Threats wont remove with Kaspersky

D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
I created a Kasperksy Rescue Disk 10 disk and followed all necessary steps. Updated definitions and then ran scan. Results of the scan are found 132 Trojans and 10 Adware and other programs. When I tried to quarantine or delete them, only 26 have been deleted and 2 quarantined. There were 11 other detected events but when I try to delete those the Rescue Disk pops up and gives me three options:

1)Quarantine
Cannot be moved to quarantine: write not supported.
2) Delete Archive. Archive file will be deleted.
3) Skip (recommended) Do not perform any actions

Why wont Kaspersky remove the other infections? When I try to reboot my computer it still goes to the Mandiant MoneyPak virus.

And I wasn't able to run OTL Log or aswMBR Log because of the Mandiant Virus.

Please help on what I need to do. Thank you.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello :)


Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>For 32 bit systems download <>Farbar Recovery Scan Tool</> and save it to a USB/flash drive.

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
Thanks for your reply. Every time when I am in notepad and go to view my USB flash drive, it isn't there. The only drives listed are my hard drives and my CD Drive. My USB flash drive isn't being recognized for some reason.

Is there something I can do about this?
 
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
Yes I have tried both USB ports. This is a new Flash Drive so I'm not sure if that has anything to do with it.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Ok, let's try different method


Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
I followed all steps. When I plug in my flash drive I can tell the computer knows it's there because the "Safely Remove Hardware" icon appears at the bottom right. But when I got to try to open up the files, it still does not have my flash drive listed. "My computer" only lists my hard drives and the CD drive.
 
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
Finally got it going. Here is the reading.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by SYSTEM on REATOGO on 02-12-2013 13:57:04
Running from D:\
WIN_XP (X86) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is missing.

ATTENTION: Software hive is not loaded.


========================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========


==================== One Month Modified Files and Folders =======


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 2910.95 MB
Available physical RAM: 2692.39 MB
Total Pagefile: 2736.59 MB
Available Pagefile: 2676.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.25 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive d: () (Fixed) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive e: () (Fixed) (Total:290.09 GB) (Free:174.2 GB) NTFS
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 7 GB) (Disk ID: 93431CFB)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2EB41AF)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Something is wrong, we need to repair files...

Within OTLPE desktop select command prompt and type in the following command :

chkdsk c: /r

On completion retry a normal boot. If boot fails, go to OTLPE and produce fresh FRST report...
 
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
Ok, so I did the comman chkdsk c: /r and it said "cannont open volume for direct access."

