Jump to content

taffy1947

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I have an infected laptop, have run the frst.exe and below is the frst data, from what I gather from the forums you have a fix for this, your help much appreciated. Roger Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-01-2014 02 Ran by SYSTEM on MININT-3P5NGJ1 on 14-01-2014 13:44:02 Running from H:\ Windows 7 Home Premium (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.) HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] () HKLM\...\Run: [sSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-04-26] (PC Tools) HKLM\...\Run: [RMAlert] - C:\Program Files\PC Tools Registry Mechanic\Alert.exe [1318872 2012-04-26] (PC Tools) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM\...\Run: [AS2014] - C:\ProgramData\XrVUXn37\XrVUXn37.exe [577536 2013-11-26] () HKLM\...\Winlogon: [userinit] C:\windows\system32\userinit.exe,,C:\ProgramData\XrVUXn37\XrVUXn37.exe -sm, HKU\Anika\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation) HKU\Anika\...\Run: [My Security Wall] - "C:\ProgramData\55dee\MS2c8.exe" /s /d HKU\Anika\...\Run: [Google Update] - C:\Users\Anika\AppData\Local\Google\Update\GoogleUpdate.exe [ 2010-10-14] (Google Inc.) HKU\Anika\...\Run: [ooVoo.exe] - C:\Program Files\ooVoo\oovoo.exe [ 2013-08-04] (ooVoo LLC) HKU\Anika\...\Run: [Facebook Update] - C:\Users\Anika\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.) HKU\Anika\...\Run: [spotify Web Helper] - C:\Users\Anika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2012-05-13] () HKU\Anika\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-09-16] (Google Inc.) HKU\Anika\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-21] (Skype Technologies S.A.) HKU\Anika\...\Run: [backgroundContainer] - C:\Users\Anika\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [ 2013-10-14] (Conduit Ltd.) <===== ATTENTION HKU\Anika\...\Run: [AS2014] - C:\ProgramData\XrVUXn37\XrVUXn37.exe [ 2013-11-26] () HKU\Anika\...\Run: [lbcijtpr] - C:\Users\Anika\AppData\Local\trprrcpw.exe [ 2013-11-18] () HKU\Anika\...\Run: [klisPING] - C:\Users\Anika\AppData\Local\Temp\fltMntui.dll [ 2013-11-18] () <===== ATTENTION HKU\Anika\...\Winlogon: [shell] Explorer.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs: [ ] () Startup: C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk ShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com) ========================== Services (Whitelisted) ================= S2 BackupStack; C:\Program Files\JustCloud\BackupStack.exe [38440 2013-08-29] (Just Develop It) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) S2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] () S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-04-26] (PC Tools) S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx86.sys [1000024 2013-04-12] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-03-20] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-03-20] (Symantec Corporation) S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130418.001\IDSvix86.sys [386720 2013-03-19] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130419.003\NAVENG.SYS [93296 2013-03-20] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130419.003\NAVEX15.SYS [1603824 2013-03-20] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-09-14] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation) S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [x] S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-14 12:49 - 2014-01-14 12:49 - 00000000 ____D C:\FRST 2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 __RSH C:\MSDOS.SYS 2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 __RSH C:\IO.SYS ==================== One Month Modified Files and Folders ======= 2014-01-14 12:49 - 2014-01-14 12:49 - 00000000 ____D C:\FRST 2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 __RSH C:\MSDOS.SYS 2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 __RSH C:\IO.SYS 2014-01-14 05:30 - 2009-07-26 12:06 - 00779572 _____ C:\Windows\System32\PerfStringBackup.INI 2014-01-14 05:26 - 2013-11-26 08:33 - 00000036 _____ C:\Windows\System32\.txt 2014-01-14 05:26 - 2012-02-09 11:34 - 00000000 ____D C:\Users\Anika\AppData\Local\CrashDumps 2014-01-14 05:26 - 2009-07-13 20:34 - 00015056 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-14 05:26 - 2009-07-13 20:34 - 00015056 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-14 05:24 - 2013-11-26 08:32 - 00001666 _____ C:\Users\Anika\Desktop\Antivirus Security Pro.lnk 2014-01-14 05:24 - 2013-11-26 07:37 - 00000118 _____ C:\Users\Anika\Desktop\Antivirus Security Pro support.url 2014-01-14 05:24 - 2012-07-12 04:09 - 00000000 ____D C:\Program Files\PC Tools Registry Mechanic 2014-01-14 05:18 - 2009-07-13 20:39 - 00235664 _____ C:\Windows\setupact.log Files to move or delete: ==================== C:\Users\Anika\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll C:\Users\Anika\AppData\Local\Temp\fltMntui.dll Some content of TEMP: ==================== C:\Users\Anika\AppData\Local\Temp\fltMntui.dll C:\Users\Anika\AppData\Local\Temp\SkypeSetup.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3004.61 MB Available physical RAM: 2527.32 MB Total Pagefile: 3000.83 MB Available Pagefile: 2539.4 MB Total Virtual: 2047.88 MB Available Virtual: 1937.91 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.05 GB) (Free:7.78 GB) NTFS Drive e: () (Fixed) (Total:143.74 GB) (Free:138.75 GB) NTFS Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.01 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive g: (GRMCHPFREO_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF Drive h: (USB DISK) (Removable) (Total:3.92 GB) (Free:0.72 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: 07A54FFB) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=74 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 6F20736B) No partition Table on disk 1. Disk 1 is a removable device. LastRegBack: 2013-11-10 12:45 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.