Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7, Got moneypak virus, removed with windows defender offline, now cant boot


  • This topic is locked This topic is locked
4 replies to this topic

#1 MrStiv

MrStiv

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 03 April 2013 - 08:22 PM

Mod Edit: Moved to proper forum ~~ boopme

 

Hello,

 

First off I'd like to thank all of you assisting.  Your seemingly altruistic efforts are greatly appreciated!

 

As the topic title suggests, after removing tht FBI monypak virus, my system will not boot, it gets to a white screen and that's it.  As far as safe mode, the only mode I can get into is safe mode with command prompt; any other choice "safe mode with networking, etc the desktop loads and then immediately logs off and restarts.  I downloaded and ran FRST.exe; here is the log file:

 

FYI..FRST was run from safe mode and not recovery console.  Don't know if that matters

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 21 days old)
Ran by Dean at 03-04-2013 17:43:54
Running from G:\
  Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
The operation completed successfully.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-04-03 17:43 - 2013-04-03 17:43 - 00000000 ____D C:\FRST
2013-04-03 11:34 - 2013-04-03 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-04-03 09:32 - 2013-04-03 17:39 - 00000004 ____A C:\Users\Dean\AppData\Roaming\skype.ini
2013-03-14 03:08 - 2013-03-14 03:08 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 14317568 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-14 03:08 - 2013-03-14 03:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-14 03:08 - 2013-03-14 03:08 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-14 03:08 - 2013-03-14 03:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-14 03:08 - 2013-03-14 03:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-03-14 03:08 - 2013-03-14 03:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-03-14 03:08 - 2013-03-14 03:08 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00391680 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-03-14 03:08 - 2013-03-14 03:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-03-14 03:08 - 2013-03-14 03:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-03-14 03:08 - 2013-03-14 03:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-03-14 03:08 - 2013-03-14 03:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-03-14 03:07 - 2013-03-14 03:12 - 00007201 ____A C:\Windows\IE10_main.log
2013-03-14 03:03 - 2013-03-14 03:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-14 03:03 - 2013-03-14 03:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight


==================== One Month Modified Files and Folders ========

2013-04-03 17:43 - 2013-04-03 17:43 - 00000000 ____D C:\FRST
2013-04-03 17:39 - 2013-04-03 09:32 - 00000004 ____A C:\Users\Dean\AppData\Roaming\skype.ini
2013-04-03 17:35 - 2011-04-17 21:18 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Dropbox
2013-04-03 17:34 - 2013-01-15 16:16 - 00018122 ____A C:\Windows\setupact.log
2013-04-03 17:34 - 2011-01-17 21:18 - 00024696 ____A C:\ProgramData\lxeascan.log
2013-04-03 17:34 - 2010-07-06 20:56 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-03 17:34 - 2010-05-21 19:10 - 00000000 ____D C:\Users\Dean\AppData\Roaming\.oit
2013-04-03 17:34 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-03 15:20 - 2010-07-06 20:56 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-03 15:20 - 2010-04-09 04:25 - 01830024 ____A C:\Windows\WindowsUpdate.log
2013-04-03 11:34 - 2013-04-03 11:34 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-04-03 11:30 - 2010-07-10 10:59 - 00000000 ____D C:\ProgramData\Recovery
2013-04-03 10:07 - 2012-10-12 20:49 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249027520-607447241-3248185716-1000UA.job
2013-04-03 09:37 - 2011-04-17 21:20 - 00000000 ___RD C:\Users\Dean\Dropbox
2013-04-03 09:35 - 2010-04-09 04:29 - 00685866 ____A C:\Windows\PFRO.log
2013-04-03 09:33 - 2012-10-12 20:49 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249027520-607447241-3248185716-1000Core.job
2013-04-03 09:33 - 2012-04-22 16:14 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4249027520-607447241-3248185716-1000Core.job
2013-04-03 09:26 - 2012-06-13 10:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-03 09:26 - 2012-04-22 16:14 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4249027520-607447241-3248185716-1000UA.job
2013-04-01 21:59 - 2012-03-15 15:14 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-01 21:58 - 2011-01-27 02:40 - 01252956 ____A C:\ProgramData\lxea.log
2013-03-28 22:45 - 2010-05-13 18:20 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-03-28 22:45 - 2010-05-13 18:20 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-03-16 17:35 - 2013-02-13 12:56 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForDean.job
2013-03-14 06:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-03-14 05:33 - 2010-09-22 22:55 - 00000000 ____D C:\Users\Dean\Documents\Outlook Files
2013-03-14 03:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64
2013-03-14 03:35 - 2009-10-30 21:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-14 03:12 - 2013-03-14 03:07 - 00007201 ____A C:\Windows\IE10_main.log
2013-03-14 03:08 - 2013-03-14 03:08 - 14317568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 14317568 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-14 03:08 - 2013-03-14 03:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-14 03:08 - 2013-03-14 03:08 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-14 03:08 - 2013-03-14 03:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-14 03:08 - 2013-03-14 03:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-03-14 03:08 - 2013-03-14 03:08 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-03-14 03:08 - 2013-03-14 03:08 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00391680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00391680 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-03-14 03:08 - 2013-03-14 03:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-03-14 03:08 - 2013-03-14 03:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-03-14 03:08 - 2013-03-14 03:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-03-14 03:08 - 2013-03-14 03:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-03-14 03:08 - 2013-03-14 03:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-03-14 03:08 - 2013-03-14 03:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-03-14 03:03 - 2013-03-14 03:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-14 03:03 - 2013-03-14 03:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-14 03:03 - 2009-07-13 20:20 - 00000000 ___RD C:\Program Files (x86)
2013-03-13 22:52 - 2012-06-13 10:19 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-13 22:52 - 2012-06-13 10:19 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-03-13 22:52 - 2011-09-15 23:02 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-13 22:52 - 2011-09-15 23:02 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-03-10 19:54 - 2010-05-28 17:30 - 00000000 ____D C:\Users\Public\Documents\Deans Files


