Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After MS Stadalone Sweeper 0x7B


  • This topic is locked This topic is locked
4 replies to this topic

#1 NickPower

NickPower

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 18 April 2012 - 12:45 PM

I scanned the computer with standalone sweeper now upon reboot I get a 0x7B, I have tried bootrec /fixmbr, /fixboot and rebuild BCD
MS Sweeper found alureon

Edited by NickPower, 18 April 2012 - 01:20 PM.


BC AdBot (Login to Remove)

 


#2 NickPower

NickPower
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 18 April 2012 - 12:48 PM

Scan result of Farbar Recovery Scan Tool Version: 29-02-2012 01
Ran by SYSTEM at 18-04-2012 13:41:56
Running from E:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

==================== Services (Whitelisted) ======

3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

1 sbpaqrcq; \??\C:\Windows\system32\drivers\sbpaqrcq.sys [50000 2012-04-17] (Microsoft Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
1 eflzgnck; \??\C:\Windows\system32\drivers\eflzgnck.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-18 13:09 - 2012-04-18 13:42 - 0000000 ____D C:\FRST
2012-04-18 12:20 - 2012-04-18 12:20 - 0000000 ____D C:\symbols
2012-04-18 09:57 - 2012-04-18 09:57 - 0000000 ____D C:\Windows\Standalone System Sweeper
2012-04-17 13:41 - 2012-04-17 13:41 - 0000000 ____D C:\Users\DAN\AppData\Roaming\Malwarebytes
2012-04-17 13:40 - 2012-04-17 13:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sbpaqrcq.sys
2012-04-17 13:37 - 2012-04-17 13:38 - 0000256 ___AH C:\Users\All Users\d7nTOudG1RDiHR
2012-04-17 13:37 - 2012-04-17 13:38 - 0000256 ___AH C:\ProgramData\d7nTOudG1RDiHR
2012-04-16 13:56 - 2012-04-16 13:56 - 0275192 ____A C:\Windows\Minidump\041612-25537-01.dmp
2012-04-14 08:22 - 2012-04-14 08:22 - 0000256 ___AH C:\Users\All Users\wJF2AW4rdGfGgI
2012-04-14 08:22 - 2012-04-14 08:22 - 0000256 ___AH C:\ProgramData\wJF2AW4rdGfGgI
2012-04-14 08:22 - 2012-04-14 08:22 - 0000168 ___AH C:\Users\All Users\-wJF2AW4rdGfGgIr
2012-04-14 08:22 - 2012-04-14 08:22 - 0000168 ___AH C:\ProgramData\-wJF2AW4rdGfGgIr
2012-04-14 08:22 - 2012-04-14 08:22 - 0000000 ___AH C:\Users\All Users\-wJF2AW4rdGfGgI
2012-04-14 08:22 - 2012-04-14 08:22 - 0000000 ___AH C:\ProgramData\-wJF2AW4rdGfGgI
2012-04-13 23:51 - 2012-04-16 13:56 - 250502199 ____A C:\Windows\MEMORY.DMP
2012-04-13 23:51 - 2012-04-16 13:56 - 0000000 ___HD C:\Windows\Minidump
2012-04-13 23:51 - 2012-04-13 23:52 - 0282904 ___AH C:\Windows\Minidump\041412-25771-01.dmp
2012-04-13 23:05 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-13 23:05 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-13 23:05 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-13 23:05 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-13 23:05 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-13 23:05 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-13 23:05 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-13 23:05 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-13 23:05 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-13 23:05 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-13 23:05 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-13 23:05 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-13 23:05 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-13 23:05 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-13 23:05 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-13 23:05 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-13 23:05 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-13 23:05 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-13 23:05 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-13 23:05 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-13 23:05 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-13 23:05 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-13 23:05 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-13 23:05 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-13 23:05 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-13 23:05 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-13 23:03 - 2012-04-13 23:03 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-13 23:00 - 2012-02-29 22:54 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-13 23:00 - 2012-02-29 22:45 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-13 23:00 - 2012-02-29 22:40 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-13 23:00 - 2012-02-29 22:35 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-13 23:00 - 2012-02-29 21:49 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-13 23:00 - 2012-02-29 21:45 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-13 23:00 - 2012-02-29 21:40 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 16:03 - 2012-04-10 16:03 - 4399595 ___AH C:\Users\Lucas\Downloads\Five Finger Death Punch - Remember Everything Lyrics.mp3
2012-04-10 16:01 - 2012-04-10 16:01 - 4199267 ___AH C:\Users\Lucas\Downloads\Bad Company by Five Finger Death Punch.mp3
2012-04-10 15:59 - 2012-04-10 15:59 - 3411414 ___AH C:\Users\Lucas\Downloads\Tonight - Seether lyrics.mp3
2012-03-29 16:38 - 2012-04-03 12:10 - 0101888 ____A (Kaspersky Lab) C:\Windows\System32\compgMgr64.dll
2012-03-29 14:27 - 2012-03-29 14:27 - 0000000 ___HD C:\Windows\Sun
2012-03-28 22:22 - 2009-07-13 17:14 - 0020480 ___AH (Microsoft Corporation) C:\Windows\svchost.exe
2012-03-28 22:19 - 2012-03-28 22:19 - 3568985 ___AH C:\Users\Lucas\Downloads\Seether - TonightNew Song.mp3

