remove fbi "system failure" virus help

Page 1 of 4 123 ... LastLast

  1. drmax
    Posts : 314
    W7 premium 64
       New #1

    remove fbi "system failure" virus help


    Yep, I got that nasty virus on my main windows 7 machine. I am finally (somehow) able to boot into windows normally, but I know it's still infected, or so they say from reading. I cannot for the life of me, hit F8 and get into the safemode area. I even made a boot stick with hitman pro on it, and when I go to boot machine, and usb is first in line, it still just boots into windows normally, like the stick isn't even there. MBAR finds nothing. Unsure what to do at this point. Help please. DM
      My Computer
    Quote Quote

  3. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #2

    drmax

    Download HitManPro on a clean PC

    32-Bit Version OS
    Download



    64-Bit Version OS
    Download



    Save to a USB Flash Drive then plug the USB Flash Drive to the issue PC and drag the file from the USB Flash Drive to the Desktop

    Right click on HitmanPro.exe and choose Run as administrator

    When HitmanPro opens up click on the Next button

    Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

    Let it scan the PC once its done Click Next

    Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next
      My Computer
    Quote Quote

  4. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #3

    I had did all this before, minus the activation portion, it found a trojan agent in skype and that was it. I "thought" this had to be accomplished in safe mode (which incidently I can not get into F8) in order to get around the virus, in order for hitman to work. I'll give what you said to do, another go and post back.
    DM

    update...10 threats detected...no threats found. bty, trial license had expired so wasn't able to do squat with it anyways.
      My Computer
    Quote Quote

  6. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #4

       Warning

    You will need a USB FLASH DRIVE


       Tip
    Download the Tool from a non infected PC


    Download Farbar Recovery Scan Tool

    32-bit OS Version http://download.bleepingcomputer.com/farbar/FRST.exe
    64-Bit OS Version http://download.bleepingcomputer.com/farbar/FRST64.exe



       Note
    Click the button and right-click Computer .Select Properties .Look for System Type: which will say 32-bit Operating System or 64-bit Operating System


    Plug the flash drive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    Restart the computer.
    As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    Use the arrow keys to select the Repair Your Computer menu item.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    Insert the installation disc.
    Restart your computer.
    If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    Click Repair Your Computer .
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair

    System Restore

    Windows Complete PC Restore

    Windows Memory Diagnostic Tool

    Command Prompt

    Select Command Prompt

    In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
       Note
    Replace letter e with the drive letter of your flash drive.

       Tip
    Type the commands below to see what your letter is for the USB drive and press ENTER after each command

    Code:
    Diskpart
List volume
    The tool will start to run.
    When the tool opens click Yes to disclaimer.
    Press Scan button.
    FRST will let you know when the scan is complete and has written the FRST.txt to file
    Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)
      My Computer
    Quote Quote