I went ahead and did FRST again and it gave more readings. Its as follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by SYSTEM on REATOGO on 02-12-2013 14:33:39
Running from D:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [lxcimon.exe] - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe [205744 2007-05-11] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.)
HKLM\...\Run: [LXCICATS] - rundll32 \3\LXCItime.dll,RunDLLEntry
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [ 2012-10-25] (Apple Inc.)
HKU\Guest\...\Policies\system: [NoDispCPL] 0
HKU\Guest\...\Policies\system: [NoDispAppearancePage] 0
HKU\Guest\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Guest\...\Policies\system: [NoDispScrSavPage] 0
HKU\Guest\...\Policies\system: [NoDispSettingsPage] 0
HKU\Guest\...\Policies\system: [NoColorChoice] 0
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Guest\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest\...\Policies\system: [DisableChangePassword] 0
HKU\Guest\...\Policies\system: [HideLogonScripts] 0
HKU\Guest\...\Policies\system: [HideLogoffScripts] 0
HKU\Guest\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\Guest Access\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [ 2012-10-25] (Apple Inc.)
HKU\Guest Access\...\Policies\system: [LogonHoursAction] 2
HKU\Guest Access\...\Policies\system: [NoDispCPL] 0
HKU\Guest Access\...\Policies\system: [NoDispAppearancePage] 0
HKU\Guest Access\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Guest Access\...\Policies\system: [NoDispScrSavPage] 0
HKU\Guest Access\...\Policies\system: [NoDispSettingsPage] 0
HKU\Guest Access\...\Policies\system: [NoColorChoice] 0
HKU\Guest Access\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Guest Access\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest Access\...\Policies\system: [DisableChangePassword] 0
HKU\Guest Access\...\Policies\system: [HideLogonScripts] 0
HKU\Guest Access\...\Policies\system: [HideLogoffScripts] 0
HKU\Guest Access\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\Owner\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [ 2011-01-17] ()
HKU\Owner\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-03-21] (Google Inc.)
HKU\Owner\...\Run: [Facebook Update] - C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Owner\...\Run: [Yontoo Desktop] - C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [ 2013-05-17] (Yontoo LLC)
HKU\Owner\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-05-09] ()
HKU\Owner\...\Run: [Spotify] - C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe [ 2013-11-26] (Spotify Ltd)
HKU\Owner\...\Run: [Spotify Web Helper] - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-11-26] (Spotify Ltd)
HKU\Owner\...\Run: [Norton Download Manager{N36021021-SHPD-FSD40014}] - C:\Users\Public\Downloads\Norton\{N36021021-SHPD-FSD40014}\N360Downloader.exe [ 2013-10-02] (Symantec Corporation)
HKU\Owner\...\Run: [5ElDeUzAp.exe] - C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe [ 2013-11-29] (Microsoft Corporation)
HKU\Owner\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe [ 2013-03-12] (Adobe Systems Incorporated)
HKU\Owner\...\Policies\system: [LogonHoursAction] 2
HKU\Owner\...\Policies\system: [NoDispCPL] 0
HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0
HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Owner\...\Policies\system: [NoDispScrSavPage] 0
HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0
HKU\Owner\...\Policies\system: [NoColorChoice] 0
HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Owner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Owner\...\Policies\system: [DisableChangePassword] 0
HKU\Owner\...\Policies\system: [HideLogonScripts] 0
HKU\Owner\...\Policies\system: [HideLogoffScripts] 0
HKU\Owner\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\Owner\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe" <===== ATTENTION!
AppInit_DLLs: C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [ 2013-11-18] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656 2013-03-12] (Adobe Systems Incorporated)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HsfXAudioService; C:\Windows\SysWOW64\XAudio64.dll [436736 2009-07-31] (Conexant Systems, Inc.)
S2 IAANTMON; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840 2009-06-04] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-04] (Microsoft Corporation)
S2 IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
S2 lxci_device; C:\Windows\system32\lxcicoms.exe [566192 2007-02-02] ( )
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-28] (Mozilla Foundation)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-17] (Intel Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
S3 SOHCImp; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [120104 2009-07-27] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [427304 2009-07-27] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [75048 2009-07-27] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [204648 2009-07-01] (Sony Corporation)
S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411496 2009-08-22] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [468264 2009-06-26] (Sony Corporation)
S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [357672 2009-06-26] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
S2 YahooAUService; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)
S2 Yontoo Desktop Updater; C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-17] (Yontoo LLC)
S2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1484800 2009-07-31] (Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-17] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7345632 2009-08-04] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1822112 2009-07-23] (Realtek Semiconductor Corp.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\eng64.sys [126192 2013-02-14] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\ex64.sys [2087664 2013-02-14] (Symantec Corporation)
S3 netw5v64; C:\Windows\System32\DRIVERS\netw5v64.sys [5434368 2009-06-10] (Intel Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55856 2010-07-12] (Sonic Solutions)
S2 rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [86528 2009-07-31] (REDC)
S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [201472 2009-07-24] (Realtek Semiconductor Corp.)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-06-14] (Symantec Corporation)
S3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.)
S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-05] (Symantec Corporation)
S2 XAudio; C:\Windows\System32\DRIVERS\XAudio64.sys [10240 2009-07-31] (Conexant Systems, Inc.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [393216 2009-07-31] (Marvell)
S1 A2DDA; \??\C:\Users\Owner\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]
S0 TfFsMon; No ImagePath
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TFSysMon; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 14:33 - 2013-12-02 14:33 - 00000000 ____D C:\FRST
2013-11-30 02:37 - 2013-11-30 02:36 - 00300544 _____ C:\Users\Owner\AppData\Roaming\ipDHFvOk
2013-11-30 02:37 - 2013-11-30 02:36 - 00300544 _____ C:\Users\Owner\AppData\Local\JRDPBTb2oi8
2013-11-30 02:32 - 2013-11-30 02:32 - 00000000 __SHD C:\found.002
2013-11-30 02:28 - 2013-11-30 02:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-11-30 02:28 - 2013-11-30 02:27 - 00300544 _____ C:\Users\Owner\AppData\Roaming\Joe9WMZj7cR
2013-11-30 02:28 - 2013-11-30 02:27 - 00300544 _____ C:\Users\Owner\AppData\Local\rDPS2G6w
2013-11-29 21:24 - 2013-11-29 21:24 - 00300544 _____ C:\Users\Owner\AppData\Roaming\Y05V0misb3
2013-11-29 21:24 - 2013-11-29 21:24 - 00300544 _____ C:\Users\Owner\AppData\Local\AM40DPXwD
2013-11-29 02:06 - 2013-11-29 02:06 - 00300544 _____ C:\Users\Owner\AppData\Roaming\ZdZpDUng5nf
2013-11-29 02:06 - 2013-11-29 02:06 - 00300544 _____ C:\Users\Owner\AppData\Local\CGKGuBVLIPW
2013-11-29 01:58 - 2013-11-29 01:58 - 00300544 _____ C:\Users\Owner\AppData\Roaming\c9SUWEsx
2013-11-29 01:58 - 2013-11-29 01:58 - 00300544 _____ C:\Users\Owner\AppData\Local\ZoNnOjwG
2013-11-29 01:54 - 2013-11-29 01:54 - 00299520 _____ C:\Users\Owner\AppData\Roaming\khjlrekGTK
2013-11-29 01:54 - 2013-11-29 01:54 - 00299520 _____ C:\Users\Owner\AppData\Local\24f3KAbtzd
2013-11-29 01:53 - 2013-11-30 03:51 - 00000000 ____D C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4
2013-11-26 19:33 - 2013-11-26 19:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome
2013-11-26 19:00 - 2013-11-26 19:00 - 00003288 ____N C:\bootsqm.dat
2013-11-26 18:59 - 2013-11-26 18:59 - 00000000 __SHD C:\found.001
2013-11-23 12:28 - 2013-11-23 12:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2013-11-23 12:24 - 2013-11-23 12:24 - 00000000 _____ C:\END

