Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: remove fbi "system failure" virus help

31 May 2013   #1
drmax

W7 premium 64
 
 
remove fbi "system failure" virus help

Yep, I got that nasty virus on my main windows 7 machine. I am finally (somehow) able to boot into windows normally, but I know it's still infected, or so they say from reading. I cannot for the life of me, hit F8 and get into the safemode area. I even made a boot stick with hitman pro on it, and when I go to boot machine, and usb is first in line, it still just boots into windows normally, like the stick isn't even there. MBAR finds nothing. Unsure what to do at this point. Help please. DM


My System SpecsSystem Spec
.
31 May 2013   #2
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

drmax

Download HitManPro on a clean PC

32-Bit Version OS download

64-Bit Version OS download

Save to a USB Flash Drive then plug the USB Flash Drive to the issue PC and drag the file from the USB Flash Drive to the Desktop

Right click on HitmanPro.exe and choose Run as administrator

When HitmanPro opens up click on the Next button

Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

Let it scan the PC once its done Click Next

Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next
My System SpecsSystem Spec
31 May 2013   #3
drmax

W7 premium 64
 
 

I had did all this before, minus the activation portion, it found a trojan agent in skype and that was it. I "thought" this had to be accomplished in safe mode (which incidently I can not get into F8) in order to get around the virus, in order for hitman to work. I'll give what you said to do, another go and post back.
DM

update...10 threats detected...no threats found. bty, trial license had expired so wasn't able to do squat with it anyways.
My System SpecsSystem Spec
.

31 May 2013   #4
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

warning   Warning

You will need a USB FLASH DRIVE


Tip   Tip
Download the Tool from a non infected PC


Download Farbar Recovery Scan Tool

32-bit OS Version http://download.bleepingcomputer.com/farbar/FRST.exe
64-Bit OS Version http://download.bleepingcomputer.com/farbar/FRST64.exe



Note   Note
Click the button and right-click Computer .Select Properties .Look for System Type: which will say 32-bit Operating System or 64-bit Operating System


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair Your Computer .
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note   Note
Replace letter e with the drive letter of your flash drive.

Tip   Tip
Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code:
Diskpart
List volume
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)
My System SpecsSystem Spec
31 May 2013   #5
drmax