  7. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #5

    only one file was saved


    frst.txt is only one I found on my stick drive after completing scan. Here it is...
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
    Ran by SYSTEM on 31-05-2013 18:44:27
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-07] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
    HKU\greg\...\Run: [cdloader] "C:\Users\greg\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
    HKU\greg\...\Run: [Google Update] "C:\Users\greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-12] (Google Inc.)
    Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\magicBlock.lnk
    ShortcutTarget: magicBlock.lnk -> C:\Program Files (x86)\magicBlock\magicBlock.exe (vvisoft)
    ==================== Services (Whitelisted) =================
    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-17] (SUPERAntiSpyware.com)
    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-07] (Advanced Micro Devices, Inc.)
    S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-01-25] ()
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2011-09-14] (Check Point Software Technologies)
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-05-31 12:00 - 2013-05-31 12:00 - 00000000 ____D C:\ProgramData\Real
    2013-05-31 11:54 - 2013-05-31 11:54 - 00000000 ____D C:\Program Files (x86)\SweetIM
    2013-05-31 10:32 - 2013-05-31 15:30 - 00000000 ____D C:\Users\greg\AppData\Roaming\wabEventSupport16
    2013-05-25 02:08 - 2013-05-25 02:08 - 00000000 ____D C:\Users\greg\AppData\Local\{E0D81C4C-D8FF-428A-B288-482F1A5BD2F7}
    2013-05-18 07:46 - 2013-05-18 07:46 - 00000000 ____D C:\ProgramData\Cisco Systems
    2013-05-17 14:46 - 2013-05-17 14:46 - 00001026 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2013-05-15 15:45 - 2013-05-16 03:46 - 00000000 ____D C:\Users\greg\AppData\Local\{0F908B16-E76B-4F2F-97E4-FBFEADC77592}
    2013-05-15 03:45 - 2013-05-15 03:45 - 00000000 ____D C:\Users\greg\AppData\Local\{AD657C3E-97A0-430D-8AB9-5D7BC97DF0B8}
    2013-05-14 23:02 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-14 23:02 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-14 23:02 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-14 23:02 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-14 23:01 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-14 23:01 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-14 23:01 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-14 23:01 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-14 23:01 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-14 23:01 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-14 23:01 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-14 23:01 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-14 23:01 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-14 23:01 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-14 23:01 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-14 23:01 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-14 23:01 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-14 23:01 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-14 23:01 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-14 23:01 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-14 23:01 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-14 23:01 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-14 23:01 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-14 23:01 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-14 23:01 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-14 23:01 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-14 23:01 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-14 23:01 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-14 23:01 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-14 23:01 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-14 23:01 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-14 23:01 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-14 20:51 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-14 20:51 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-14 20:51 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-14 20:50 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-14 20:50 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-14 20:50 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-14 20:50 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-14 20:50 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-14 20:50 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-14 20:50 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-14 20:50 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-14 20:50 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-14 20:50 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-14 20:50 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-08 03:43 - 2013-05-14 15:45 - 00000000 ____D C:\Users\greg\AppData\Local\{D0220E66-664B-45E1-A216-494DE91AC6ED}
    2013-05-06 03:42 - 2013-05-07 15:43 - 00000000 ____D C:\Users\greg\AppData\Local\{72B5B071-79BB-4F55-89AB-8989A5ACCD0B}
    2013-05-01 11:24 - 2013-05-01 11:24 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
    ==================== One Month Modified Files and Folders =======
    2013-05-31 15:30 - 2013-05-31 10:32 - 00000000 ____D C:\Users\greg\AppData\Roaming\wabEventSupport16
    2013-05-31 15:30 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
    2013-05-31 14:37 - 2013-01-25 17:31 - 00005528 ____A C:\Windows\setupact.log
    2013-05-31 14:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-31 14:30 - 2011-09-04 10:30 - 01172971 ____A C:\Windows\WindowsUpdate.log
    2013-05-31 14:30 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-31 14:30 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-31 14:26 - 2011-09-12 04:42 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872747093-637173786-3556813959-1000UA.job
