Police Malware Virus - I cant remove

[ebonixa]

I have contracted this virus hoax that is demanding i pay money.

I have tried to launch in safe modes but it does not work just freezes.

help me please.

 

[kuttus]

What is the Operating system you are using?

 

[ebonixa]

Windows vista

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Click on Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

 

[ebonixa]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013
Ran by SYSTEM on 19-05-2013 01:43:10
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2075288 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [McAfeeWrapperApplication] "C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe" [453344 2011-05-11] (McAfee, Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-06] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] ()
HKU\Ebonixa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-15] (Google Inc.)
HKU\Ebonixa\...\Run: [Google Update] "C:\Users\Ebonixa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-24] (Google Inc.)
HKU\Ebonixa\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Ebonixa\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKU\Ebonixa\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Ebonixa\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Ebonixa\Documents\2b727d08.exe [27136 2013-05-18] ()
HKU\Ebonixa\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] ()
AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll [162336 2009-07-21] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Photo Frame.lnk
ShortcutTarget: Photo Frame.lnk -> C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe (North Star com.)

==================== Services (Whitelisted) =================

S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-09-30] (WildTangent, Inc.)
S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-03-04] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378952 2012-11-21] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-05] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-08] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2012-11-08] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2012-01-25] (Trusteer Ltd.)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S2 VhdAttach; C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe [190384 2012-03-14] (Josip Medved)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-07-22] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-08] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-07-22] ()
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74120 2012-10-19] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-08] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-08] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-08] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-08] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-01] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-08] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-11-01] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-01-25] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-01-25] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2012-01-25] (Trusteer Ltd.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation)
S3 mfeavfk01; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S0 sr;
S2 srservice;
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atksgt.sys B4BDE3F758A34658A37DFED3D9783CD8
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\cfwids.sys DF8D07059E7237E0BE9C1421EF5F9482
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys E6CE7188CC47AE5DAFDAF552D370C52F
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HipShieldK.sys 852681A14AFEE00C0C3179429A08C868
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys BE7D72FCF442C26975942007E0831241
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 2E3B99E8C23BE2BF32EBE1DB5261F275
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lirsgt.sys 955982BF4421B77722196552B62E8DC2
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\McPvDrv.sys D0885CA52ACD97E0C93A565BDD2270D9
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys 2D53234C24B0103FDE0BE06782AA6F80
C:\Windows\System32\drivers\mfeavfk.sys C0EAF4F2367C44157E1DE4817238FEC2
C:\Windows\System32\drivers\mfefirek.sys 6856931F9F5B757E9D09369CC35096B9
C:\Windows\System32\drivers\mfehidk.sys 62E4C929A4DB48616B1B90143B48C948
C:\Windows\System32\DRIVERS\mfencbdc.sys 9C9FC3770BD600B2D761D666234C244D
C:\Windows\System32\DRIVERS\mfencrk.sys 93241CC8509B622B47EEA1B8505CF511
C:\Windows\System32\drivers\mfewfpk.sys E18162EA85F1531964F8222CC9E25E26
C:\Windows\System32\DRIVERS\MOBK.sys 3800C23D0D90C59AAFCDEFDC82B5C4AF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nx6000.sys BB590070D606AE6F008341FC9A7B2AD7
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys B964D4C524A80ABA22DB16FC1EDED0A9
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 5BC4D480DD527EB0CF33A67A090A130E
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys F98487B25828441B1C6488C642C2AC10
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 345CAF7431B5E8D889E7F6FD15EFAE60
C:\Windows\System32\Drivers\RapportKE64.sys 639E619348BB5184DCFA37B9CA6597C7
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 9BC1C7C30198D36F84A58018CE21FBDA
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 4AAFFFA67AC4DFA3D9985D78573887E2
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\SECDRV.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\lgx64bus.sys 5FCC71487888589A9244AF54CFEFAB29
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lgx64diag.sys 3FB6E423F7567C92C32EA786F5FD0C69
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\lgx64modem.sys 78D551F5B93488B4666F5FC8DD4815F3
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 48630B4530C80AAF3DDE9633E4291D8C
C:\Windows\System32\Drivers\VBoxUSB.sys 075EA3A313446EE2BD760F20F00BEFD7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-19 01:28 - 2013-05-19 01:28 - 00000000 ____D C:\FRST
2013-05-18 13:38 - 2013-05-18 13:38 - 01038470 ____A C:\ProgramData\2433f433
2013-05-18 13:38 - 2013-05-18 13:38 - 01038421 ____A C:\Users\Ebonixa\AppData\Roaming\2433f433
2013-05-18 13:38 - 2013-05-18 13:38 - 01038396 ____A C:\Users\Ebonixa\AppData\Local\2433f433
2013-05-18 13:38 - 2013-05-18 13:38 - 00027136 ____A C:\Users\Ebonixa\Documents\2b727d08.exe
2013-05-18 02:25 - 2013-05-18 02:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E9423082-F149-40F4-A7F2-B4A5CCCAEC26}