==================== One Month Modified Files and Folders =======

2013-12-02 14:33 - 2013-12-02 14:33 - 00000000 ____D C:\FRST
2013-12-02 14:33 - 2009-11-12 23:15 - 00000000 ____D C:\users\Owner
2013-11-30 17:38 - 2013-03-20 16:49 - 00013440 _____ C:\Windows\setupact.log
2013-11-30 03:53 - 2013-01-31 16:04 - 00000000 ____D C:\Program Files\iTunes
2013-11-30 03:53 - 2012-06-19 16:18 - 00000000 ____D C:\users\Guest Access
2013-11-30 03:53 - 2012-06-14 02:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-30 03:53 - 2012-01-21 02:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2013-11-30 03:53 - 2011-11-19 16:34 - 00000000 ____D C:\Program Files\Bonjour
2013-11-30 03:53 - 2011-03-09 23:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity
2013-11-30 03:53 - 2011-03-09 21:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FreeAudioPack
2013-11-30 03:53 - 2010-10-27 21:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2013-11-30 03:53 - 2010-10-16 16:14 - 00000000 ____D C:\Program Files\Lx_cats
2013-11-30 03:53 - 2010-10-16 16:13 - 00000000 ____D C:\Program Files\Lexmark 7300 Series
2013-11-30 03:53 - 2010-03-29 15:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Facebook
2013-11-30 03:53 - 2010-01-31 12:26 - 00000000 ____D C:\users\Guest
2013-11-30 03:53 - 2010-01-20 21:39 - 00000000 ____D C:\Users\Owner\Documents\Cucusoft
2013-11-30 03:53 - 2009-11-29 23:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-11-30 03:53 - 2009-09-03 04:25 - 00000000 ____D C:\Program Files\SPHE BD-Live
2013-11-30 03:53 - 2009-09-03 04:01 - 00000000 ___HD C:\SPLASH.SYS
2013-11-30 03:53 - 2009-09-03 03:41 - 00000000 ____D C:\Program Files\PlayReady
2013-11-30 03:53 - 2009-09-03 03:37 - 00000000 ___RD C:\Users\Owner\Desktop\Microsoft Office
2013-11-30 03:53 - 2009-08-18 18:40 - 00000000 ____D C:\Program Files\Apoint
2013-11-30 03:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-30 03:52 - 2013-10-02 21:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-11-30 03:52 - 2011-10-01 17:49 - 00000000 ____D C:\Program Files\DivX
2013-11-30 03:52 - 2009-11-29 17:57 - 00000000 ____D C:\Netgear
2013-11-30 03:52 - 2009-09-03 03:39 - 00000000 ____D C:\Nobu_Icon
2013-11-30 03:52 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2013-11-30 03:51 - 2013-11-29 01:53 - 00000000 ____D C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4
2013-11-30 03:51 - 2013-10-02 21:50 - 00000000 __RSD C:\Users\Owner\Documents\McAfee Vaults
2013-11-30 03:51 - 2013-10-02 21:50 - 00000000 ____D C:\Program Files\McAfee
2013-11-30 03:51 - 2013-09-25 19:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2013-11-30 03:51 - 2013-07-14 01:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\File Scout
2013-11-30 03:51 - 2013-05-20 18:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Delta
2013-11-30 03:51 - 2013-05-20 18:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BabSolution
2013-11-30 03:51 - 2013-05-20 18:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yontoo
2013-11-30 03:51 - 2013-03-27 22:20 - 00000000 ____D C:\Users\Owner\Desktop\EmsisoftEmergencyKit
2013-11-30 03:51 - 2013-03-17 18:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-30 03:51 - 2012-06-27 20:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-11-30 03:51 - 2011-09-10 14:43 - 00000000 ____D C:\Users\Owner\.frostwire5
2013-11-30 03:50 - 2013-10-02 20:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-30 03:50 - 2010-02-18 16:07 - 00000000 ____D C:\Users\Owner\ZipForm
2013-11-30 03:50 - 2009-08-19 13:30 - 00000000 ____D C:\Windows\ShellNew
