Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ICE Virus Removal
Message
<blockquote data-quote="JSSANDERS11" data-source="post: 132999" data-attributes="member: 11821"><p>I have the ICE Virus. I cannot boot up even in any type of safe mode. I am attaching the FRST64 log below.</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02</p><p>Ran by SYSTEM on 21-08-2013 21:17:42</p><p>Running from F:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet002</p><p><strong>ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)</p><p>HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-05-30] ()</p><p>HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)</p><p>HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [] - [x]</p><p>HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)</p><p>HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()</p><p>HKLM-x32\...\Run: [eMagineTray] - C:\eMagine\eMagineTray.exe [421888 2003-05-29] (Patterson Dental Supply, Inc.)</p><p>HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-05-30] ()</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)</p><p>HKLM-x32\...\Run: [ICF] - C:\Program Files (x86)\Internet Content Filter\mfp.exe [3296424 2012-10-13] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)</p><p>HKU\Boyd\...\Run: [Google Update] - [x]</p><p>HKU\Boyd\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe [51712 2013-08-21] (Valve Corporation) <===== ATTENTION</p><p>HKU\Boyd\...\RunOnce: [JavaInstallRetry] - C:\Users\Boyd\AppData\LocalLow\Sun\Java\JRERunOnce.exe [903080 2013-06-21] (Oracle Corporation)</p><p>HKU\Boyd\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION </p><p>HKU\Boyd\...\Command Processor: "C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe" <===== ATTENTION!</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)</p><p>S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)</p><p>S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)</p><p>S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)</p><p>S2 mfeicfcore; C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2760360 2012-10-13] (McAfee, Inc.)</p><p>S2 mfeicfupdate; C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2259768 2012-10-13] (McAfee, Inc.)</p><p>S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)</p><p>S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)</p><p>S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)</p><p>S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)</p><p>S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)</p><p>S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)</p><p>S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)</p><p>S3 mfeapfk01; No ImagePath</p><p>S3 mfeavfk01; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-08-21 19:33 - 2013-08-21 19:33 - 01097700 _____ C:\Users\Boyd\AppData\Roaming\2433f433</p><p>2013-08-21 19:33 - 2013-08-21 19:33 - 01097693 _____ C:\Users\Boyd\AppData\Local\2433f433</p><p>2013-08-21 19:33 - 2013-08-21 19:33 - 01097692 _____ C:\ProgramData\2433f433</p><p>2013-08-21 12:51 - 2013-08-21 12:51 - 00000000 ____D C:\Users\Boyd\AppData\Local\Google</p><p>2013-08-15 02:07 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-08-15 02:07 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-08-15 02:07 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-08-15 02:07 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2013-08-15 02:07 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-08-15 02:07 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe</p><p>2013-08-15 02:07 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</p><p>2013-08-15 02:01 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\System32\MRT</p><p>2013-08-14 19:03 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL</p><p>2013-08-14 19:03 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL</p><p>2013-08-14 19:03 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll</p><p>2013-08-14 19:03 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</p><p>2013-08-14 19:03 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</p><p>2013-08-14 19:03 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll</p><p>2013-08-14 19:03 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll</p><p>2013-08-14 19:03 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll</p><p>2013-08-14 19:03 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll</p><p>2013-08-14 19:03 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll</p><p>2013-08-14 19:03 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll</p><p>2013-08-14 19:03 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll</p><p>2013-08-14 19:03 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2013-08-14 19:03 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2013-08-14 19:03 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll</p><p>2013-08-14 19:03 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll</p><p>2013-08-14 19:03 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll</p><p>2013-08-14 19:03 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</p><p>2013-08-14 19:03 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll</p><p>2013-08-14 