W7 premium 64
 
 
only one file was saved

frst.txt is only one I found on my stick drive after completing scan. Here it is...
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
Ran by SYSTEM on 31-05-2013 18:44:27
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKU\greg\...\Run: [cdloader] "C:\Users\greg\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
HKU\greg\...\Run: [Google Update] "C:\Users\greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-12] (Google Inc.)
Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magicBlock.lnk
ShortcutTarget: magicBlock.lnk -> C:\Program Files (x86)\magicBlock\magicBlock.exe (vvisoft)
==================== Services (Whitelisted) =================
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-17] (SUPERAntiSpyware.com)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-07] (Advanced Micro Devices, Inc.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-01-25] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2011-09-14] (Check Point Software Technologies)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-05-31 12:00 - 2013-05-31 12:00 - 00000000 ____D C:\ProgramData\Real
2013-05-31 11:54 - 2013-05-31 11:54 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-05-31 10:32 - 2013-05-31 15:30 - 00000000 ____D C:\Users\greg\AppData\Roaming\wabEventSupport16
2013-05-25 02:08 - 2013-05-25 02:08 - 00000000 ____D C:\Users\greg\AppData\Local\{E0D81C4C-D8FF-428A-B288-482F1A5BD2F7}
2013-05-18 07:46 - 2013-05-18 07:46 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-05-17 14:46 - 2013-05-17 14:46 - 00001026 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-15 15:45 - 2013-05-16 03:46 - 00000000 ____D C:\Users\greg\AppData\Local\{0F908B16-E76B-4F2F-97E4-FBFEADC77592}
2013-05-15 03:45 - 2013-05-15 03:45 - 00000000 ____D C:\Users\greg\AppData\Local\{AD657C3E-97A0-430D-8AB9-5D7BC97DF0B8}
2013-05-14 23:02 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-14 23:02 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-14 23:02 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-14 23:02 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-14 23:01 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-14 23:01 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-14 23:01 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-14 23:01 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-14 23:01 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-14 23:01 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 23:01 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-14 23:01 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-14 23:01 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-14 23:01 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-14 23:01 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-14 23:01 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-14 23:01 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 23:01 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 23:01 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-14 23:01 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-14 23:01 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-14 23:01 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-14 23:01 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-14 23:01 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 23:01 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-14 23:01 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-14 23:01 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-14 23:01 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-14 23:01 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-14 23:01 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-14 23:01 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 23:01 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 20:51 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 20:51 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 20:51 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 20:50 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 20:50 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 20:50 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 20:50 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 20:50 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 20:50 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 20:50 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 20:50 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 20:50 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 20:50 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 20:50 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-08 03:43 - 2013-05-14 15:45 - 00000000 ____D C:\Users\greg\AppData\Local\{D0220E66-664B-45E1-A216-494DE91AC6ED}
2013-05-06 03:42 - 2013-05-07 15:43 - 00000000 ____D C:\Users\greg\AppData\Local\{72B5B071-79BB-4F55-89AB-8989A5ACCD0B}
2013-05-01 11:24 - 2013-05-01 11:24 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
==================== One Month Modified Files and Folders =======
2013-05-31 15:30 - 2013-05-31 10:32 - 00000000 ____D C:\Users\greg\AppData\Roaming\wabEventSupport16
2013-05-31 15:30 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-31 14:37 - 2013-01-25 17:31 - 00005528 ____A C:\Windows\setupact.log
2013-05-31 14:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-31 14:30 - 2011-09-04 10:30 - 01172971 ____A C:\Windows\WindowsUpdate.log
2013-05-31 14:30 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-31 14:30 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-31 14:26 - 2011-09-12 04:42 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872747093-637173786-3556813959-1000UA.job
