Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Virus - FRST64 log


  • This topic is locked This topic is locked
2 replies to this topic

#1 jssanders11

jssanders11

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 21 August 2013 - 08:38 PM

I have the ICE virus.

 

I ran the FRST64.exe command suggested by another link.

 

I am including the log below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by SYSTEM on 21-08-2013 21:17:42
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-05-30] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [eMagineTray] - C:\eMagine\eMagineTray.exe [421888 2003-05-29] (Patterson Dental Supply, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-05-30] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [ICF] - C:\Program Files (x86)\Internet Content Filter\mfp.exe [3296424 2012-10-13] (McAfee, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Boyd\...\Run: [Google Update] -  [x]
HKU\Boyd\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe [51712 2013-08-21] (Valve Corporation) <===== ATTENTION
HKU\Boyd\...\RunOnce: [JavaInstallRetry] - C:\Users\Boyd\AppData\LocalLow\Sun\Java\JRERunOnce.exe [903080 2013-06-21] (Oracle Corporation)
HKU\Boyd\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Boyd\...\Command Processor: "C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe" <===== ATTENTION!

==================== Services (Whitelisted) =================

S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfeicfcore; C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2760360 2012-10-13] (McAfee, Inc.)
S2 mfeicfupdate; C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2259768 2012-10-13] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 mfeapfk01; No ImagePath
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-21 19:33 - 2013-08-21 19:33 - 01097700 _____ C:\Users\Boyd\AppData\Roaming\2433f433
2013-08-21 19:33 - 2013-08-21 19:33 - 01097693 _____ C:\Users\Boyd\AppData\Local\2433f433
2013-08-21 19:33 - 2013-08-21 19:33 - 01097692 _____ C:\ProgramData\2433f433
2013-08-21 12:51 - 2013-08-21 12:51 - 00000000 ____D C:\Users\Boyd\AppData\Local\Google
2013-08-15 02:07 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-15 02:07 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-15 02:07 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-15 02:07 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-15 02:07 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-15 02:07 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-15 02:07 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 02:07 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 02:07 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 02:07 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 02:07 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 02:07 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 02:07 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-15 02:07 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 02:01 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 19:03 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 19:03 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 19:03 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 19:03 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 19:03 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 19:03 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 19:03 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-14 19:03 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 19:03 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 19:03 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 19:03 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 19:03 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 19:03 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 19:03 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 19:03 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 19:03 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 19:03 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 19:03 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 19:03 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 19:03 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 19:03 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 19:03 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 19:03 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 19:03 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 19:03 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 19:03 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 19:03 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-04 13:44 - 2013-08-04 13:44 - 00010615 _____ C:\Users\Boyd\Documents\homeexpense.xlsx

==================== One Month Modified Files and Folders =======

2013-08-21 21:17 - 2013-08-21 21:17 - 00000000 ____D C:\FRST
2013-08-21 20:02 - 2011-07-11 15:33 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-21 20:02 - 2011-07-11 15:33 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-21 20:02 - 2011-07-11 15:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-21 20:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-21 20:01 - 2009-07-13 23:51 - 00064649 _____ C:\Windows\setupact.log
2013-08-21 20:00 - 2011-07-11 15:09 - 01903872 _____ C:\Windows\WindowsUpdate.log
2013-08-21 20:00 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 20:00 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-21 19:59 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-21 19:33 - 2013-08-21 19:33 - 01097700 _____ C:\Users\Boyd\AppData\Roaming\2433f433
2013-08-21 19:33 - 2013-08-21 19:33 - 01097693 _____ C:\Users\Boyd\AppData\Local\2433f433
2013-08-21 19:33 - 2013-08-21 19:33 - 01097692 _____ C:\ProgramData\2433f433
2013-08-21 18:56 - 2012-07-20 18:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 12:51 - 2013-08-21 12:51 - 00000000 ____D C:\Users\Boyd\AppData\Local\Google
2013-08-20 20:37 - 2011-08-23 17:27 - 00000000 ____D C:\eMagine
2013-08-20 20:37 - 2011-07-30 12:12 - 00000468 _____ C:\Windows\BRWMARK.INI
2013-08-20 19:59 - 2013-07-02 20:31 - 00086016 _____ C:\Users\Boyd\Documents\3rd qtr payroll 2013.xls
2013-08-20 19:55 - 2013-01-10 19:22 - 00001790 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-08-20 19:55 - 2013-01-10 19:22 - 00001790 _____ C:\ProgramData\Desktop\McAfee AntiVirus Plus.lnk
2013-08-20 19:50 - 2012-07-20 18:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 19:50 - 2012-05-09 20:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 19:50 - 2012-02-24 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 19:07 - 2011-07-31 14:13 - 00000000 ____D C:\Users\Boyd\Documents\Outlook Files
2013-08-15 19:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 02:26 - 2013-01-10 14:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-15 02:03 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 02:01 - 2011-07-30 21:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-04 13:44 - 2013-08-04 13:44 - 00010615 _____ C:\Users\Boyd\Documents\homeexpense.xlsx
2013-07-28 14:31 - 2013-01-10 14:58 - 00000000 ____D C:\Program Files\McAfee
2013-07-28 14:31 - 2011-07-11 15:24 - 00000000 ____D C:\ProgramData\McAfee
2013-07-28 14:16 - 2010-11-20 22:47 - 00075604 _____ C:\Windows\PFRO.log
2013-07-26 00:13 - 2013-08-15 02:07 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-26 00:13 - 2013-08-15 02:07 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-26 00:13 - 2013-08-15 02:07 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-26 00:12 - 2013-08-15 02:07 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-26 00:12 - 2013-08-15 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-25 22:35 - 2013-08-15 02:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-25 22:13 - 2013-08-15 02:07 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 22:13 - 2013-08-15 02:07 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 22:12 - 2013-08-15 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 22:11 - 2013-08-15 02:07 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 22:11 - 2013-08-15 02:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 21:49 - 2013-08-15 02:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 21:39 - 2013-08-15 02:07 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-25 20:59 - 2013-08-15 02:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 04:25 - 2013-08-14 19:03 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-25 03:57 - 2013-08-14 19:03 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

Files to move or delete:
====================
C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe
ZeroAccess:
C:\Users\Boyd\AppData\Local\Google\Desktop\Install\{db74d1a3-fea3-fb4e-5f6b-9e0e827c084e}

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-18 20:03:34
Restore point made on: 2013-07-26 08:52:58
Restore point made on: 2013-08-03 12:39:01
Restore point made on: 2013-08-10 14:14:38
Restore point made on: 2013-08-15 02:00:58
Restore point made on: 2013-08-21 18:52:44

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4060.98 MB
Available physical RAM: 3448.75 MB
Total Pagefile: 4059.18 MB
Available Pagefile: 3451.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:855.91 GB) NTFS
Drive f: () (Removable) (Total:3.73 GB) (Free:3.04 GB) FAT32
Drive i: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 27503792)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-08-13 14:25

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:50 AM

Posted 22 August 2013 - 02:31 PM

Hello,

 

Welcome to the forum.

 

Please download Attached File  fixlist.txt   819bytes   7 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 



#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:50 AM

Posted 31 August 2013 - 03:58 AM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.

Every one else should start a new topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users