de-bugging i-pad

joe134

waddler_8 wrote: »

You shouldn't have to download it as it should be installed already, unless it's a really outdated version of mbam.

There lies the problem. You'll not get anywhere untill that's gone.

When you boot to the advanced boot options (where you enter safemode) via f8, do you see the option "Repair your Computer" on the advanced boot options menu?

Morning waddler, it is updated version of mbam, updated it yesterday,hence the extra 15 results.
Mines the same and got the latest version.????
Chameleon is in MORE TOOLS 1 of 4 to download, same as mine??
if I try to change it, it will probably be blocked.
yes, it has repair computer in safe mode;
I thought that was quaranteened and repaired?
obviously not if you spotted it;
When it was fired up before, it threw that Antivirus pro up,straight away;; now, Malwarebytes appears straight away,without clicking it;not normal;;; probably changed it,s appearance???
security centre switched off, no firewall.a/v etc.
managed to get eset online scanner, just now and running it.zero so far;;;
tried dds again, nogo.blocked download.
CURIOUS;;Chameleon;;;like mine, Malwarebytes runs ok, but cannot download it from more tools.You say it should be on as default. am I doing something wrong?
If it wasn,t for no security, I couldn,t tell Pc is faulty at present, gets online ok, surf,etc now.
nasty little tyke innit.

joe134

joe134 wrote: »

Morning waddler, it is updated version of mbam, updated it yesterday,hence the extra 15 results.
Mines the same and got the latest version.????
Chameleon is in MORE TOOLS 1 of 4 to download, if I try to change it, it will probably be blocked.as it blocks any downloads to do with security, and security centre is switched off, so no firewall, a/v etc
yes, it has repair computer in safe mode;
I thought that was quaranteened and repaired?
obviously not if you spotted it;
When it was fired up before, it threw that Antivirus pro up,straight away;; now, Malwarebytes appears straight away,without clicking it;not normal;;; probably changed it,s appearance???

just done this., in normal mode.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.12.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rose :: ROSE-PC [administrator]
12/09/2013 08:31:19
mbam-log-2013-09-12 (08-31-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220569
Time elapsed: 7 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

joe134

joe134 wrote: »

just done this., in normal mode.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.12.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rose :: ROSE-PC [administrator]
12/09/2013 08:31:19
mbam-log-2013-09-12 (08-31-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220569
Time elapsed: 7 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Update;;
Ran Eset. found 7 items and quaranteened them, but, not the one we want.
win 32/bagle.gen zip worm, a variant of BAT/Kill.NDV trojan, etc. Tried saving log but cannot find it;
Status quo, the same;
So, no farther forward

waddler_8

joe134 wrote: »

Ran Eset... ...Tried saving log but cannot find it

C:\program files(x86)\eset\eset online scanner\log.txt

I'm now going to make two posts. Try the first one, then if that's unsuccessfull, try the second method.

waddler_8

Do this in normal mode. If you cant, do it in safe mode with networking.

Download Farbar Recovery Scan Tool from the link below.

LINK

Note: You need to run the version compatible with your system (32bit version).

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run (eg C:\users\username\downloads).
• The first time the tool is run, it makes also another log (Addition.txt).

email me those logs. I'll PM you my email address.

waddler_8

Using another computer, Download Farbar Recovery Scan Tool (FRST 32-bit version)from the link below and save it to a flash drive.

LINK

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    
    Select Command Prompt
    
    Once in the Command Prompt:
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type efrst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Copy and paste it in your next reply.

joe134

waddler_8 wrote: »

Using another computer, Download Farbar Recovery Scan Tool (FRST 32-bit version)from the link below and save it to a flash drive.

LINK

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    
    Select Command Prompt
    
    Once in the Command Prompt:
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type efrst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Copy and paste it in your next reply.

