Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP WINDOWS START UP VIRUS REMOVAL


  • This topic is locked This topic is locked
3 replies to this topic

#1 mdsccer4

mdsccer4

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 13 September 2014 - 05:03 PM

Hi! My sisters computer seems to have the windows start up virus. She has a Sony Vaio running windows vista (32-bit). I've read through a few removal posts, so I've already downloaded and ran FRST.exe (32-bit). I'm not sure what to do from there since the other posts are specifically for their computers. Below is what FRST got from my sisters computer. I would love some assistance from this point on in removing the virus. HELP!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by SYSTEM on MINWINPC on 13-09-2014 17:45:37
Running from f:\
Platform: Windows Vista ™ Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2008-02-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SearchSettings] => C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1608000 2014-08-22] (Spigot, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [318464 2008-01-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] 
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Nikki\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Nikki\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\Nikki\...\Run: [EPSON Stylus CX3800 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [179200 2007-01-25] (SEIKO EPSON CORPORATION)
HKU\Nikki\...\Run: [Spotify] => C:\Users\Nikki\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-23] (Spotify Ltd)
HKU\Nikki\...\Run: [Spotify Web Helper] => C:\Users\Nikki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-23] (Spotify Ltd)
HKU\Nikki\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin
Startup: C:\Users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [990072 2014-08-22] (Spigot, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342016 2012-06-14] (Alcatel-Lucent)
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [104288 2008-03-04] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [350048 2008-03-04] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [63328 2008-03-04] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-02-15] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [333088 2008-03-03] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-03-31] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [184320 2008-02-15] (Sony Corporation)
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [147456 2008-02-15] (Sony Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-13 17:45 - 2014-09-13 17:45 - 00000000 ____D () C:\FRST
2014-09-11 00:14 - 2014-08-15 06:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-09-11 00:14 - 2014-08-15 06:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-09-11 00:14 - 2014-08-15 06:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-09-11 00:13 - 2014-08-15 06:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-09-11 00:13 - 2014-08-15 06:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-09-11 00:13 - 2014-08-15 06:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-09-11 00:13 - 2014-08-15 06:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-09-11 00:13 - 2014-08-15 06:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-09-11 00:13 - 2014-08-15 06:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-09-11 00:13 - 2014-08-15 06:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-09-11 00:13 - 2014-08-15 06:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-09-11 00:13 - 2014-08-15 06:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-09-11 00:13 - 2014-08-15 06:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-09-11 00:13 - 2014-08-15 06:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-09-11 00:13 - 2014-08-15 06:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-09-11 00:13 - 2014-08-15 06:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-09-11 00:13 - 2014-08-15 06:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-09-11 00:13 - 2014-08-15 06:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-09-11 00:13 - 2014-08-15 06:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-09-11 00:13 - 2014-08-15 06:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-09-11 00:13 - 2014-08-15 06:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-09-07 09:38 - 2014-09-07 09:38 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-07 09:36 - 2014-09-07 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-07 09:36 - 2014-09-07 09:36 - 00000000 ____D () C:\Program Files\iPod
2014-08-29 14:47 - 2014-08-29 14:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-29 12:41 - 2014-08-29 12:41 - 00000000 ____D () C:\Program Files\Application Updater
2014-08-29 12:40 - 2014-08-29 12:41 - 00000000 ____D () C:\Program Files\Vuze Remote Toolbar
2014-08-27 23:00 - 2014-08-22 17:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 23:00 - 2014-08-22 15:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-22 23:42 - 2014-08-22 23:42 - 00016738 _____ () C:\Users\Nikki\Desktop\Aug 23 BWK Setlist FINAL.xlsx
2014-08-22 23:39 - 2014-08-22 23:39 - 00018253 _____ () C:\Users\Nikki\Downloads\Aug 23 BWK Setlist FINAL.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-13 17:45 - 2014-09-13 17:45 - 00000000 ____D () C:\FRST
2014-09-11 00:33 - 2012-09-17 19:56 - 02021300 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 00:32 - 2014-07-22 15:58 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\Spotify
2014-09-11 00:27 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 00:11 - 2012-09-17 20:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 23:18 - 2013-08-19 23:13 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-10 23:18 - 2006-11-02 02:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-09-10 23:16 - 2012-09-17 20:34 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-10 23:12 - 2012-09-17 20:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 23:06 - 2006-11-02 02:33 - 00753026 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-10 23:00 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 23:00 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 00:30 - 2012-09-17 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-09-10 00:30 - 2012-09-17 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-09-08 05:07 - 2014-07-22 15:59 - 00000000 ____D () C:\Users\Nikki\AppData\Local\Spotify
2014-09-07 09:48 - 2012-10-08 11:50 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\Azureus
2014-09-07 09:38 - 2014-09-07 09:38 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-07 09:38 - 2014-09-07 09:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-07 09:38 - 2013-03-03 21:37 - 00000000 ____D () C:\Program Files\iTunes
2014-09-07 09:36 - 2014-09-07 09:36 - 00000000 ____D () C:\Program Files\iPod
2014-09-07 09:36 - 2012-09-18 17:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-04 04:53 - 2012-09-17 20:40 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-31 07:21 - 2012-09-17 20:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-31 06:49 - 2012-09-18 04:11 - 00006300 _____ () C:\Windows\setupact.log
2014-08-29 14:48 - 2014-08-29 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-29 12:41 - 2014-08-29 12:41 - 00000000 ____D () C:\Program Files\Application Updater
2014-08-29 12:41 - 2014-08-29 12:40 - 00000000 ____D () C:\Program Files\Vuze Remote Toolbar
2014-08-29 12:40 - 2013-02-14 04:43 - 00000000 ____D () C:\Program Files\Common Files\Spigot
2014-08-29 12:37 - 2013-06-02 05:49 - 00000000 ___RD () C:\Users\Nikki\Dropbox
2014-08-29 12:37 - 2013-06-02 05:33 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\Dropbox
2014-08-27 23:19 - 2006-11-02 04:47 - 00420160 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-22 23:42 - 2014-08-22 23:42 - 00016738 _____ () C:\Users\Nikki\Desktop\Aug 23 BWK Setlist FINAL.xlsx
2014-08-22 23:39 - 2014-08-22 23:39 - 00018253 _____ () C:\Users\Nikki\Downloads\Aug 23 BWK Setlist FINAL.xlsx
2014-08-22 17:03 - 2014-08-27 23:00 - 00297984 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 15:26 - 2014-08-27 23:00 - 02054656 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-15 06:51 - 2014-09-11 00:13 - 12363264 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-15 06:42 - 2014-09-11 00:13 - 09739776 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-15 06:42 - 2014-09-11 00:13 - 01810432 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-15 06:37 - 2014-09-11 00:13 - 01137664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-15 06:37 - 2014-09-11 00:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-15 06:36 - 2014-09-11 00:13 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-15 06:35 - 2014-09-11 00:14 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 01802240 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-15 06:35 - 2014-09-11 00:13 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-15 06:35 - 2014-09-11 00:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-08-15 06:34 - 2014-09-11 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-15 06:34 - 2014-09-11 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-15 06:34 - 2014-09-11 00:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-15 06:34 - 2014-09-11 00:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-08-15 06:34 - 2014-09-11 00:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-08-14 13:21 - 2013-06-02 05:49 - 00000919 _____ () C:\Users\Nikki\Desktop\Dropbox.lnk
 