2013-11-30 03:50 - 2009-08-18 18:13 - 00000000 ____D C:\Windows\InstDrvs
2013-11-30 03:50 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-11-30 03:50 - 2009-07-13 22:20 - 00000000 ___RD C:\users\Public
2013-11-30 03:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-30 03:49 - 2011-12-27 22:35 - 00000000 ____D C:\Windows\System32\SPReview
2013-11-30 03:49 - 2011-12-27 22:34 - 00000000 ____D C:\Windows\System32\EventProviders
2013-11-30 03:49 - 2010-01-30 15:05 - 00000000 ____D C:\Windows\SysWOW64\TVUAx
2013-11-30 03:49 - 2009-09-03 03:53 - 00000000 ____D C:\Windows\{AEC0FEE6-3A76-44E1-97A2-5DA325DFC41C}
2013-11-30 03:49 - 2009-09-03 03:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-11-30 03:49 - 2009-08-18 18:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-11-30 03:49 - 2009-08-18 18:18 - 00000000 ____D C:\Windows\SysWOW64\x64
2013-11-30 03:49 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-11-30 03:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
2013-11-30 02:41 - 2013-10-02 21:51 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-30 02:36 - 2013-11-30 02:37 - 00300544 _____ C:\Users\Owner\AppData\Roaming\ipDHFvOk
2013-11-30 02:36 - 2013-11-30 02:37 - 00300544 _____ C:\Users\Owner\AppData\Local\JRDPBTb2oi8
2013-11-30 02:32 - 2013-11-30 02:32 - 00000000 __SHD C:\found.002
2013-11-30 02:28 - 2013-11-30 02:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-11-30 02:28 - 2011-09-06 20:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-30 02:27 - 2013-11-30 02:28 - 00300544 _____ C:\Users\Owner\AppData\Roaming\Joe9WMZj7cR
2013-11-30 02:27 - 2013-11-30 02:28 - 00300544 _____ C:\Users\Owner\AppData\Local\rDPS2G6w
2013-11-29 21:24 - 2013-11-29 21:24 - 00300544 _____ C:\Users\Owner\AppData\Roaming\Y05V0misb3
2013-11-29 21:24 - 2013-11-29 21:24 - 00300544 _____ C:\Users\Owner\AppData\Local\AM40DPXwD
2013-11-29 02:10 - 2013-03-20 16:48 - 00116916 _____ C:\Windows\PFRO.log
2013-11-29 02:06 - 2013-11-29 02:06 - 00300544 _____ C:\Users\Owner\AppData\Roaming\ZdZpDUng5nf
2013-11-29 02:06 - 2013-11-29 02:06 - 00300544 _____ C:\Users\Owner\AppData\Local\CGKGuBVLIPW
2013-11-29 01:58 - 2013-11-29 01:58 - 00300544 _____ C:\Users\Owner\AppData\Roaming\c9SUWEsx
2013-11-29 01:58 - 2013-11-29 01:58 - 00300544 _____ C:\Users\Owner\AppData\Local\ZoNnOjwG
2013-11-29 01:54 - 2013-11-29 01:54 - 00299520 _____ C:\Users\Owner\AppData\Roaming\khjlrekGTK
2013-11-29 01:54 - 2013-11-29 01:54 - 00299520 _____ C:\Users\Owner\AppData\Local\24f3KAbtzd
2013-11-28 21:54 - 2009-10-15 01:30 - 01771043 _____ C:\Windows\WindowsUpdate.log
2013-11-26 19:41 - 2013-09-25 19:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2013-11-26 19:38 - 2009-07-14 00:13 - 00005348 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-26 19:33 - 2013-11-26 19:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome
2013-11-26 19:33 - 2013-10-02 20:00 - 00001295 _____ C:\Users\Owner\Desktop\Norton Installation Files.lnk
2013-11-26 19:33 - 2013-10-02 20:00 - 00001104 _____ C:\Users\Owner\Desktop\Norton Download Manager.lnk
2013-11-26 19:06 - 2009-11-12 23:16 - 00118312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 19:00 - 2013-11-26 19:00 - 00003288 ____N C:\bootsqm.dat
2013-11-26 18:59 - 2013-11-26 18:59 - 00000000 __SHD C:\found.001
2013-11-24 21:35 - 2009-07-13 23:45 - 00456640 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-23 12:28 - 2013-11-23 12:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2013-11-23 12:24 - 2013-11-23 12:24 - 00000000 _____ C:\END

