Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't start after using windows defender offline, frst64 log posted


  • This topic is locked This topic is locked
10 replies to this topic

#1 billpennock

billpennock

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 11 August 2013 - 11:23 AM

I have read some other posts and used the frst64 program.  The symptoms are common, windows starts to boot, shows a flash of a screen of text so fast you can't read it and then crashes.  i got it into system recover mode and ran frst64.  

I attempted to clean on my own first after seeing the following in the frst.txt file the first time I ran it:

TDL4: custom:26000022 <===== ATTENTION!

ATTENTION: Malware custom entry on BCD on drive d: detected.

 

I put the first line in a fixlist.txt and ran frst64 again using fix.  This removed the two attention lines above but left me with the following after doing another scan.  I have not tried to restart normally in windows due to the attention line in the following list indicating a boot record problem.

Thanks for the help

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013
Ran by SYSTEM on 11-08-2013 08:34:47
Running from F:\
Windows 7 Professional N Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HKSERV.EXE] - C:\Program Files (x86)\Sony\HotKey Utility\HKserv.exe [122880 2004-06-29] (Sony Corporation)
HKU\barbp\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
 
==================== Services (Whitelisted) =================
 
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-04 18:04 - 2013-08-11 06:56 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-31 06:34 - 2013-07-31 06:34 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-31 06:34 - 2013-07-31 06:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-31 06:34 - 2013-07-31 06:34 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-31 06:34 - 2013-07-31 06:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-31 06:34 - 2013-07-31 06:34 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-31 06:34 - 2013-07-31 06:34 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-31 06:34 - 2013-07-31 06:34 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-31 06:34 - 2013-07-31 06:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-31 06:34 - 2013-07-31 06:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-31 06:34 - 2013-07-31 06:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-31 06:34 - 2013-07-31 06:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-31 06:33 - 2013-07-31 06:36 - 00007201 _____ C:\Windows\IE10_main.log
2013-07-31 05:55 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-31 05:55 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-31 05:55 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-31 05:55 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-07-31 05:55 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-07-31 05:55 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-07-31 05:55 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-07-31 05:55 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-31 05:55 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-07-31 05:55 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-31 05:55 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-07-31 05:55 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-31 05:55 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-07-31 05:55 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-07-31 05:55 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-31 05:55 - 2013-05-07 22:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-31 05:55 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-31 05:55 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-31 05:55 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-07-31 05:55 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-31 05:55 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-07-31 05:55 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-07-31 05:55 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-07-31 05:55 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-07-31 05:54 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-31 05:54 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-31 05:52 - 2013-04-09 22:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-07-31 05:52 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-07-31 05:52 - 2013-03-18 21:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-07-31 05:52 - 2013-03-18 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-07-31 05:52 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-07-31 05:52 - 2013-02-26 21:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-07-31 05:52 - 2013-02-26 21:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-07-31 05:52 - 2013-02-26 21:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-07-31 05:52 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-07-31 05:52 - 2013-02-26 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-31 05:52 - 2013-02-26 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-31 05:52 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-31 05:52 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-07-24 15:35 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-07-24 15:35 - 2013-02-14 22:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-24 15:35 - 2013-02-14 22:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-24 15:35 - 2013-02-14 22:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-24 15:35 - 2013-02-14 20:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-24 15:35 - 2013-02-14 20:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-24 15:35 - 2013-02-14 19:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
 
==================== One Month Modified Files and Folders =======
 
2013-08-11 07:50 - 2013-08-11 07:50 - 00000000 ____D C:\FRST
2013-08-11 06:56 - 2013-08-04 18:04 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-11 06:56 - 2012-02-14 09:47 - 00000000 ____D C:\users\barbp
2013-08-11 06:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-08 03:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-08 02:06 - 2012-02-14 09:43 - 01599865 _____ C:\Windows\WindowsUpdate.log
2013-08-08 02:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 02:03 - 2009-07-13 20:56 - 00050292 _____ C:\Windows\setupact.log
2013-08-03 02:10 - 2009-07-13 20:50 - 00020464 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-03 02:10 - 2009-07-13 20:50 - 00020464 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 02:07 - 2009-07-13 21:12 - 00730532 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-01 07:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-01 05:36 - 2009-07-13 20:50 - 00416688 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-01 05:35 - 2011-04-11 23:43 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-01 05:35 - 2009-07-13 21:38 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-01 05:35 - 2009-07-13 21:38 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-01 05:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-31 06:45 - 2012-02-15 13:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-31 06:36 - 2013-07-31 06:33 - 00007201 _____ C:\Windows\IE10_main.log
2013-07-31 06:34 - 2013-07-31 06:34 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-31 06:34 - 2013-07-31 06:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-31 06:34 - 2013-07-31 06:34 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-31 06:34 - 2013-07-31 06:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-31 06:34 - 2013-07-31 06:34 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-31 06:34 - 2013-07-31 06:34 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-31 06:34 - 2013-07-31 06:34 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-31 06:34 - 2013-07-31 06:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-31 06:34 - 2013-07-31 06:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-31 06:34 - 2013-07-31 06:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-31 06:34 - 2013-07-31 06:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-31 06:34 - 2013-07-31 06:34 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-31 06:34 - 2013-07-31 06:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-31 06:24 - 2013-03-14 05:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-31 06:24 - 2013-03-14 05:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4025285211-66038638-3254135782-1000\$b7fde6379958e1f5109159f3ca507792
 