Hi waddler, first 2 failed, malware stopped me.
I,m on my pc with a flash, BUT, not sure how to save to stick, not a thing I do often.There,s no save option on it;;;
Got it downloaded to pc, ready to, exe, clicked disclaimer to continue, but, it starts to scan my registry.
How do I get it to the stick. without exe on my pc???
Sorry about this.
edit;;bare with me please,

joe134

joe134 wrote: »

Hi waddler, first 2 failed, malware stopped me.
second attempt;;
got it on stick and in computer, I have 2 removable discs. D and F.
On my pc it,s F, so tried it, not recognised. it,s there as frst(1) because I downloaded it twice, and saved first to stick.
bit confused now, but trying
edit;;it,s running on infected pc.
sorry about hassle I,m causing.

joe134

joe134 wrote: »

joe134 wrote: »

Hi waddler, first 2 failed, malware stopped me.
second attempt;;
got it on stick and in computer, I have 2 removable discs. D and F.
On my pc it,s F, so tried it, not recognised. it,s there as frst(1) because I downloaded it twice, and saved first to stick.
bit confused now, but trying
edit;;it,s running on infected pc.
sorry about hassle I,m causing.

Need help copy/paste to you . Cannot get at it on stick.?

joe134

joe134 wrote: »

joe134 wrote: »