Files to move or delete:
====================
C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\7065.dll
C:\Users\Owner\AppData\Local\Temp\DivXInstaller.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-03-29 14:06] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2011-05-11 22:41] - [2010-11-20 08:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 18:52] - [2009-07-13 20:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2011-05-11 22:41] - [2010-11-20 08:27] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2011-05-11 22:40] - [2010-11-20 08:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\Drivers\volsnap.sys
[2011-05-11 22:41] - [2010-11-20 08:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

2
Restore point made on: 2013-03-17 18:04:40
Restore point made on: 2013-03-18 05:00:39

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 2910.95 MB
Available physical RAM: 2582.13 MB
Total Pagefile: 2736.59 MB
Available Pagefile: 2671.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.76 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:290.09 GB) (Free:174.1 GB) NTFS
Drive d: () (Fixed) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 7 GB) (Disk ID: 93431CFB)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2EB41AF)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)


LastRegBack: 2013-03-11 02:36

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
That's good, now we're making some progress

On your clean PC, download the following file by right-clicking it and select save as

[attachment=6432]

and save it onto your flash drive.

Then, boot to system recovery/OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
 

Attachments

  • fixlist.txt
    2.4 KB · Views: 84
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
Here are the results of the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013
Ran by SYSTEM at 2013-12-03 05:47:54 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Owner\...\Run: [Yontoo Desktop] - C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [ 2013-05-17] (Yontoo LLC)
C:\Users\Owner\AppData\Roaming\Yontoo
HKU\Owner\...\Run: [5ElDeUzAp.exe] - C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe [ 2013-11-29] (Microsoft Corporation)
C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4
HKU\Owner\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe" <===== ATTENTION!
AppInit_DLLs: C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll [ 2013-11-18] ()
C:\ProgramData\BitGuard
S2 Yontoo Desktop Updater; C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-17] (Yontoo LLC)
S2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
2013-11-30 02:37 - 2013-11-30 02:36 - 00300544 _____ C:\Users\Owner\AppData\Roaming\ipDHFvOk
2013-11-30 02:37 - 2013-11-30 02:36 - 00300544 _____ C:\Users\Owner\AppData\Local\JRDPBTb2oi8
2013-11-30 02:28 - 2013-11-30 02:27 - 00300544 _____ C:\Users\Owner\AppData\Roaming\Joe9WMZj7cR
2013-11-30 02:28 - 2013-11-30 02:27 - 00300544 _____ C:\Users\Owner\AppData\Local\rDPS2G6w
2013-11-29 21:24 - 2013-11-29 21:24 - 00300544 _____ C:\Users\Owner\AppData\Roaming\Y05V0misb3
2013-11-29 21:24 - 2013-11-29 21:24 - 00300544 _____ C:\Users\Owner\AppData\Local\AM40DPXwD
2013-11-29 02:06 - 2013-11-29 02:06 - 00300544 _____ C:\Users\Owner\AppData\Roaming\ZdZpDUng5nf
2013-11-29 02:06 - 2013-11-29 02:06 - 00300544 _____ C:\Users\Owner\AppData\Local\CGKGuBVLIPW
2013-11-29 01:58 - 2013-11-29 01:58 - 00300544 _____ C:\Users\Owner\AppData\Roaming\c9SUWEsx
2013-11-29 01:58 - 2013-11-29 01:58 - 00300544 _____ C:\Users\Owner\AppData\Local\ZoNnOjwG
2013-11-29 01:54 - 2013-11-29 01:54 - 00299520 _____ C:\Users\Owner\AppData\Roaming\khjlrekGTK
2013-11-29 01:54 - 2013-11-29 01:54 - 00299520 _____ C:\Users\Owner\AppData\Local\24f3KAbtzd
2013-11-29 01:53 - 2013-11-30 03:51 - 00000000 ____D C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4
2013-11-30 03:51 - 2013-05-20 18:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Delta
2013-11-30 03:51 - 2013-05-20 18:06 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BabSolution
2013-11-30 03:51 - 2013-05-20 18:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yontoo
C:\Users\Owner\AppData\Local\Temp

*****************

HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\Yontoo => Moved successfully.
HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\5ElDeUzAp.exe => Value deleted successfully.
C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4 => Moved successfully.
HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Owner\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\ProgramData\BitGuard => Moved successfully.
Yontoo Desktop Updater => Service deleted successfully.
BitGuard => Service deleted successfully.
C:\Users\Owner\AppData\Roaming\ipDHFvOk => Moved successfully.
C:\Users\Owner\AppData\Local\JRDPBTb2oi8 => Moved successfully.
C:\Users\Owner\AppData\Roaming\Joe9WMZj7cR => Moved successfully.
C:\Users\Owner\AppData\Local\rDPS2G6w => Moved successfully.
C:\Users\Owner\AppData\Roaming\Y05V0misb3 => Moved successfully.
C:\Users\Owner\AppData\Local\AM40DPXwD => Moved successfully.
C:\Users\Owner\AppData\Roaming\ZdZpDUng5nf => Moved successfully.
C:\Users\Owner\AppData\Local\CGKGuBVLIPW => Moved successfully.
C:\Users\Owner\AppData\Roaming\c9SUWEsx => Moved successfully.
C:\Users\Owner\AppData\Local\ZoNnOjwG => Moved successfully.
C:\Users\Owner\AppData\Roaming\khjlrekGTK => Moved successfully.
C:\Users\Owner\AppData\Local\24f3KAbtzd => Moved successfully.
"C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\Delta => Moved successfully.
C:\Users\Owner\AppData\Roaming\BabSolution => Moved successfully.
"C:\Users\Owner\AppData\Roaming\Yontoo" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====
 
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
I tried rebooting and I can log into safe mode just fine now. But when I do a normal reboot and get to my desktop, it seems I can't really open anything up. The only thing that will open is Libraries, My Computer, or Recycle Bin. But no other program, pictures, documents, etc. When I try to open up a picture or document it sometimes displays "Server Execution Failed." And it is running very slow. What should be my next steps?

Thank you for helping me!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Go to C:\FRST, archive folder named Quarantine and upload it here

http://zippyshare.com/

Copy download link here.


Then, try to run FRST from normal mode, and attach fresh report.
 
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
Ok, so I have no idea how this happened. But I saw your message so I did a reboot on my computer in "Safe Mode with Networking" again, and when it boots the Mandiant MoneyPak Virus is back again. I didn't search the web or anything like that and don't know how it got back when it was just in sleep mode. Do I need to redo all the steps we already have done previously over again?

Thank you for your patience and help!
 