============ 3 Months Modified Files and Folders =============

2012-04-18 13:42 - 2012-04-18 13:09 - 0000000 ____D C:\FRST
2012-04-18 12:20 - 2012-04-18 12:20 - 0000000 ____D C:\symbols
2012-04-18 09:57 - 2012-04-18 09:57 - 0000000 ____D C:\Windows\Standalone System Sweeper
2012-04-17 13:45 - 2009-07-13 20:45 - 0014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-17 13:45 - 2009-07-13 20:45 - 0014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-17 13:44 - 2008-01-01 00:46 - 1871024 ___AH C:\Windows\WindowsUpdate.log
2012-04-17 13:42 - 2009-07-13 21:13 - 0733904 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-17 13:41 - 2012-04-17 13:41 - 0000000 ____D C:\Users\DAN\AppData\Roaming\Malwarebytes
2012-04-17 13:40 - 2012-04-17 13:40 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sbpaqrcq.sys
2012-04-17 13:38 - 2012-04-17 13:37 - 0000256 ___AH C:\Users\All Users\d7nTOudG1RDiHR
2012-04-17 13:38 - 2012-04-17 13:37 - 0000256 ___AH C:\ProgramData\d7nTOudG1RDiHR
2012-04-17 13:38 - 2009-07-13 20:51 - 0008432 ___AH C:\Windows\setupact.log
2012-04-17 13:36 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-17 13:36 - 2008-01-01 00:43 - 1508761600 __ASH C:\hiberfil.sys
2012-04-16 13:56 - 2012-04-16 13:56 - 0275192 ____A C:\Windows\Minidump\041612-25537-01.dmp
2012-04-16 13:56 - 2012-04-13 23:51 - 250502199 ____A C:\Windows\MEMORY.DMP
2012-04-16 13:56 - 2012-04-13 23:51 - 0000000 ___HD C:\Windows\Minidump
2012-04-16 13:56 - 2010-11-06 06:50 - 0004492 ___AH C:\Windows\PFRO.log
2012-04-16 09:05 - 2009-07-13 18:34 - 0000855 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-04-14 08:22 - 2012-04-14 08:22 - 0000256 ___AH C:\Users\All Users\wJF2AW4rdGfGgI
2012-04-14 08:22 - 2012-04-14 08:22 - 0000256 ___AH C:\ProgramData\wJF2AW4rdGfGgI
2012-04-14 08:22 - 2012-04-14 08:22 - 0000168 ___AH C:\Users\All Users\-wJF2AW4rdGfGgIr
2012-04-14 08:22 - 2012-04-14 08:22 - 0000168 ___AH C:\ProgramData\-wJF2AW4rdGfGgIr
2012-04-14 08:22 - 2012-04-14 08:22 - 0000000 ___AH C:\Users\All Users\-wJF2AW4rdGfGgI
2012-04-14 08:22 - 2012-04-14 08:22 - 0000000 ___AH C:\ProgramData\-wJF2AW4rdGfGgI
2012-04-13 23:52 - 2012-04-13 23:51 - 0282904 ___AH C:\Windows\Minidump\041412-25771-01.dmp
2012-04-13 23:06 - 2010-11-06 08:09 - 0000000 ___HD C:\Users\All Users\Microsoft Help
2012-04-13 23:06 - 2010-11-06 08:09 - 0000000 ___HD C:\ProgramData\Microsoft Help
2012-04-13 23:03 - 2012-04-13 23:03 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-13 23:01 - 2010-11-06 06:32 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 16:23 - 2011-04-04 11:51 - 0000000 ___HD C:\Users\Lucas\AppData\Roaming\FrostWire
2012-04-10 16:03 - 2012-04-10 16:03 - 4399595 ___AH C:\Users\Lucas\Downloads\Five Finger Death Punch - Remember Everything Lyrics.mp3
2012-04-10 16:01 - 2012-04-10 16:01 - 4199267 ___AH C:\Users\Lucas\Downloads\Bad Company by Five Finger Death Punch.mp3
2012-04-10 15:59 - 2012-04-10 15:59 - 3411414 ___AH C:\Users\Lucas\Downloads\Tonight - Seether lyrics.mp3
2012-04-07 16:06 - 2012-02-21 14:46 - 0000000 __RHD C:\Users\DAN\Documents\Scanned Documents
2012-04-03 12:10 - 2012-03-29 16:38 - 0101888 ____A (Kaspersky Lab) C:\Windows\System32\compgMgr64.dll
2012-03-29 14:27 - 2012-03-29 14:27 - 0000000 ___HD C:\Windows\Sun
2012-03-28 22:19 - 2012-03-28 22:19 - 3568985 ___AH C:\Users\Lucas\Downloads\Seether - TonightNew Song.mp3
2012-03-28 22:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-16 23:21 - 2009-07-13 20:45 - 0413344 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-05 17:05 - 2011-04-04 11:51 - 0000000 ___HD C:\Program Files (x86)\Ask.com
2012-03-05 17:05 - 2010-11-06 10:03 - 0000000 ___HD C:\Users\Lucas\AppData\LocalLow
2012-03-01 06:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-01 00:20 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\PolicyDefinitions
2012-03-01 00:04 - 2012-03-01 00:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-01 00:04 - 2012-03-01 00:04 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-01 00:04 - 2012-03-01 00:04 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-01 00:04 - 2012-03-01 00:04 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-01 00:04 - 2012-03-01 00:04 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-01 00:04 - 2012-03-01 00:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-01 00:04 - 2012-03-01 00:04 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-01 00:04 - 2012-03-01 00:04 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-01 00:04 - 2012-03-01 00:04 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-01 00:04 - 2012-03-01 00:04 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-01 00:04 - 2012-03-01 00:04 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-01 00:04 - 2012-03-01 00:00 - 0003900 ___AH C:\Windows\IE9_main.log