2013-05-17 10:31 - 2013-05-17 10:32 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{45235006-C801-487A-AB05-3DCF15C3C219}
2013-05-17 10:08 - 2013-05-17 10:08 - 00000000 __SHD C:\found.000
2013-05-17 10:01 - 2013-05-17 10:01 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iTunes
2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iPod
2013-05-16 22:31 - 2013-05-16 22:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{871C2234-30DD-4B06-A1C5-E09DB659313A}
2013-05-15 21:54 - 2013-05-16 09:54 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{A6186DFC-0BF2-4544-930B-258344CB1647}
2013-05-15 18:01 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 18:01 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 18:01 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 18:01 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 18:01 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 18:01 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 18:01 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 18:01 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 18:01 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 18:01 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 18:01 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 18:01 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 18:01 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 18:01 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 18:01 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 18:01 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 18:01 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 18:00 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 18:00 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 18:00 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 18:00 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 18:00 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 18:00 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 18:00 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 18:00 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 18:00 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 18:00 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 18:00 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 18:00 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 18:00 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 18:00 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 09:39 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 09:39 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 09:39 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 09:39 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 09:39 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 09:39 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 09:39 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 09:39 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 09:39 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 09:39 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 09:39 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 09:38 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 09:38 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 09:38 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 09:11 - 2013-05-15 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{25C91D86-52FE-4A0C-89BE-72CD4CCCA599}
2013-05-14 12:27 - 2013-04-20 11:03 - 2412408213 ____A C:\Users\Ebonixa\Desktop\The Bourne Ultimatum.mp4
2013-05-14 11:05 - 2013-05-14 11:05 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{EBDA5BE1-2098-422E-A5BA-B297FB0C55C1}
2013-05-13 01:13 - 2013-05-13 01:14 - 00000000 ____D C:\Users\Ebonixa\Desktop\Birthday
2013-05-13 01:04 - 2013-05-13 13:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F5C08CFC-582E-4A20-9B5D-DEFE034B42E6}
2013-05-11 00:42 - 2013-05-12 12:43 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{052EB9B2-97B9-4FEA-BABB-68FE7FB795D1}
2013-05-08 09:12 - 2013-05-08 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{078CCC4D-097E-4345-A3A2-D9F45CAACA33}
2013-05-07 11:48 - 2013-05-07 11:48 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{40DA6ABD-837D-4AA9-A145-A8FEDD130978}
2013-05-06 22:39 - 2013-05-06 22:39 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D39793F3-5F31-4926-9BCD-41A1E896FE3C}
2013-05-06 03:45 - 2013-05-06 03:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D0250FFD-A12C-45F7-A106-57A96F09046F}
2013-05-05 03:44 - 2013-05-05 15:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4CFF497C-2F46-44AA-8FB8-FA8B1A8EA6DE}
2013-05-03 23:10 - 2013-05-04 11:11 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E4A55321-5928-40D3-9353-BA723A94D9C8}
2013-05-03 10:26 - 2013-05-03 10:26 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{32AC9B0D-A19A-4AD6-B662-8E22C95C5F4F}
2013-05-01 03:24 - 2013-05-01 03:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F980877C-C9D6-4EFB-91A8-64167A8CBA00}
2013-04-29 06:25 - 2013-04-29 06:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4056126B-3D55-4039-9BC3-66CBB9D113A1}
2013-04-28 03:04 - 2013-04-28 03:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{21E5A57B-F0BE-4BD4-9FE9-EC88CC525A85}
2013-04-27 01:19 - 2013-04-27 13:20 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{C3BEECA4-D1C7-4486-81B1-D431FEFB0354}
2013-04-24 11:55 - 2013-04-27 07:24 - 00000000 ____D C:\ProgramData\Yahoo!
2013-04-24 11:45 - 2013-04-27 07:24 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-04-24 09:32 - 2013-04-27 07:18 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Babylon
2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\ProgramData\Babylon
2013-04-24 04:19 - 2013-04-24 04:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4C62F919-1DB9-4018-9A5B-A72035C6C51A}
2013-04-23 10:50 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 10:45 - 2013-04-23 10:46 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F53A483A-04DE-46DD-B52B-F4AF0C430E1A}
2013-04-22 13:47 - 2013-04-23 10:39 - 00000000 ____D C:\ProgramData\E49B794EFB8B08280000E49A94BB0ED0
2013-04-22 01:13 - 2013-04-22 13:13 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{870A5655-66F4-44C6-893B-809F9DE4EF6E}
2013-04-21 02:51 - 2013-04-21 02:52 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{1CABE137-A1AE-47AF-8FE4-CDDBB76F44FF}
2013-04-20 01:42 - 2013-04-20 13:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E353FCF5-0065-4008-A24B-DDC997C90E51}
2013-04-19 04:17 - 2013-04-19 04:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{6C763C36-F1A7-47FF-B4CB-85450D330D01}