19:03 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll</p><p>2013-08-14 19:03 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll</p><p>2013-08-14 19:03 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</p><p>2013-08-14 19:03 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</p><p>2013-08-14 19:03 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</p><p>2013-08-14 19:03 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</p><p>2013-08-14 19:03 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</p><p>2013-08-14 19:03 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys</p><p>2013-08-04 13:44 - 2013-08-04 13:44 - 00010615 _____ C:\Users\Boyd\Documents\homeexpense.xlsx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-08-21 21:17 - 2013-08-21 21:17 - 00000000 ____D C:\FRST</p><p>2013-08-21 20:02 - 2011-07-11 15:33 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks</p><p>2013-08-21 20:02 - 2011-07-11 15:33 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks</p><p>2013-08-21 20:02 - 2011-07-11 15:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup</p><p>2013-08-21 20:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2013-08-21 20:01 - 2009-07-13 23:51 - 00064649 _____ C:\Windows\setupact.log</p><p>2013-08-21 20:00 - 2011-07-11 15:09 - 01903872 _____ C:\Windows\WindowsUpdate.log</p><p>2013-08-21 20:00 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-08-21 20:00 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-08-21 19:59 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\System32\PerfStringBackup.INI</p><p>2013-08-21 19:33 - 2013-08-21 19:33 - 01097700 _____ C:\Users\Boyd\AppData\Roaming\2433f433</p><p>2013-08-21 19:33 - 2013-08-21 19:33 - 01097693 _____ C:\Users\Boyd\AppData\Local\2433f433</p><p>2013-08-21 19:33 - 2013-08-21 19:33 - 01097692 _____ C:\ProgramData\2433f433</p><p>2013-08-21 18:56 - 2012-07-20 18:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-08-21 12:51 - 2013-08-21 12:51 - 00000000 ____D C:\Users\Boyd\AppData\Local\Google</p><p>2013-08-20 20:37 - 2011-08-23 17:27 - 00000000 ____D C:\eMagine</p><p>2013-08-20 20:37 - 2011-07-30 12:12 - 00000468 _____ C:\Windows\BRWMARK.INI</p><p>2013-08-20 19:59 - 2013-07-02 20:31 - 00086016 _____ C:\Users\Boyd\Documents\3rd qtr payroll 2013.xls</p><p>2013-08-20 19:55 - 2013-01-10 19:22 - 00001790 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk</p><p>2013-08-20 19:55 - 2013-01-10 19:22 - 00001790 _____ C:\ProgramData\Desktop\McAfee AntiVirus Plus.lnk</p><p>2013-08-20 19:50 - 2012-07-20 18:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2013-08-20 19:50 - 2012-05-09 20:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-08-20 19:50 - 2012-02-24 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-08-19 19:07 - 2011-07-31 14:13 - 00000000 ____D C:\Users\Boyd\Documents\Outlook Files</p><p>2013-08-15 19:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache</p><p>2013-08-15 02:26 - 2013-01-10 14:58 - 00000000 ____D C:\Program Files (x86)\McAfee</p><p>2013-08-15 02:03 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\System32\MRT</p><p>2013-08-15 02:01 - 2011-07-30 21:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-08-04 13:44 - 2013-08-04 13:44 - 00010615 _____ C:\Users\Boyd\Documents\homeexpense.xlsx</p><p>2013-07-28 14:31 - 2013-01-10 14:58 - 00000000 ____D C:\Program Files\McAfee</p><p>2013-07-28 14:31 - 2011-07-11 15:24 - 00000000 ____D C:\ProgramData\McAfee</p><p>2013-07-28 14:16 - 2010-11-20 22:47 - 00075604 _____ C:\Windows\PFRO.log</p><p>2013-07-26 00:13 - 2013-08-15 02:07 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-07-26 00:13 - 2013-08-15 02:07 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-07-26 00:13 - 2013-08-15 02:07 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-07-26 00:12 - 2013-08-15 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll</p><p>2013-07-25 22:35 - 2013-08-15 02:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-07-25 22:13 - 2013-08-15 02:07 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-07-25 22:13 - 2013-08-15 02:07 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2013-07-25 22:12 - 2013-08-15 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-07-25 22:11 - 2013-08-15 02:07 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-07-25 22:11 - 2013-08-15 02:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2013-07-25 21:49 - 2013-08-15 02:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-07-25 21:39 - 2013-08-15 02:07 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe</p><p>2013-07-25 20:59 - 2013-08-15 02:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</p><p>2013-07-25 04:25 - 2013-08-14 19:03 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL</p><p>2013-07-25 03:57 - 2013-08-14 19:03 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe</p><p>ZeroAccess:</p><p>C:\Users\Boyd\AppData\Local\Google\Desktop\Install\{db74d1a3-fea3-fb4e-5f6b-9e0e827c084e}</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-07-18 20:03:34</p><p>Restore point made on: 2013-07-26 08:52:58</p><p>Restore point made on: 2013-08-03 12:39:01</p><p>Restore point made on: 2013-08-10 14:14:38</p><p>Restore point made on: 2013-08-15 02:00:58</p><p>Restore point made on: 2013-08-21 18:52:44</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 15%</p><p>Total physical RAM: 4060.98 MB</p><p>Available physical RAM: 3448.75 MB</p><p>Total Pagefile: 4059.18 MB</p><p>Available Pagefile: 3451.25 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.85 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:855.91 GB) NTFS</p><p>Drive f: () (Removable) (Total:3.73 GB) (Free:3.04 GB) FAT32</p><p>Drive i: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 27503792)</p><p>Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 4 GB) (Disk ID: 00000000)</p><p>Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)</p><p></p><p></p><p>LastRegBack: 2013-08-13 14:25</p></blockquote><p></p>