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-28 00:17] - [2011-02-24 23:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2011-04-07 21:07] - [2010-11-20 05:08] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4092.2 MB
Available physical RAM: 3597.99 MB
Total Pagefile: 8182.59 MB
Available Pagefile: 7699.09 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.46 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:447.49 GB) (Free:320.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:17.98 GB) (Free:2.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive g: () (Removable) (Total:14.9 GB) (Free:12.57 GB) FAT32

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        
  Disk 1    Online           14 GB      0 B        

Partitions of Disk 0:
===============

Disk ID: 29E95222

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            447 GB   200 MB
  Partition 3    Primary             17 GB   447 GB
  Partition 4    Primary            103 MB   465 GB

=========================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         SYSTEM       NTFS   Partition    199 MB  Healthy    System (partition with boot components) 

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    447 GB  Healthy    Boot   

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   RECOVERY     NTFS   Partition     17 GB  Healthy           

=========================================================

Disk: 0
Partition 4
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     E   HP_TOOLS     FAT32  Partition    103 MB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             14 GB    16 KB

=========================================================

Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     G                FAT32  Removable     14 GB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 29E95222

Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB

Partition 2:
=========
Hex: 007E261907FEFFFF0040060000A0EF37
Active: NO
Type: 07 (NTFS)
Size: 447 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00E0F53700403F02
Active: NO
Type: 07 (NTFS)
Size: 18 GB

Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF0020353A30380300
Active: NO
Type: 0C
Size: 103 MB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 000021000CFEFFFF20000000E017DD01
Active: NO
Type: 0C
Size: 15 GB

==================== End Of Log ============================

 

Thank again Y'all


Edited by boopme, 03 April 2013 - 09:07 PM.


BC AdBot (Login to Remove)

 


#2 MrStiv

MrStiv
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 03 April 2013 - 08:44 PM

update:

 

Tried running frst.exe from the recovery console and recieved the following, "the subsystem needed to support the image type is not present."  Same error if I attempt to run superantivirus from the recovery console.

 

Thanks



#3 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:12 PM

Posted 04 April 2013 - 10:22 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.


  • A lot of work is waiting for us. The subsystem error comes because you are using a 32bit file on an 64bit OS :) So let's try a different Version of FRST.
    A note, it is important to run this tool in the Recovery Console.



    Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:


  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.
  • [/list] [/list]

Edited by Larusso, 04 April 2013 - 10:29 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:12 PM

Posted 08 April 2013 - 02:35 AM

Hy there.

Are you still with us ? If I do not hear from you within 24 hours, this topic will be closed
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:12 PM

Posted 12 April 2013 - 09:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users