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
I went back and did another FRST scan just in case you needed them and here are the results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by SYSTEM on REATOGO on 03-12-2013 09:22:28
Running from D:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [lxcimon.exe] - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe [205744 2007-05-11] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.)
HKLM\...\Run: [LXCICATS] - rundll32 \3\LXCItime.dll,RunDLLEntry
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [ 2012-10-25] (Apple Inc.)
HKU\Guest\...\Policies\system: [NoDispCPL] 0
HKU\Guest\...\Policies\system: [NoDispAppearancePage] 0
HKU\Guest\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Guest\...\Policies\system: [NoDispScrSavPage] 0
HKU\Guest\...\Policies\system: [NoDispSettingsPage] 0
HKU\Guest\...\Policies\system: [NoColorChoice] 0
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Guest\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest\...\Policies\system: [DisableChangePassword] 0
HKU\Guest\...\Policies\system: [HideLogonScripts] 0
HKU\Guest\...\Policies\system: [HideLogoffScripts] 0
HKU\Guest\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\Guest Access\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [ 2012-10-25] (Apple Inc.)
HKU\Guest Access\...\Policies\system: [LogonHoursAction] 2
HKU\Guest Access\...\Policies\system: [NoDispCPL] 0
HKU\Guest Access\...\Policies\system: [NoDispAppearancePage] 0
HKU\Guest Access\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Guest Access\...\Policies\system: [NoDispScrSavPage] 0
HKU\Guest Access\...\Policies\system: [NoDispSettingsPage] 0
HKU\Guest Access\...\Policies\system: [NoColorChoice] 0
HKU\Guest Access\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Guest Access\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest Access\...\Policies\system: [DisableChangePassword] 0
HKU\Guest Access\...\Policies\system: [HideLogonScripts] 0
HKU\Guest Access\...\Policies\system: [HideLogoffScripts] 0
HKU\Guest Access\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\Owner\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [ 2011-01-17] ()
HKU\Owner\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-03-21] (Google Inc.)
HKU\Owner\...\Run: [Facebook Update] - C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)
HKU\Owner\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-05-09] ()
HKU\Owner\...\Run: [Spotify] - C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe [ 2013-11-26] (Spotify Ltd)
HKU\Owner\...\Run: [Spotify Web Helper] - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-11-26] (Spotify Ltd)
HKU\Owner\...\Run: [9br2OEaskS.exe] - C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe [ 2013-12-03] (Microsoft Corporation)
HKU\Owner\...\Policies\system: [LogonHoursAction] 2
HKU\Owner\...\Policies\system: [NoDispCPL] 0
HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0
HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Owner\...\Policies\system: [NoDispScrSavPage] 0
HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0
HKU\Owner\...\Policies\system: [NoColorChoice] 0
HKU\Owner\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Owner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Owner\...\Policies\system: [DisableChangePassword] 0
HKU\Owner\...\Policies\system: [HideLogonScripts] 0
HKU\Owner\...\Policies\system: [HideLogoffScripts] 0
HKU\Owner\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\Owner\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe" <===== ATTENTION!
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656 2013-03-12] (Adobe Systems Incorporated)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HsfXAudioService; C:\Windows\SysWOW64\XAudio64.dll [436736 2009-07-31] (Conexant Systems, Inc.)
S2 IAANTMON; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840 2009-06-04] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-04] (Microsoft Corporation)
S2 IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [112152 2007-01-04] (InterVideo)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
S2 lxci_device; C:\Windows\system32\lxcicoms.exe [566192 2007-02-02] ( )
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-28] (Mozilla Foundation)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-17] (Intel Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
S3 SOHCImp; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [120104 2009-07-27] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [427304 2009-07-27] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [75048 2009-07-27] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [204648 2009-07-01] (Sony Corporation)
S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411496 2009-08-22] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [468264 2009-06-26] (Sony Corporation)
S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [357672 2009-06-26] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
S2 YahooAUService; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1484800 2009-07-31] (Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-17] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7345632 2009-08-04] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1822112 2009-07-23] (Realtek Semiconductor Corp.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\eng64.sys [126192 2013-02-14] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\ex64.sys [2087664 2013-02-14] (Symantec Corporation)
S3 netw5v64; C:\Windows\System32\DRIVERS\netw5v64.sys [5434368 2009-06-10] (Intel Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55856 2010-07-12] (Sonic Solutions)
S2 rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [86528 2009-07-31] (REDC)
S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [201472 2009-07-24] (Realtek Semiconductor Corp.)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-06-14] (Symantec Corporation)
S3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.)
S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-05] (Symantec Corporation)
S2 XAudio; C:\Windows\System32\DRIVERS\XAudio64.sys [10240 2009-07-31] (Conexant Systems, Inc.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [393216 2009-07-31] (Marvell)
S1 A2DDA; \??\C:\Users\Owner\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]
S0 TfFsMon; No ImagePath
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TFSysMon; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 12:04 - 2013-12-03 12:04 - 00300544 _____ C:\Users\Owner\AppData\Roaming\33YnEV6Lo
2013-12-03 12:04 - 2013-12-03 12:04 - 00300544 _____ C:\Users\Owner\AppData\Local\3O9tVd0mTVu
2013-12-03 09:00 - 2013-12-03 12:03 - 00000000 ____D C:\Users\Owner\AppData\Local\0hgc3i53s8G
2013-12-02 18:14 - 2013-12-02 18:14 - 00300544 _____ C:\Users\Owner\AppData\Roaming\8Za4XmB3
2013-12-02 18:14 - 2013-12-02 18:14 - 00300544 _____ C:\Users\Owner\AppData\Local\dyhC1Xsc
2013-12-02 14:33 - 2013-12-02 14:33 - 00000000 ____D C:\FRST
2013-11-30 02:32 - 2013-11-30 02:32 - 00000000 __SHD C:\found.002
2013-11-30 02:28 - 2013-11-30 02:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-11-26 19:33 - 2013-11-26 19:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome
2013-11-26 19:00 - 2013-11-26 19:00 - 00003288 ____N C:\bootsqm.dat
2013-11-26 18:59 - 2013-11-26 18:59 - 00000000 __SHD C:\found.001
2013-11-23 12:28 - 2013-11-23 12:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2013-11-23 12:24 - 2013-11-23 12:24 - 00000000 _____ C:\END