[QUOTE="JSSANDERS11, post: 132999, member: 11821"] I have the ICE Virus. I cannot boot up even in any type of safe mode. I am attaching the FRST64 log below. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02 Ran by SYSTEM on 21-08-2013 21:17:42 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor) HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-05-30] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [eMagineTray] - C:\eMagine\eMagineTray.exe [421888 2003-05-29] (Patterson Dental Supply, Inc.) HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-05-30] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [ICF] - C:\Program Files (x86)\Internet Content Filter\mfp.exe [3296424 2012-10-13] (McAfee, Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKU\Boyd\...\Run: [Google Update] - [x] HKU\Boyd\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe [51712 2013-08-21] (Valve Corporation) <===== ATTENTION HKU\Boyd\...\RunOnce: [JavaInstallRetry] - C:\Users\Boyd\AppData\LocalLow\Sun\Java\JRERunOnce.exe [903080 2013-06-21] (Oracle Corporation) HKU\Boyd\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Boyd\...\Command Processor: "C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe" <===== ATTENTION! ==================== Services (Whitelisted) ================= S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) S2 mfeicfcore; C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2760360 2012-10-13] (McAfee, Inc.) S2 mfeicfupdate; C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2259768 2012-10-13] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S3 mfeapfk01; No ImagePath S3 mfeavfk01; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-21 19:33 - 2013-08-21 19:33 - 01097700 _____ C:\Users\Boyd\AppData\Roaming\2433f433 2013-08-21 19:33 - 2013-08-21 19:33 - 01097693 _____ C:\Users\Boyd\AppData\Local\2433f433 2013-08-21 19:33 - 2013-08-21 19:33 - 01097692 _____ C:\ProgramData\2433f433 2013-08-21 12:51 - 2013-08-21 12:51 - 00000000 ____D C:\Users\Boyd\AppData\Local\Google 2013-08-15 02:07 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-15 02:07 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-15 02:07 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-15 02:07 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-15 02:07 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-15 02:07 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-15 02:07 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 02:07 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 02:07 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 02:07 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 02:07 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 02:07 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 02:07 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-15 02:07 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 02:01 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\System32\MRT 2013-08-14 19:03 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-14 19:03 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 19:03 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-14 19:03 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 19:03 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-14 19:03 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-14 19:03 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-14 19:03 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-14 19:03 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-14 19:03 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-14 19:03 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-14 19:03 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-14 19:03 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 19:03 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 19:03 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 19:03 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 19:03 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 19:03 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 19:03 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 19:03 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 19:03 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 19:03 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 19:03 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 19:03 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 