2012-02-29 22:54 - 2012-04-13 23:00 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-13 23:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-13 23:00 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-13 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-13 23:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-13 23:00 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-13 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-13 23:05 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-13 23:05 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-13 23:05 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-13 23:05 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-13 23:05 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-13 23:05 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-13 23:05 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-13 23:05 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-13 23:05 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-13 23:05 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-13 23:05 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-13 23:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-13 23:05 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-13 23:05 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-13 23:05 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-13 23:05 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-13 23:05 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-13 23:05 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-13 23:05 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-13 23:05 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-13 23:05 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-13 23:05 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-13 23:05 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-13 23:05 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-13 23:05 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-13 23:05 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-22 00:02 - 2009-07-13 18:34 - 0000513 ___AH C:\Windows\win.ini
2012-02-21 14:57 - 2012-02-21 14:57 - 0013069 ___AH C:\Users\DAN\Desktop\Scan a document or picture - Shortcut.lnk
2012-02-21 14:46 - 2012-02-21 14:46 - 0000000 ___HD C:\Users\DAN\Documents\Fax
2012-02-21 09:25 - 2010-11-06 10:03 - 0000174 ___SH C:\Users\Lucas\Start Menu\Programs\Startup\desktop.ini
2012-02-21 09:25 - 2010-11-06 10:03 - 0000174 ___SH C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 15:13 - 2008-01-01 06:52 - 0000174 ___SH C:\Users\DAN\Start Menu\Programs\Startup\desktop.ini
2012-02-17 15:13 - 2008-01-01 06:52 - 0000174 ___SH C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 22:27 - 2012-03-16 06:57 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-16 06:57 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-16 06:57 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-16 06:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-03-16 06:58 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-16 06:58 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-16 06:58 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-16 06:58 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-16 06:58 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-16 06:58 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-16 06:58 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-16 06:58 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-16 06:58 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-16 06:58 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-07 07:02 - 2012-02-07 07:02 - 1070352 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-02 20:16 - 2012-03-16 06:58 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 04:44 - 2010-11-06 08:21 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-24 22:27 - 2012-03-16 06:57 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-16 06:57 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-16 06:57 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 1918.49 MB
Available physical RAM: 1424.21 MB
Total Pagefile: 1918.49 MB
Available Pagefile: 1403.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:101.66 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive e: (NICKS TOOLS) (Removable) (Total:0.94 GB) (Free:0.44 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 7168 KB
Disk 1 Online 967 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 149 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 967 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NICKS TOOLS FAT32 Removable 967 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-04-10 17:01

======================= End Of Log ==========================

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:22 AM

Posted 18 April 2012 - 11:47 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:22 AM

Posted 22 April 2012 - 12:17 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:22 AM

Posted 24 April 2012 - 11:57 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users