Some content of TEMP:
====================
C:\Users\Nikki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5bblhk.dll
C:\Users\Nikki\AppData\Local\Temp\exthelper.exe
C:\Users\Nikki\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\ose00000.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point made on: 2014-09-03 07:32:06
Restore point made on: 2014-09-03 21:16:07
Restore point made on: 2014-09-04 20:00:20
Restore point made on: 2014-09-05 20:30:39
Restore point made on: 2014-09-06 20:00:24
Restore point made on: 2014-09-06 22:05:40
Restore point made on: 2014-09-07 20:26:25
Restore point made on: 2014-09-08 21:31:31
Restore point made on: 2014-09-09 21:43:05
Restore point made on: 2014-09-10 08:56:03
Restore point made on: 2014-09-10 23:01:23
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 2037.81 MB
Available physical RAM: 1604.31 MB
Total Pagefile: 1842.72 MB
Available Pagefile: 1677.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.58 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:141.61 GB) (Free:41.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:7.44 GB) (Free:0.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.47 GB) (Free:0.3 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: D4338FA8)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=27)
Partition 2: (Active) - (Size=141.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
 
 
LastRegBack: 2014-08-27 23:24
 
==================== End Of Log ============================

Edited by Queen-Evie, 13 September 2014 - 07:19 PM.
moved from Vista to the appropriate forum. FRST logs are allowed only in Malware Removal Logs


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 15 September 2014 - 05:03 PM

Hello mdsccer4 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following.

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

--------------------------------------------------------------

 

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Please uninstall the following applications:

 

C:\Program Files\Mozilla Maintenance Service
C:\Program Files\Vuze Remote Toolbar
C:\Program Files\Application Updater

-----------------------------------------------------------

 

Run FRST fixlist

 

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SearchSettings] => C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1608000 2014-08-22] (Spigot, Inc.)
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
ShortcutTarget: Dropbox.lnk ->  (No File)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Program Files\Mozilla Maintenance Service
C:\Program Files\Vuze Remote Toolbar
C:\Program Files\Application Updater
C:\Users\Nikki\AppData\Roaming\Azureus
C:\Users\Nikki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5bblhk.dll
C:\Users\Nikki\AppData\Local\Temp\exthelper.exe
C:\Users\Nikki\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Nikki\AppData\Local\Temp\ose00000.exe
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 18 September 2014 - 06:47 PM

Hello

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 21 September 2014 - 04:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users