Hi waddler, first 2 failed, malware stopped me.
second attempt;;
got it on stick and in computer, I have 2 removable discs. D and F.
On my pc it,s F, so tried it, not recognised. it,s there as frst(1) because I downloaded it twice, and saved first to stick.
bit confused now, but trying
edit;;it,s running on infected pc.
sorry about hassle I,m causing.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 02
Ran by SYSTEM on MINWINPC on 12-09-2013 15:20:59
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [200704 2008-09-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-14] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Connection Manager] - C:\Program Files\O2\Connection Manager\emmsn.exe [3779504 2010-08-03] (Telef!nica I+D)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\Rose\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Rose\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2010-08-24] (TomTom)
HKU\Rose\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Rose\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2011-01-22] (Google Inc.)
HKU\Rose\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)
HKU\Rose\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Rose\...\Run: [Google Update] - [x]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-14] (Andrea Electronics Corporation)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-14] (IDT, Inc.)
S2 TGCM_ImportWiFiSvc; C:\Program Files\O2\Connection Manager\ImpWiFiSvc.exe [199600 2010-08-02] (Telef!nica I+D)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\ \...\???\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [133632 2009-03-05] (Creative Technology Ltd.)
S3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [271552 2009-03-19] (Creative Technology Ltd.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 01:45 - 2013-09-12 01:45 - 00000000 ____D C:\Program Files\ESET
2013-09-11 11:54 - 2013-09-11 11:54 - 00000134 _____ C:\Users\Rose\Desktop\User Accounts - Shortcut.lnk
2013-09-11 09:57 - 2013-09-11 10:29 - 2489435892 _____ C:\avenger.txt
2013-09-11 09:57 - 2013-09-11 09:57 - 00001960 _____ C:\Windows\PFRO.log
2013-09-11 09:57 - 2013-09-11 09:57 - 00000000 ____D C:\Avenger
2013-09-10 04:58 - 2013-09-10 04:59 - 00062942 _____ C:\Users\Rose\Documents\cc_20130910_135845.reg
2013-09-10 03:11 - 2013-09-10 03:11 - 00000256 _____ C:\Users\Rose\Desktop\People Near Me - Shortcut.lnk
2013-09-10 02:57 - 2013-09-10 02:57 - 00000134 _____ C:\Users\Rose\Desktop\Bluetooth Devices - Shortcut.lnk
2013-09-08 14:07 - 2013-09-08 14:28 - 00000000 ____D C:\ProgramData\Danpn373
2013-08-27 14:16 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 14:55 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 14:55 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 14:55 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 14:55 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 14:55 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 14:55 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-14 14:55 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-14 14:55 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-14 14:55 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 14:55 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 14:55 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-13 12:44 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 12:44 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 12:44 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 12:44 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-13 12:44 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 12:44 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 12:44 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 12:44 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 12:44 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 12:44 - 2013-07-04 20:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 12:44 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-08-13 12:44 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-12 15:19 - 2013-09-12 15:19 - 00000000 ____D C:\FRST
2013-09-12 05:33 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 05:33 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 03:04 - 2010-09-07 07:57 - 00000000 ____D C:\Users\Rose\AppData\Roaming\67E49E331C3E7BE91C39FE7C79763D77
2013-09-12 03:01 - 2009-10-27 04:39 - 00001356 _____ C:\Users\Rose\AppData\Local\d3d9caps.dat
2013-09-12 01:45 - 2013-09-12 01:45 - 00000000 ____D C:\Program Files\ESET
2013-09-12 00:08 - 2010-10-07 11:01 - 00000000 ____D C:\Users\Rose\AppData\Local\Windows Live
2013-09-11 22:45 - 2010-07-23 02:35 - 00000000 ____D C:\Users\Rose\AppData\Roaming\Skype
2013-09-11 11:54 - 2013-09-11 11:54 - 00000134 _____ C:\Users\Rose\Desktop\User Accounts - Shortcut.lnk
2013-09-11 10:35 - 2010-09-08 22:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-11 10:29 - 2013-09-11 09:57 - 2489435892 _____ C:\avenger.txt
2013-09-11 09:57 - 2013-09-11 09:57 - 00001960 _____ C:\Windows\PFRO.log
2013-09-11 09:57 - 2013-09-11 09:57 - 00000000 ____D C:\Avenger
2013-09-11 09:57 - 2011-08-07 02:24 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-09-11 08:31 - 2012-01-22 05:37 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-11 08:31 - 2010-09-07 09:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 07:53 - 2006-11-02 02:33 - 00703198 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-10 07:26 - 2009-06-23 07:04 - 00000000 ____D C:\users\Rose
2013-09-10 05:33 - 2010-07-23 02:36 - 00000000 ____D C:\Users\Rose\AppData\Local\Google
2013-09-10 04:59 - 2013-09-10 04:58 - 00062942 _____ C:\Users\Rose\Documents\cc_20130910_135845.reg
2013-09-10 03:11 - 2013-09-10 03:11 - 00000256 _____ C:\Users\Rose\Desktop\People Near Me - Shortcut.lnk
2013-09-10 02:57 - 2013-09-10 02:57 - 00000134 _____ C:\Users\Rose\Desktop\Bluetooth Devices - Shortcut.lnk
2013-09-09 04:46 - 2012-11-26 11:30 - 00002377 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-08 14:28 - 2013-09-08 14:07 - 00000000 ____D C:\ProgramData\Danpn373
2013-09-08 14:08 - 2010-07-23 02:35 - 00000000 ____D C:\Program Files\Google
2013-09-04 14:19 - 2011-10-30 09:36 - 00002039 _____ C:\Users\Rose\Desktop\Google Chrome.lnk
2013-08-18 10:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 14:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 14:23 - 2013-08-07 13:28 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 14:20 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-08-14 15:12 - 2009-05-14 05:08 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
ZeroAccess:
C:\Users\Rose\AppData\Local\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-19 13:06:07
Restore point made on: 2013-07-23 13:04:45
Restore point made on: 2013-07-25 09:23:49
Restore point made on: 2013-07-31 14:02:58
Restore point made on: 2013-08-06 13:29:27
Restore point made on: 2013-08-07 13:28:13
Restore point made on: 2013-08-13 12:39:17
Restore point made on: 2013-08-14 14:49:59
Restore point made on: 2013-08-18 03:23:40
Restore point made on: 2013-08-20 10:13:29
Restore point made on: 2013-08-23 14:11:24
Restore point made on: 2013-08-27 14:16:41
Restore point made on: 2013-08-28 13:44:31
Restore point made on: 2013-08-31 03:19:45
Restore point made on: 2013-08-31 03:38:39
Restore point made on: 2013-09-03 13:27:36
Restore point made on: 2013-09-10 05:04:26
Restore point made on: 2013-09-10 05:17:22

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 3033.63 MB
Available physical RAM: 2718.43 MB
Total Pagefile: 2934.28 MB
Available Pagefile: 2795.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:49.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:0.12 GB) (Free:0.08 GB) FAT
Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: A9F9AA9B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=134 GB) - (Type=07 NTFS)

=============