    2013-05-31 14:21 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-31 14:18 - 2011-11-03 12:12 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2013-05-31 14:16 - 2011-09-06 11:20 - 00000950 ____A C:\Users\greg\Desktop\magicJack.lnk
    2013-05-31 14:16 - 2011-09-06 11:15 - 00000000 ____D C:\Users\greg\AppData\Roaming\mjusbsp
    2013-05-31 14:15 - 2011-09-04 07:42 - 00000000 ____D C:\users\greg
    2013-05-31 14:13 - 2013-03-18 07:44 - 00000000 ____D C:\ProgramData\Licenses
    2013-05-31 14:13 - 2013-02-02 05:32 - 00000000 ____D C:\Users\greg\Desktop\mbar
    2013-05-31 14:13 - 2013-02-01 16:13 - 00000000 ____D C:\Users\greg\AppData\Roaming\vlc
    2013-05-31 14:13 - 2012-04-26 12:59 - 00000000 __RHD C:\MSOCache
    2013-05-31 14:13 - 2011-10-06 10:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-05-31 14:13 - 2011-09-25 04:40 - 00000000 ____D C:\Program Files (x86)\JDownloader
    2013-05-31 14:13 - 2011-09-04 11:35 - 00000000 ____D C:\Users\greg\AppData\Roaming\uTorrent
    2013-05-31 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-05-31 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2013-05-31 12:00 - 2013-05-31 12:00 - 00000000 ____D C:\ProgramData\Real
    2013-05-31 11:54 - 2013-05-31 11:54 - 00000000 ____D C:\Program Files (x86)\SweetIM
    2013-05-26 14:44 - 2013-03-05 06:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-26 14:00 - 2012-05-31 13:37 - 00000464 ____A C:\Windows\Tasks\ParetoLogic Registration.job
    2013-05-25 15:26 - 2011-09-12 04:42 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872747093-637173786-3556813959-1000Core.job
    2013-05-25 09:01 - 2011-10-28 16:28 - 00000000 ____D C:\Users\greg\AppData\Roaming\Skype
    2013-05-25 02:10 - 2011-10-28 16:27 - 00000000 ____D C:\ProgramData\Skype
    2013-05-25 02:10 - 2011-10-08 02:05 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2013-05-25 02:08 - 2013-05-25 02:08 - 00000000 ____D C:\Users\greg\AppData\Local\{E0D81C4C-D8FF-428A-B288-482F1A5BD2F7}
    2013-05-25 02:07 - 2011-10-07 17:33 - 00000000 ____D C:\Users\greg\Tracing
    2013-05-19 14:13 - 2013-04-15 10:32 - 00000000 ____D C:\Users\greg\Desktop\landscape 2013
    2013-05-18 07:46 - 2013-05-18 07:46 - 00000000 ____D C:\ProgramData\Cisco Systems
    2013-05-17 14:46 - 2013-05-17 14:46 - 00001026 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2013-05-16 03:52 - 2011-11-20 13:58 - 00000000 ____D C:\Users\greg\AppData\Roaming\Windows Live Writer
    2013-05-16 03:46 - 2013-05-15 15:45 - 00000000 ____D C:\Users\greg\AppData\Local\{0F908B16-E76B-4F2F-97E4-FBFEADC77592}
    2013-05-15 03:45 - 2013-05-15 03:45 - 00000000 ____D C:\Users\greg\AppData\Local\{AD657C3E-97A0-430D-8AB9-5D7BC97DF0B8}
    2013-05-15 03:02 - 2013-01-23 05:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-15 03:02 - 2013-01-23 05:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-15 00:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-05-14 23:27 - 2009-07-13 20:45 - 00417416 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-14 23:08 - 2012-04-26 13:00 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-05-14 23:07 - 2011-09-04 11:42 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-14 15:45 - 2013-05-08 03:43 - 00000000 ____D C:\Users\greg\AppData\Local\{D0220E66-664B-45E1-A216-494DE91AC6ED}
    2013-05-09 21:27 - 2012-05-18 13:07 - 00000000 ____D C:\Users\greg\AppData\Roaming\Mozilla
    2013-05-07 15:43 - 2013-05-06 03:42 - 00000000 ____D C:\Users\greg\AppData\Local\{72B5B071-79BB-4F55-89AB-8989A5ACCD0B}
    2013-05-07 05:00 - 2012-12-07 17:31 - 00001122 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
    2013-05-06 03:03 - 2011-09-07 13:44 - 00000000 ____D C:\Users\greg\AppData\Roaming\TeamViewer
    2013-05-06 03:01 - 2011-09-04 11:36 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2013-05-05 15:42 - 2013-04-24 03:37 - 00000000 ____D C:\Users\greg\AppData\Local\{8ECE596D-36F1-463A-A781-18AC9DA117D1}
    2013-05-05 13:36 - 2013-05-14 23:02 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-05 13:16 - 2013-05-14 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-05 11:25 - 2013-05-14 23:02 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-05 11:12 - 2013-05-14 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-02 07:29 - 2011-09-04 08:35 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-01 11:24 - 2013-05-01 11:24 - 00000000 ____D C:\Program Files (x86)\FOXIT SOFTWARE
    2013-05-01 11:24 - 2011-10-04 08:42 - 00000000 ____D C:\Users\greg\AppData\Roaming\Foxit Software
    Other Malware:
    ===========
    C:\Users\greg\GoToAssistDownloadHelper.exe
    ==================== Known DLLs (Whitelisted) ================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2013-05-14 23:00:29
    Restore point made on: 2013-05-18 10:49:48
    Restore point made on: 2013-05-19 15:00:33
    Restore point made on: 2013-05-21 15:52:11
    Restore point made on: 2013-05-25 16:29:49
    Restore point made on: 2013-05-26 15:00:27
    Restore point made on: 2013-05-29 02:17:47
    Restore point made on: 2013-05-31 11:47:04
    Restore point made on: 2013-05-31 12:02:31
    Restore point made on: 2013-05-31 12:52:29
    Restore point made on: 2013-05-31 14:12:01
    Restore point made on: 2013-05-31 14:26:41
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 7656.27 MB
    Available physical RAM: 6872.99 MB
    Total Pagefile: 7654.42 MB
    Available Pagefile: 6848.88 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:148.83 GB) (Free:58.36 GB) NTFS (Disk=0 Partition=3)
    Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1225.8 GB) NTFS (Disk=1 Partition=1)
    Drive f: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    Drive g: () (Removable) (Total:29.8 GB) (Free:29.79 GB) FAT32 (Disk=2 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 00000000)
    Partition: GPT Partition Type
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BC57A278)
    Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
    ========================================================
    Disk: 2 (Size: 30 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