==================== One Month Modified Files and Folders =======

2013-05-19 01:28 - 2013-05-19 01:28 - 00000000 ____D C:\FRST
2013-05-19 00:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-18 15:21 - 2012-06-24 04:24 - 00000418 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-05-18 15:21 - 2011-08-15 10:34 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-18 15:21 - 2010-09-17 18:14 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-18 15:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-18 15:21 - 2009-07-13 20:51 - 00167691 ____A C:\Windows\setupact.log
2013-05-18 15:01 - 2010-09-17 18:09 - 01512877 ____A C:\Windows\WindowsUpdate.log
2013-05-18 14:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-18 14:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-18 13:43 - 2010-11-19 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Azureus
2013-05-18 13:41 - 2011-07-24 01:37 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84892216-39173874-2601006852-1000UA.job
2013-05-18 13:38 - 2013-05-18 13:38 - 01038470 ____A C:\ProgramData\2433f433
2013-05-18 13:38 - 2013-05-18 13:38 - 01038421 ____A C:\Users\Ebonixa\AppData\Roaming\2433f433
2013-05-18 13:38 - 2013-05-18 13:38 - 01038396 ____A C:\Users\Ebonixa\AppData\Local\2433f433
2013-05-18 13:38 - 2013-05-18 13:38 - 00027136 ____A C:\Users\Ebonixa\Documents\2b727d08.exe
2013-05-18 13:38 - 2011-08-15 10:34 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-18 13:14 - 2012-09-10 13:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-18 13:03 - 2013-03-09 01:08 - 00001856 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-05-18 09:41 - 2011-07-24 01:37 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84892216-39173874-2601006852-1000Core.job
2013-05-18 02:29 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 02:26 - 2013-03-08 12:34 - 00000000 __RSD C:\Users\Ebonixa\Documents\McAfee Vaults
2013-05-18 02:25 - 2013-05-18 02:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E9423082-F149-40F4-A7F2-B4A5CCCAEC26}
2013-05-18 02:24 - 2012-11-05 10:25 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-18 02:24 - 2010-11-20 05:43 - 00000000 ____D C:\Users\Ebonixa\Tracing
2013-05-17 10:32 - 2013-05-17 10:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{45235006-C801-487A-AB05-3DCF15C3C219}
2013-05-17 10:08 - 2013-05-17 10:08 - 00000000 __SHD C:\found.000
2013-05-17 10:01 - 2013-05-17 10:01 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iTunes
2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iPod
2013-05-17 10:01 - 2010-11-25 11:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-17 09:53 - 2012-12-30 11:56 - 00000000 ____D C:\Users\Ebonixa\Desktop\Rayon
2013-05-17 04:14 - 2012-06-24 04:24 - 00000442 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
2013-05-16 22:31 - 2013-05-16 22:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{871C2234-30DD-4B06-A1C5-E09DB659313A}
2013-05-16 09:54 - 2013-05-15 21:54 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{A6186DFC-0BF2-4544-930B-258344CB1647}
2013-05-15 18:27 - 2009-07-13 20:45 - 00432296 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 18:08 - 2010-11-19 06:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 18:05 - 2010-11-30 11:32 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 09:12 - 2013-05-15 09:11 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{25C91D86-52FE-4A0C-89BE-72CD4CCCA599}
2013-05-14 12:16 - 2012-05-09 22:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 12:16 - 2011-08-15 10:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 11:25 - 2010-05-10 16:55 - 00000000 ____D C:\ProgramData\Adobe
2013-05-14 11:05 - 2013-05-14 11:05 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{EBDA5BE1-2098-422E-A5BA-B297FB0C55C1}
2013-05-14 11:05 - 2010-11-19 16:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\CrashDumps