Files to move or delete:
====================
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-07-31 05:51:23
Restore point made on: 2013-07-31 06:30:51
Restore point made on: 2013-08-01 08:50:15
Restore point made on: 2013-08-01 10:35:23
Restore point made on: 2013-08-02 02:06:49
Restore point made on: 2013-08-02 06:23:40
Restore point made on: 2013-08-02 06:59:10
Restore point made on: 2013-08-03 02:06:48
Restore point made on: 2013-08-03 06:24:17
Restore point made on: 2013-08-04 04:49:50
Restore point made on: 2013-08-07 02:04:04
Restore point made on: 2013-08-08 02:06:50
Restore point made on: 2013-08-10 14:48:47
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 4014.09 MB
Available physical RAM: 3418.77 MB
Total Pagefile: 4012.29 MB
Available Pagefile: 3412.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:74.42 GB) NTFS (Disk=0 Partition=2)
Drive f: (WDO_MEDIA64) (Removable) (Total:1.85 GB) (Free:1.53 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: D315D389)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: C9F3D3F8)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
 
 
LastRegBack: 2013-08-02 02:20
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:22 AM

Posted 12 August 2013 - 04:50 PM

Good evening. :)

I have not tried to restart normally in windows due to the attention line in the following list indicating a boot record problem

Which line are you referring to?

 


So long, and thanks for all the fish.

 

 


#3 billpennock

billpennock
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 12 August 2013 - 07:53 PM

Good evening back.  the line is near the bottom of the log I posted:

 
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:22 AM

Posted 13 August 2013 - 03:48 PM

Good evening. :)

You may find that the line that you removed yourself has already disabled this particular piece of malware. I suggets that you reboot the PC and see what happens and let me know how it goes.


So long, and thanks for all the fish.

 

 


#5 billpennock

billpennock
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 August 2013 - 06:56 PM

hmmm, ok so you think then that the report in this scan by frst is not correct then?  Just in case I wasn't clear before the scan I posted was done after I did the first fixlist fix.



#6 billpennock

billpennock
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 August 2013 - 11:12 PM

Ok I started it up and it ran this time.  Then I restarted it in safe mode and ran Malwarebytes and it found trojan.agent referenced as a svchost operation.   I let it remote it.  Ran a full scan in safe mode which came out clean and then started it up.  all looks good now.  



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:22 AM

Posted 14 August 2013 - 02:37 PM

Good evening. :)

hmmm, ok so you think then that the report in this scan by frst is not correct then?

No, I think that you have misinterpreted it which isn't the same thing. A malicious file needs to be activated in order to do what it is coded to do - remove the method that activates it and it becomes just another piece of dead wood on your hard drive.

 

If you want me to look further at your PC you will need to go here, follow steps six, seven and eight and then post accordingly into this thread.

 

 


So long, and thanks for all the fish.

 

 


#8 billpennock

billpennock
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 15 August 2013 - 09:00 AM

Gotcha, that makes perfect sense of course.    So as of now it's running well, no issues and windows defender and malwarebytes don't find anything.  I really appreciate this site, should I go further with steps 6,7 and 8 do you think?



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:22 AM

Posted 15 August 2013 - 01:53 PM

Good evening. :)

I'm afraid that's a little bit like asking me should you take an umbrella with you when you next go out - take one if you want to and not if you don't. If you do and it rains, you're glad and if you do and it doesn't, you may wish you hadn't. If you post the logs and I find something then you'll be glad that you did and if there's nothing there, you may feel that you shouldn't have bothered. The only way that we'll both know if you needed to or not is if you post them and I look at them.

 

So, in summary, if you post them, i'll look at them and if you don't, I won't. (I know that it's not much help, but at least you have my honest opinion. :))


So long, and thanks for all the fish.

 

 


#10 billpennock

billpennock
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 18 August 2013 - 10:03 PM

Thanks.  I understand that and I really appreciate your patience and help.  It's my wife's computer and I'll try to find time in the next few days to wrench it back away from her to post the logs. 



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:22 AM

Posted 26 August 2013 - 01:23 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users