    Last Boot: 2013-05-23 20:39
    ==================== End Of Log ============================
      My Computer
    Quote Quote

  8. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #6

    Looks good to me on the FRST log .

    Lets run AdwCleaner


    Click here AdwCleaner

    Click on Download Now button

    Save to the Desktop

    Right-click on AdwCleaner.exe and choose Run as administrator

    Click the Delete button

    Upload the AdwCleaner[Sn].txt in your reply.

       Note
    The log file is at C:\AdwCleaner[Sn].txt
      My Computer
    Quote Quote

  10. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #7

    Will do, but so you know...I am unable to get into safe mode...and I am not able to have my thumb drive recognized in boot sequence. It's listed...but when I hit enter...it goes into a windows startup. Tried to diff. model drives. Standy by on the other...
      My Computer
    Quote Quote

  11. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #8

    # AdwCleaner v2.301 - Logfile created 05/31/2013 at 19:13:20
    # Updated 16/05/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : greg - GREG-PC
    # Boot Mode : Normal
    # Running from : C:\Users\greg\Desktop\AdwCleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Iminent
    Folder Deleted : C:\Program Files (x86)\SweetIM
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\greg\AppData\Local\Conduit
    Folder Deleted : C:\Users\greg\AppData\Local\Coupon Companion Plugin
    Folder Deleted : C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    Folder Deleted : C:\Users\greg\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\greg\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\greg\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\greg\AppData\LocalLow\SweetIM
    Folder Deleted : C:\Users\greg\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\greg\AppData\Roaming\OpenCandy
    ***** [Registry] *****
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Iminent
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16483
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [14549 octets] - [31/05/2013 19:13:20]
    ########## EOF - C:\AdwCleaner[S1].txt - [14610 octets] ##########
      My Computer
    Quote Quote

  12. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #9

    Download ASWMBR

    Download aswMBR to your Desktop

    Right click on aswMBR.exe choose Run as administrator to run it

    Click on the Scan button

    On completion of the scan click Save log button , save it to your desktop and post in your next reply
      My Computer
    Quote Quote

  13. drmax
    Posts : 314
    W7 premium 64
    Thread Starter
       New #10

    swMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-31 20:06:08
    -----------------------------
    20:06:08.446 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:06:08.446 Number of processors: 4 586 0x100
    20:06:08.446 ComputerName: GREG-PC UserName: greg
    20:06:08.513 Initialze error 1
    20:06:35.573 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:06:35.577 Disk 0 Vendor: ST3160812AS 3.AAE Size: 152627MB BusType: 3
    20:06:35.583 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    20:06:35.588 Disk 1 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
    20:06:35.604 Disk 0 MBR read successfully
    20:06:35.611 Disk 0 MBR scan
    20:06:35.617 Disk 0 Windows 7 default MBR code
    20:06:35.624 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    20:06:35.632 Disk 0 scanning C:\Windows\system32\drivers
    20:06:35.640 Service scanning
    20:06:36.280 Modules scanning
    20:06:36.290 Disk 0 trace - called modules:
    20:06:36.301 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:06:36.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077f1060]
    20:06:36.319 3 CLASSPNP.SYS[fffff880018aa43f] -> nt!IofCallDriver -> [0xfffffa80073c7520]
    20:06:36.327 5 ACPI.sys[fffff88000f997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80073bf060]
    20:06:36.335 Scan finished successfully
    20:06:53.096 Disk 0 MBR has been saved successfully to "C:\Users\greg\Desktop\MBR.dat"
    20:06:53.103 The log file has been saved successfully to "C:\Users\greg\Desktop\aswMBR.txt"
      My Computer
    Quote Quote

 
Page 1 of 4 123 ... LastLast

  Related Discussions
Hello im unsure where to place this thread. " Disc boot failure, insert system disc and press enter " Is the error i get after i took out an IDE 80GB HDD. The primary boot drive is a OCZ vertex 2 120GB. Somehow my pc will not boot unless the 80GB HDD is in. Im unsure how they are related so...
Okay so I've just did a system image restore onto a brand new hard drive that i've purchased. My intentions were to basically transfer everything from my old HD to the new one. I had saved the System Image on an external HD. I disconnected my old HD before starting up the system image recovery...
How to Add or Remove "System Configuration" (msconfig) from Control Panel in Windows System Configuration (msconfig) is a tool that can help identify problems that might prevent Windows from starting correctly. This tutorial will show you how to add System Configuration (msconfig) to the...
BSOD "System Power Device Failure"
in BSOD Help and Support

I'm running a few days old HP Pavilion dv6-6047cl laptop with the original OEM version of Windows 7 Home Premium x64. I brought the laptop with me walking from my apartment to college (about 10-15min) and when I arrived I found I had a blue screen about System Device Power Failure. Over the past...
My laptop got infected with "Personal Security". I tried to remove it manually following instructions but I could not find "psecurity.exe" in my system which needs to be deleted. I could not find a free REMOVAL (not just Scan and ask for purchase) tool to get rid of it. I do not want to pay....
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:59.
Find Us