2013-05-13 13:04 - 2013-05-13 01:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F5C08CFC-582E-4A20-9B5D-DEFE034B42E6}
2013-05-13 01:14 - 2013-05-13 01:13 - 00000000 ____D C:\Users\Ebonixa\Desktop\Birthday
2013-05-12 12:43 - 2013-05-11 00:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{052EB9B2-97B9-4FEA-BABB-68FE7FB795D1}
2013-05-11 03:29 - 2010-11-19 11:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Skype
2013-05-08 09:12 - 2013-05-08 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{078CCC4D-097E-4345-A3A2-D9F45CAACA33}
2013-05-07 11:48 - 2013-05-07 11:48 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{40DA6ABD-837D-4AA9-A145-A8FEDD130978}
2013-05-06 22:39 - 2013-05-06 22:39 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D39793F3-5F31-4926-9BCD-41A1E896FE3C}
2013-05-06 04:31 - 2013-03-23 10:15 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Might & Magic Heroes VI
2013-05-06 03:45 - 2013-05-06 03:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D0250FFD-A12C-45F7-A106-57A96F09046F}
2013-05-05 15:45 - 2013-05-05 03:44 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4CFF497C-2F46-44AA-8FB8-FA8B1A8EA6DE}
2013-05-04 11:11 - 2013-05-03 23:10 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E4A55321-5928-40D3-9353-BA723A94D9C8}
2013-05-04 08:15 - 2010-11-19 06:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Adobe
2013-05-03 10:26 - 2013-05-03 10:26 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{32AC9B0D-A19A-4AD6-B662-8E22C95C5F4F}
2013-05-03 10:25 - 2013-03-09 01:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-05-03 10:25 - 2010-05-10 16:58 - 01192848 ____A C:\Windows\PFRO.log
2013-05-01 17:06 - 2013-01-27 12:16 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 11:31 - 2013-03-08 12:33 - 00000000 ____D C:\Program Files\McAfee
2013-05-01 03:25 - 2013-05-01 03:24 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F980877C-C9D6-4EFB-91A8-64167A8CBA00}
2013-04-29 06:25 - 2013-04-29 06:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4056126B-3D55-4039-9BC3-66CBB9D113A1}
2013-04-28 03:04 - 2013-04-28 03:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{21E5A57B-F0BE-4BD4-9FE9-EC88CC525A85}
2013-04-27 13:20 - 2013-04-27 01:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{C3BEECA4-D1C7-4486-81B1-D431FEFB0354}
2013-04-27 07:24 - 2013-04-24 11:55 - 00000000 ____D C:\ProgramData\Yahoo!
2013-04-27 07:24 - 2013-04-24 11:45 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-04-27 07:19 - 2013-03-09 04:53 - 00002059 ____A C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk
2013-04-27 07:18 - 2013-04-24 09:32 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Babylon
2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\ProgramData\Babylon
2013-04-24 04:19 - 2013-04-24 04:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4C62F919-1DB9-4018-9A5B-A72035C6C51A}
2013-04-23 10:46 - 2013-04-23 10:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F53A483A-04DE-46DD-B52B-F4AF0C430E1A}
2013-04-23 10:40 - 2013-04-11 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-23 10:39 - 2013-04-22 13:47 - 00000000 ____D C:\ProgramData\E49B794EFB8B08280000E49A94BB0ED0
2013-04-22 13:13 - 2013-04-22 01:13 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{870A5655-66F4-44C6-893B-809F9DE4EF6E}
2013-04-21 03:15 - 2011-12-02 17:15 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-04-21 02:52 - 2013-04-21 02:51 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{1CABE137-A1AE-47AF-8FE4-CDDBB76F44FF}
2013-04-20 13:42 - 2013-04-20 01:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E353FCF5-0065-4008-A24B-DDC997C90E51}
2013-04-20 11:03 - 2013-05-14 12:27 - 2412408213 ____A C:\Users\Ebonixa\Desktop\The Bourne Ultimatum.mp4
2013-04-19 04:17 - 2013-04-19 04:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{6C763C36-F1A7-47FF-B4CB-85450D330D01}