==================== One Month Modified Files and Folders =======

2013-12-03 12:06 - 2013-10-02 21:50 - 00000000 __RSD C:\Users\Owner\Documents\McAfee Vaults
2013-12-03 12:05 - 2009-07-14 00:13 - 00005348 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-03 12:04 - 2013-12-03 12:04 - 00300544 _____ C:\Users\Owner\AppData\Roaming\33YnEV6Lo
2013-12-03 12:04 - 2013-12-03 12:04 - 00300544 _____ C:\Users\Owner\AppData\Local\3O9tVd0mTVu
2013-12-03 12:03 - 2013-12-03 09:00 - 00000000 ____D C:\Users\Owner\AppData\Local\0hgc3i53s8G
2013-12-03 12:03 - 2013-03-20 16:49 - 00013664 _____ C:\Windows\setupact.log
2013-12-03 09:04 - 2013-09-25 19:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2013-12-02 18:14 - 2013-12-02 18:14 - 00300544 _____ C:\Users\Owner\AppData\Roaming\8Za4XmB3
2013-12-02 18:14 - 2013-12-02 18:14 - 00300544 _____ C:\Users\Owner\AppData\Local\dyhC1Xsc
2013-12-02 14:33 - 2013-12-02 14:33 - 00000000 ____D C:\FRST
2013-12-02 14:33 - 2012-06-19 16:18 - 00000000 ____D C:\users\Guest Access
2013-12-02 14:33 - 2010-01-31 12:26 - 00000000 ____D C:\users\Guest
2013-12-02 14:33 - 2009-11-12 23:15 - 00000000 ____D C:\users\Owner
2013-11-30 03:53 - 2013-01-31 16:04 - 00000000 ____D C:\Program Files\iTunes
2013-11-30 03:53 - 2012-06-14 02:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-30 03:53 - 2012-01-21 02:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2013-11-30 03:53 - 2011-11-19 16:34 - 00000000 ____D C:\Program Files\Bonjour
2013-11-30 03:53 - 2011-03-09 23:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity
2013-11-30 03:53 - 2011-03-09 21:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FreeAudioPack
2013-11-30 03:53 - 2010-10-27 21:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2013-11-30 03:53 - 2010-10-16 16:14 - 00000000 ____D C:\Program Files\Lx_cats
2013-11-30 03:53 - 2010-10-16 16:13 - 00000000 ____D C:\Program Files\Lexmark 7300 Series
2013-11-30 03:53 - 2010-03-29 15:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Facebook
2013-11-30 03:53 - 2010-01-20 21:39 - 00000000 ____D C:\Users\Owner\Documents\Cucusoft
2013-11-30 03:53 - 2009-11-29 23:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-11-30 03:53 - 2009-09-03 04:25 - 00000000 ____D C:\Program Files\SPHE BD-Live
2013-11-30 03:53 - 2009-09-03 04:01 - 00000000 ___HD C:\SPLASH.SYS
2013-11-30 03:53 - 2009-09-03 03:41 - 00000000 ____D C:\Program Files\PlayReady
2013-11-30 03:53 - 2009-09-03 03:37 - 00000000 ___RD C:\Users\Owner\Desktop\Microsoft Office
2013-11-30 03:53 - 2009-08-18 18:40 - 00000000 ____D C:\Program Files\Apoint
2013-11-30 03:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-30 03:52 - 2013-10-02 21:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-11-30 03:52 - 2011-10-01 17:49 - 00000000 ____D C:\Program Files\DivX
2013-11-30 03:52 - 2009-11-29 17:57 - 00000000 ____D C:\Netgear
2013-11-30 03:52 - 2009-09-03 03:39 - 00000000 ____D C:\Nobu_Icon
2013-11-30 03:52 - 2009-07-13 22:20 - 00000000 ___RD C:\Program Files (x86)
2013-11-30 03:51 - 2013-10-02 21:50 - 00000000 ____D C:\Program Files\McAfee
2013-11-30 03:51 - 2013-07-14 01:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\File Scout
2013-11-30 03:51 - 2013-03-27 22:20 - 00000000 ____D C:\Users\Owner\Desktop\EmsisoftEmergencyKit
2013-11-30 03:51 - 2013-03-17 18:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-30 03:51 - 2012-06-27 20:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-11-30 03:51 - 2011-09-10 14:43 - 00000000 ____D C:\Users\Owner\.frostwire5
2013-11-30 03:50 - 2013-10-02 20:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-30 03:50 - 2010-02-18 16:07 - 00000000 ____D C:\Users\Owner\ZipForm
2013-11-30 03:50 - 2009-08-19 13:30 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-30 03:50 - 2009-08-19 13:30 - 00000000 ____D C:\Windows\ShellNew
2013-11-30 03:50 - 2009-08-18 18:13 - 00000000 ____D C:\Windows\InstDrvs
2013-11-30 03:50 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-11-30 03:50 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-30 03:50 - 2009-07-13 22:20 - 00000000 ___RD C:\users\Public
2013-11-30 03:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-30 03:49 - 2011-12-27 22:35 - 00000000 ____D C:\Windows\System32\SPReview
2013-11-30 03:49 - 2011-12-27 22:34 - 00000000 ____D C:\Windows\System32\EventProviders
2013-11-30 03:49 - 2010-01-30 15:05 - 00000000 ____D C:\Windows\SysWOW64\TVUAx
2013-11-30 03:49 - 2009-09-03 03:53 - 00000000 ____D C:\Windows\{AEC0FEE6-3A76-44E1-97A2-5DA325DFC41C}
2013-11-30 03:49 - 2009-09-03 03:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-11-30 03:49 - 2009-08-18 18:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-11-30 03:49 - 2009-08-18 18:18 - 00000000 ____D C:\Windows\SysWOW64\x64
2013-11-30 03:49 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-11-30 03:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
2013-11-30 03:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system
2013-11-30 02:41 - 2013-10-02 21:51 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-30 02:32 - 2013-11-30 02:32 - 00000000 __SHD C:\found.002
2013-11-30 02:28 - 2013-11-30 02:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-11-30 02:28 - 2011-09-06 20:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-29 02:10 - 2013-03-20 16:48 - 00116916 _____ C:\Windows\PFRO.log
2013-11-28 21:54 - 2009-10-15 01:30 - 01771043 _____ C:\Windows\WindowsUpdate.log
2013-11-26 19:41 - 2013-09-25 19:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2013-11-26 19:33 - 2013-11-26 19:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome
2013-11-26 19:33 - 2013-10-02 20:00 - 00001295 _____ C:\Users\Owner\Desktop\Norton Installation Files.lnk
2013-11-26 19:06 - 2009-11-12 23:16 - 00118312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 19:00 - 2013-11-26 19:00 - 00003288 ____N C:\bootsqm.dat
2013-11-26 18:59 - 2013-11-26 18:59 - 00000000 __SHD C:\found.001
2013-11-24 21:35 - 2009-07-13 23:45 - 00456640 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-23 12:28 - 2013-11-23 12:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2013-11-23 12:24 - 2013-11-23 12:24 - 00000000 _____ C:\END

