Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE virus need help just scanned using farbar


  • This topic is locked This topic is locked
3 replies to this topic

#1 pcbiohazard

pcbiohazard

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 20 July 2013 - 10:59 AM

Hi i have a dell notebook with win xp i just scanned using farbar i will wait for further instructions thank you here is the scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by Administrator (administrator) on 20-07-2013 09:55:07
Running from D:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKU\Drew\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Drew\Application Data\cache.dat <==== ATTENTION

==================== Internet (Whitelisted) ====================

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

========================== Services (Whitelisted) =================

S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [142720 2005-10-26] (Broadcom Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S4 IntelIde; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================
 

 



BC AdBot (Login to Remove)

 


#2 pcbiohazard

pcbiohazard
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 20 July 2013 - 02:42 PM

i ran a fixlist of my own

 

HKU\Drew\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Drew\Application Data\cache.dat <==== ATTENTION (it said value deleted successfully)

 

and it worked like a charm now running malwarebytes, combofix, hitman, and security check.



#3 pcbiohazard

pcbiohazard
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 20 July 2013 - 05:06 PM

Im all set so i don't need any help but your guys are the best for helping people i think im starting to get the hang of this so maybe in near future i could help volunteer



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:24 PM

Posted 21 July 2013 - 10:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users