2013-05-31 14:21 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 14:18 - 2011-11-03 12:12 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-05-31 14:16 - 2011-09-06 11:20 - 00000950 ____A C:\Users\greg\Desktop\magicJack.lnk
2013-05-31 14:16 - 2011-09-06 11:15 - 00000000 ____D C:\Users\greg\AppData\Roaming\mjusbsp
2013-05-31 14:15 - 2011-09-04 07:42 - 00000000 ____D C:\users\greg
2013-05-31 14:13 - 2013-03-18 07:44 - 00000000 ____D C:\ProgramData\Licenses
2013-05-31 14:13 - 2013-02-02 05:32 - 00000000 ____D C:\Users\greg\Desktop\mbar
2013-05-31 14:13 - 2013-02-01 16:13 - 00000000 ____D C:\Users\greg\AppData\Roaming\vlc
2013-05-31 14:13 - 2012-04-26 12:59 - 00000000 __RHD C:\MSOCache
2013-05-31 14:13 - 2011-10-06 10:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-31 14:13 - 2011-09-25 04:40 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-31 14:13 - 2011-09-04 11:35 - 00000000 ____D C:\Users\greg\AppData\Roaming\uTorrent
2013-05-31 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-31 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-31 12:00 - 2013-05-31 12:00 - 00000000 ____D C:\ProgramData\Real
2013-05-31 11:54 - 2013-05-31 11:54 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-05-26 14:44 - 2013-03-05 06:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 14:00 - 2012-05-31 13:37 - 00000464 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-05-25 15:26 - 2011-09-12 04:42 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872747093-637173786-3556813959-1000Core.job
2013-05-25 09:01 - 2011-10-28 16:28 - 00000000 ____D C:\Users\greg\AppData\Roaming\Skype
2013-05-25 02:10 - 2011-10-28 16:27 - 00000000 ____D C:\ProgramData\Skype
2013-05-25 02:10 - 2011-10-08 02:05 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-05-25 02:08 - 2013-05-25 02:08 - 00000000 ____D C:\Users\greg\AppData\Local\{E0D81C4C-D8FF-428A-B288-482F1A5BD2F7}
2013-05-25 02:07 - 2011-10-07 17:33 - 00000000 ____D C:\Users\greg\Tracing
2013-05-19 14:13 - 2013-04-15 10:32 - 00000000 ____D C:\Users\greg\Desktop\landscape 2013
2013-05-18 07:46 - 2013-05-18 07:46 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-05-17 14:46 - 2013-05-17 14:46 - 00001026 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-16 03:52 - 2011-11-20 13:58 - 00000000 ____D C:\Users\greg\AppData\Roaming\Windows Live Writer
2013-05-16 03:46 - 2013-05-15 15:45 - 00000000 ____D C:\Users\greg\AppData\Local\{0F908B16-E76B-4F2F-97E4-FBFEADC77592}
2013-05-15 03:45 - 2013-05-15 03:45 - 00000000 ____D C:\Users\greg\AppData\Local\{AD657C3E-97A0-430D-8AB9-5D7BC97DF0B8}
2013-05-15 03:02 - 2013-01-23 05:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 03:02 - 2013-01-23 05:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 00:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-14 23:27 - 2009-07-13 20:45 - 00417416 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 23:08 - 2012-04-26 13:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-14 23:07 - 2011-09-04 11:42 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 15:45 - 2013-05-08 03:43 - 00000000 ____D C:\Users\greg\AppData\Local\{D0220E66-664B-45E1-A216-494DE91AC6ED}
2013-05-09 21:27 - 2012-05-18 13:07 - 00000000 ____D C:\Users\greg\AppData\Roaming\Mozilla
2013-05-07 15:43 - 2013-05-06 03:42 - 00000000 ____D C:\Users\greg\AppData\Local\{72B5B071-79BB-4F55-89AB-8989A5ACCD0B}
2013-05-07 05:00 - 2012-12-07 17:31 - 00001122 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-05-06 03:03 - 2011-09-07 13:44 - 00000000 ____D C:\Users\greg\AppData\Roaming\TeamViewer
2013-05-06 03:01 - 2011-09-04 11:36 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-05-05 15:42 - 2013-04-24 03:37 - 00000000 ____D C:\Users\greg\AppData\Local\{8ECE596D-36F1-463A-A781-18AC9DA117D1}
2013-05-05 13:36 - 2013-05-14 23:02 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 13:16 - 2013-05-14 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 11:25 - 2013-05-14 23:02 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 11:12 - 2013-05-14 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-02 07:29 - 2011-09-04 08:35 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 11:24 - 2013-05-01 11:24 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
2013-05-01 11:24 - 2011-10-04 08:42 - 00000000 ____D C:\Users\greg\AppData\Roaming\Foxit Software
Other Malware:
===========
C:\Users\greg\GoToAssistDownloadHelper.exe
==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-14 23:00:29
Restore point made on: 2013-05-18 10:49:48
Restore point made on: 2013-05-19 15:00:33
Restore point made on: 2013-05-21 15:52:11
Restore point made on: 2013-05-25 16:29:49
Restore point made on: 2013-05-26 15:00:27
Restore point made on: 2013-05-29 02:17:47
Restore point made on: 2013-05-31 11:47:04
Restore point made on: 2013-05-31 12:02:31
Restore point made on: 2013-05-31 12:52:29
Restore point made on: 2013-05-31 14:12:01
Restore point made on: 2013-05-31 14:26:41
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 7656.27 MB
Available physical RAM: 6872.99 MB
Total Pagefile: 7654.42 MB
Available Pagefile: 6848.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.83 GB) (Free:58.36 GB) NTFS (Disk=0 Partition=3)
Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1225.8 GB) NTFS (Disk=1 Partition=1)
Drive f: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:29.8 GB) (Free:29.79 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 00000000)
Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BC57A278)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