Files to move or delete:
====================
C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-03-29 14:06] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2011-05-11 22:41] - [2010-11-20 08:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 18:52] - [2009-07-13 20:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2011-05-11 22:41] - [2010-11-20 08:27] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2011-05-11 22:40] - [2010-11-20 08:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\Drivers\volsnap.sys
[2011-05-11 22:41] - [2010-11-20 08:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

2
Restore point made on: 2013-03-17 18:04:40
Restore point made on: 2013-03-18 05:00:39

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 2910.95 MB
Available physical RAM: 2581.96 MB
Total Pagefile: 2736.59 MB
Available Pagefile: 2670.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.01 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:290.09 GB) (Free:174.25 GB) NTFS
Drive d: () (Fixed) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 7 GB) (Disk ID: 93431CFB)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2EB41AF)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)


LastRegBack: 2013-03-11 02:36

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
On your clean PC, download the following file by right-clicking it and select save as

[attachment=6438]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
 

Attachments

  • fixlist.txt
    932 bytes · Views: 78
D

dsgreen87

New Member
Thread author
Verified
Nov 30, 2013
17
OK, the results of the fix are posted below.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2013
Ran by SYSTEM at 2013-12-03 15:44:45 Run:2
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Owner\...\Run: [9br2OEaskS.exe] - C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe [ 2013-12-03] (Microsoft Corporation)
C:\Users\Owner\AppData\Local\0hgc3i53s8G
HKU\Owner\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe" <===== ATTENTION!
2013-12-03 12:04 - 2013-12-03 12:04 - 00300544 _____ C:\Users\Owner\AppData\Roaming\33YnEV6Lo
2013-12-03 12:04 - 2013-12-03 12:04 - 00300544 _____ C:\Users\Owner\AppData\Local\3O9tVd0mTVu
2013-12-03 09:00 - 2013-12-03 12:03 - 00000000 ____D C:\Users\Owner\AppData\Local\0hgc3i53s8G
2013-12-02 18:14 - 2013-12-02 18:14 - 00300544 _____ C:\Users\Owner\AppData\Roaming\8Za4XmB3
2013-12-02 18:14 - 2013-12-02 18:14 - 00300544 _____ C:\Users\Owner\AppData\Local\dyhC1Xsc
C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe
cmd: ipconfig /flushdns
*****************

HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\9br2OEaskS.exe => Value deleted successfully.
C:\Users\Owner\AppData\Local\0hgc3i53s8G => Moved successfully.
HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Owner\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\33YnEV6Lo => Moved successfully.
C:\Users\Owner\AppData\Local\3O9tVd0mTVu => Moved successfully.
"C:\Users\Owner\AppData\Local\0hgc3i53s8G" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\8Za4XmB3 => Moved successfully.
C:\Users\Owner\AppData\Local\dyhC1Xsc => Moved successfully.
"C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe" => File/Directory not found.

========= ipconfig /flushdns =========



Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========= End of CMD: =========


==== End of Fixlog ====
 

Similar threads

D
  • Locked
Need Help Removing Malware Chrome Extension "QuantumNeonious" which is unremovable
Replies
1
Views
386
Windows Malware Removal Help & Support
nasdaq
nasdaq
ihaveavirus
  • Locked
help with remove virus extension on chorme
Replies
1
Views
371
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
Similar problem to prinzarthur my NebulaFractica extension wont go away
Replies
4
Views
569
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top