-42C2-A28A-9FEABF96B089}-25.0.1364.97_24.0.1312.57_chrome_updater.exe

sara · Jan 28, 2014

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

sara · Jan 28, 2014

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-01-23 13:00:47
Restore point made on: 2014-01-26 11:01:01

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2039.24 MB
Available physical RAM: 1644 MB
Total Pagefile: 2039.24 MB
Available Pagefile: 1649.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.11 MB

I have smart guard virus

New Member

Level 41

New Member

Level 41

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

Similar threads