19:03 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 19:03 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-14 19:03 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-04 13:44 - 2013-08-04 13:44 - 00010615 _____ C:\Users\Boyd\Documents\homeexpense.xlsx ==================== One Month Modified Files and Folders ======= 2013-08-21 21:17 - 2013-08-21 21:17 - 00000000 ____D C:\FRST 2013-08-21 20:02 - 2011-07-11 15:33 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-08-21 20:02 - 2011-07-11 15:33 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-08-21 20:02 - 2011-07-11 15:15 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-08-21 20:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-21 20:01 - 2009-07-13 23:51 - 00064649 _____ C:\Windows\setupact.log 2013-08-21 20:00 - 2011-07-11 15:09 - 01903872 _____ C:\Windows\WindowsUpdate.log 2013-08-21 20:00 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-21 20:00 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-21 19:59 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-21 19:33 - 2013-08-21 19:33 - 01097700 _____ C:\Users\Boyd\AppData\Roaming\2433f433 2013-08-21 19:33 - 2013-08-21 19:33 - 01097693 _____ C:\Users\Boyd\AppData\Local\2433f433 2013-08-21 19:33 - 2013-08-21 19:33 - 01097692 _____ C:\ProgramData\2433f433 2013-08-21 18:56 - 2012-07-20 18:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-21 12:51 - 2013-08-21 12:51 - 00000000 ____D C:\Users\Boyd\AppData\Local\Google 2013-08-20 20:37 - 2011-08-23 17:27 - 00000000 ____D C:\eMagine 2013-08-20 20:37 - 2011-07-30 12:12 - 00000468 _____ C:\Windows\BRWMARK.INI 2013-08-20 19:59 - 2013-07-02 20:31 - 00086016 _____ C:\Users\Boyd\Documents\3rd qtr payroll 2013.xls 2013-08-20 19:55 - 2013-01-10 19:22 - 00001790 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk 2013-08-20 19:55 - 2013-01-10 19:22 - 00001790 _____ C:\ProgramData\Desktop\McAfee AntiVirus Plus.lnk 2013-08-20 19:50 - 2012-07-20 18:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 19:50 - 2012-05-09 20:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-20 19:50 - 2012-02-24 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-19 19:07 - 2011-07-31 14:13 - 00000000 ____D C:\Users\Boyd\Documents\Outlook Files 2013-08-15 19:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 02:26 - 2013-01-10 14:58 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-08-15 02:03 - 2013-08-15 02:01 - 00000000 ____D C:\Windows\System32\MRT 2013-08-15 02:01 - 2011-07-30 21:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-04 13:44 - 2013-08-04 13:44 - 00010615 _____ C:\Users\Boyd\Documents\homeexpense.xlsx 2013-07-28 14:31 - 2013-01-10 14:58 - 00000000 ____D C:\Program Files\McAfee 2013-07-28 14:31 - 2011-07-11 15:24 - 00000000 ____D C:\ProgramData\McAfee 2013-07-28 14:16 - 2010-11-20 22:47 - 00075604 _____ C:\Windows\PFRO.log 2013-07-26 00:13 - 2013-08-15 02:07 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-26 00:13 - 2013-08-15 02:07 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-26 00:13 - 2013-08-15 02:07 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-26 00:12 - 2013-08-15 02:07 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-26 00:12 - 2013-08-15 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-25 22:35 - 2013-08-15 02:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-25 22:13 - 2013-08-15 02:07 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-25 22:13 - 2013-08-15 02:07 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-25 22:12 - 2013-08-15 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-25 22:11 - 2013-08-15 02:07 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-25 22:11 - 2013-08-15 02:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-25 21:49 - 2013-08-15 02:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-25 21:39 - 2013-08-15 02:07 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-25 20:59 - 2013-08-15 02:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-25 04:25 - 2013-08-14 19:03 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-25 03:57 - 2013-08-14 19:03 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL Files to move or delete: ==================== C:\Users\Boyd\AppData\Local\Temp\uqbqtspsgbksqojhc.exe ZeroAccess: C:\Users\Boyd\AppData\Local\Google\Desktop\Install\{db74d1a3-fea3-fb4e-5f6b-9e0e827c084e} ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-18 20:03:34 Restore point made on: 2013-07-26 08:52:58 Restore point made on: 2013-08-03 12:39:01 Restore point made on: 2013-08-10 14:14:38 Restore point made on: 2013-08-15 02:00:58 Restore point made on: 2013-08-21 18:52:44 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4060.98 MB Available physical RAM: 3448.75 MB Total Pagefile: 4059.18 MB Available Pagefile: 3451.25 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:855.91 GB) NTFS Drive f: () (Removable) (Total:3.73 GB) (Free:3.04 GB) FAT32 Drive i: (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.78 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 27503792) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-08-13 14:25 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