Last Boot: 2013-05-23 20:39
==================== End Of Log ============================
My System SpecsSystem Spec
31 May 2013   #6
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Looks good to me on the FRST log .

Lets run AdwCleaner


Click here AdwCleaner

Click on Download Now button

Save to the Desktop

Right-click on AdwCleaner.exe and choose Run as administrator

Click the Delete button

Upload the AdwCleaner[Sn].txt in your reply.

Note   Note
The log file is at C:\AdwCleaner[Sn].txt
My System SpecsSystem Spec
31 May 2013   #7
drmax

W7 premium 64
 
 

Will do, but so you know...I am unable to get into safe mode...and I am not able to have my thumb drive recognized in boot sequence. It's listed...but when I hit enter...it goes into a windows startup. Tried to diff. model drives. Standy by on the other...
My System SpecsSystem Spec
31 May 2013   #8
drmax

W7 premium 64
 
 

# AdwCleaner v2.301 - Logfile created 05/31/2013 at 19:13:20
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : greg - GREG-PC
# Boot Mode : Normal
# Running from : C:\Users\greg\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\greg\AppData\Local\Conduit
Folder Deleted : C:\Users\greg\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\greg\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\greg\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\greg\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\greg\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\greg\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\greg\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [14549 octets] - [31/05/2013 19:13:20]
########## EOF - C:\AdwCleaner[S1].txt - [14610 octets] ##########
My System SpecsSystem Spec
31 May 2013   #9
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Download ASWMBR

Download aswMBR to your Desktop

Right click on aswMBR.exe choose Run as administrator to run it

Click on the Scan button

On completion of the scan click Save log button , save it to your desktop and post in your next reply
My System SpecsSystem Spec
31 May 2013   #10
drmax

W7 premium 64
 
 

swMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-31 20:06:08
-----------------------------
20:06:08.446 OS Version: Windows x64 6.1.7601 Service Pack 1
20:06:08.446 Number of processors: 4 586 0x100
20:06:08.446 ComputerName: GREG-PC UserName: greg
20:06:08.513 Initialze error 1
20:06:35.573 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:06:35.577 Disk 0 Vendor: ST3160812AS 3.AAE Size: 152627MB BusType: 3
20:06:35.583 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
20:06:35.588 Disk 1 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
20:06:35.604 Disk 0 MBR read successfully
20:06:35.611 Disk 0 MBR scan
20:06:35.617 Disk 0 Windows 7 default MBR code
20:06:35.624 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
20:06:35.632 Disk 0 scanning C:\Windows\system32\drivers
20:06:35.640 Service scanning
20:06:36.280 Modules scanning
20:06:36.290 Disk 0 trace - called modules:
20:06:36.301 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:06:36.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077f1060]
20:06:36.319 3 CLASSPNP.SYS[fffff880018aa43f] -> nt!IofCallDriver -> [0xfffffa80073c7520]
20:06:36.327 5 ACPI.sys[fffff88000f997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80073bf060]
20:06:36.335 Scan finished successfully
20:06:53.096 Disk 0 MBR has been saved successfully to "C:\Users\greg\Desktop\MBR.dat"
20:06:53.103 The log file has been saved successfully to "C:\Users\greg\Desktop\aswMBR.txt"
My System SpecsSystem Spec
Reply

 remove fbi "system failure" virus help




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Taking out IDE harddrive error "Disc boot failure, insert system..."
Hello im unsure where to place this thread. " Disc boot failure, insert system disc and press enter " Is the error i get after i took out an IDE 80GB HDD. The primary boot drive is a OCZ vertex 2 120GB. Somehow my pc will not boot unless the 80GB HDD is in. Im unsure how they are related so...
General Discussion
System Image Restore Failure, "Windows not genuine", help please!
Okay so I've just did a system image restore onto a brand new hard drive that i've purchased. My intentions were to basically transfer everything from my old HD to the new one. I had saved the System Image on an external HD. I disconnected my old HD before starting up the system image recovery...
Backup and Restore
Control Panel - Add or Remove "System Configuration" (msconfig)
How to Add or Remove "System Configuration" (msconfig) from Control Panel in Windows System Configuration (msconfig) is a tool that can help identify problems that might prevent Windows from starting correctly. This tutorial will show you how to add System Configuration (msconfig) to the...
Tutorials
BSOD "System Power Device Failure"
I'm running a few days old HP Pavilion dv6-6047cl laptop with the original OEM version of Windows 7 Home Premium x64. I brought the laptop with me walking from my apartment to college (about 10-15min) and when I arrived I found I had a blue screen about System Device Power Failure. Over the past...
BSOD Help and Support
BSOD with "usbhub.sys" and "driver power state failure"
I have been getting the BSOD since a few weeks and found out by trial and error that a USB-hub is causing the problem. Whenever I disconnect the hub before I shut off the computer I do not get the blue screen. Yesterday I also got a BSOD that mentioned driver power state failure. After I had...
BSOD Help and Support
Could not remove "Personal Security" virus, please HELP
My laptop got infected with "Personal Security". I tried to remove it manually following instructions but I could not find "psecurity.exe" in my system which needs to be deleted. I could not find a free REMOVAL (not just Scan and ask for purchase) tool to get rid of it. I do not want to pay....
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:36.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App