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-15 09:26:10
Restore point made on: 2013-05-15 18:00:41

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {a6b45ddf-c096-11df-9988-b9460d959c47}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a6b45ddf-c096-11df-9988-b9460d959c47}
nx OptIn
increaseuserva 2560

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\a6b45de1-c096-11df-9988-b9460d959c47\Winre.wim,{a6b45de2-c096-11df-9988-b9460d959c47}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\a6b45de1-c096-11df-9988-b9460d959c47\Winre.wim,{a6b45de2-c096-11df-9988-b9460d959c47}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {a6b45ddf-c096-11df-9988-b9460d959c47}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {a6b45de2-c096-11df-9988-b9460d959c47}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a6b45de1-c096-11df-9988-b9460d959c47\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8183.11 MB
Available physical RAM: 7231.09 MB
Total Pagefile: 8181.26 MB
Available Pagefile: 7241.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:689.45 GB) (Free:229.48 GB) NTFS (Disk=0 Partition=3)
Drive e: (DATA) (Fixed) (Total:689.71 GB) (Free:0.09 GB) NTFS (Disk=0 Partition=4)
Drive f: (PQSERVICE) (Fixed) (Total:18 GB) (Free:6.54 GB) NTFS (Disk=0 Partition=1)
Drive g: (MMH6 - EFIGS) (CDROM) (Total:5.84 GB) (Free:0 GB) UDF
Drive h: (EBONIXA'S) (Removable) (Total:74.4 GB) (Free:64.32 GB) exFAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 7CFACE33)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=689 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=690 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.


Last Boot: 2013-05-13 15:33

==================== End Of Log ============================

 

[kuttus]

Now please download this file and save it to your Flash Drive.

[attachment=4537]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

 

[ebonixa]

works perfectly!

You are a God send. I am now adding malwarebytes to my computer

 

[ebonixa]

It has now resulted in a new problem!

My computer seems to now be having a lot of problem loading up once the password has been put it. It now waits at a black street which seems to be a command prompt. Some times if you wait long enough it continues to load sometimes not.

 

[kuttus]

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

STEP 3: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>

Settings You need to Select in OTL

1. Click the Scan All Users checkbox.
2. Change Standard Registry to All.
3. Check the boxes beside LOP Check and Purity Check.

<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />