Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Stubborn Interpol Virus; Can't Get Into Safe Mode; Rescue Dis

Started by WWEFreak666 , Oct 08 2013 01:14 PM

  • This topic is locked This topic is locked

#1
WWEFreak666
Posted 08 October 2013 - 01:14 PM

WWEFreak666

    New Member

  • Member
  • Pip
  • 1 posts
Okay, in my over 10 years of dealing with computers (fixing and cleaning) I've never had such a stubborn virus. These viruses are getting more and more sophisticated and I think I may very well have the most latest version of this laptop I have in front of me.

I unfortunately cannot get any details regarding the computer other than the fact that it is a Dell Inspiron, as I can't access the desktop. I was given two laptops, both Dell Inspiron's, both identical actually. Both had a virus, except one of them had a blank screen after logging into Windows and I was able to enter Safe mode and really had no major issues. I cleaned that computer with little hesitation. I can't get into safe mode at all (networking, command prompt, and regular) on this highly infected laptop.

Anyways, I can get into the file system using Kaspersky rescue disk, but I've tried numerous websites that state where the virus is located and I cannot find any of the stuff in the registry AND in the Windows folder.

I would REALLY like to clean the computer of the virus without loosing anything, as I am doing this for someone and do not have any way to contact them to ask them if they have any issue with loosing stuff.

I've tried the following:
Anvi Rescue Disk (Scanned, found trojans, no luck. Virus is still active)
Kaspersky Rescue Disk (Scanned, found over 50 trojans, no luck. Virus is still active)
Hitman Pro (Created bootable disk, tried all three options with no luck. Virus is still active)
Safe Mode With Command Prompt (No luck, Windows immediately "shutting down" upon logon)
Safe Mode With Networking (Same as above)
Safe Mode (Same as CP)

I'm seriously lost.

If anybody could help me find a serious solution, I'd be VERY thankful!

I scanned using Farbar Recovery Scan using the Command Prompt on a Windows 7 installation disk.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-MU95FEF on 08-10-2013 16:24:11
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-09-14] (McAfee, Inc.)
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] - C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe [42536 2012-04-24] (MindSpark)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] - C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe
HKU\Gisele\...\Run: [Google Update] - [x]
HKU\Gisele\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\Public\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 IE10Update; C:\Users\Gisele\AppData\Local\Temp\~tmf8229824162418640657.dll [49484 2013-10-02] ()
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2011-12-27] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-09-14] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [158832 2011-12-27] (McAfee, Inc.)
S2 TelevisionFanaticService; C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [x]

==================== Drivers (Whitelisted) ====================

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2011-12-27] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-12-27] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642952 2011-12-27] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-12-27] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-12-27] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 16:24 - 2013-10-08 16:24 - 00000000 ____D C:\FRST
2013-10-07 17:43 - 2013-10-07 17:43 - 65273856 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 19136512 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 01048576 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-10-07 17:07 - 2013-10-07 17:07 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-10-02 08:50 - 2013-10-02 08:50 - 00000000 ___HD C:\Windows\AxInstSV
2013-09-28 06:34 - 2013-09-28 06:34 - 00001308 _____ C:\Users\Gisele\Desktop\Gisele Savoie Letter 3 - Shortcut.lnk
2013-09-27 06:14 - 2013-09-27 06:38 - 00000000 ____D C:\Users\Gisele\Desktop\Resume
2013-09-27 05:50 - 2013-09-27 05:50 - 00001556 _____ C:\Users\Gisele\Desktop\Gisele Savoie Letter 2.txt
2013-09-27 05:45 - 2013-09-27 05:45 - 00000000 ____D C:\Users\Gisele\acadian const
2013-09-25 17:42 - 2013-09-25 17:42 - 00000000 ____D C:\Users\Gisele\AppData\Local\{749B8EA0-49FD-4BBA-9CCA-7F220695CAE4}
2013-09-24 06:28 - 2013-09-24 06:28 - 00032920 _____ C:\Users\Gisele\Downloads\Resume.zip
2013-09-21 16:46 - 2013-09-21 16:46 - 00000193 _____ C:\Users\Gisele\Desktop\Outlook - [email protected]
2013-09-21 07:06 - 2013-09-24 02:20 - 00000000 ____D C:\Users\Gisele\AppData\Roaming\Google
2013-09-20 11:30 - 2013-09-20 11:30 - 00004608 _____ C:\Users\Gisele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-20 11:26 - 2013-09-20 11:26 - 00000000 ____D C:\Users\Gisele\AppData\Local\{95A4F872-E3E7-43A1-9358-7EA1C5636C1A}
2013-09-18 06:38 - 2013-09-18 06:38 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-09-18 06:38 - 2013-09-18 06:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-09-12 03:18 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-12 03:18 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-12 03:18 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-12 03:18 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-12 03:18 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-12 03:18 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-12 03:18 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-12 03:18 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 03:18 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 03:18 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 03:18 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-12 03:18 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 03:18 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-12 03:18 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 11:49 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 11:49 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-11 11:49 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-11 11:49 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-11 11:49 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-11 11:49 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-11 11:49 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-11 11:49 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 11:49 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-11 11:49 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 11:49 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 11:49 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 11:49 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 11:49 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 11:49 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 11:49 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 11:49 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-11 11:49 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 11:49 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 11:49 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 11:49 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 11:49 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 11:49 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 11:48 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 11:48 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-11 11:48 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 11:48 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 16:08 - 2013-09-16 11:20 - 00000000 ____D C:\Users\Gisele\Desktop\daniel

==================== One Month Modified Files and Folders =======

2013-10-08 16:24 - 2013-10-08 16:24 - 00000000 ____D C:\FRST
2013-10-08 10:34 - 2011-11-23 21:12 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-10-08 10:34 - 2011-11-23 21:12 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-10-08 10:34 - 2011-11-23 21:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-10-08 10:33 - 2013-04-12 15:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 10:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 10:33 - 2009-07-13 20:51 - 00055780 _____ C:\Windows\setupact.log
2013-10-08 05:41 - 2011-11-23 20:02 - 01353550 _____ C:\Windows\WindowsUpdate.log
2013-10-08 05:38 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 05:38 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 05:25 - 2011-11-23 20:46 - 00000000 ____D C:\ProgramData\Sonic
2013-10-07 18:03 - 2013-04-12 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-07 17:43 - 2013-10-07 17:43 - 65273856 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 19136512 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 01048576 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-10-07 17:43 - 2013-10-07 17:43 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-10-07 17:43 - 2011-11-30 14:36 - 00000000 ____D C:\users\Gisele
2013-10-07 17:12 - 2013-04-12 15:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 17:07 - 2013-10-07 17:07 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-10-07 15:50 - 2010-11-20 19:47 - 00015604 _____ C:\Windows\PFRO.log
2013-10-07 15:49 - 2013-05-22 01:46 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-10-02 11:19 - 2012-04-11 13:31 - 00000000 ____D C:\QUARANTINE
2013-10-02 08:50 - 2013-10-02 08:50 - 00000000 ___HD C:\Windows\AxInstSV
2013-10-02 08:48 - 2013-04-12 15:52 - 00000000 ____D C:\Users\Gisele\AppData\Local\Google
2013-10-02 03:37 - 2011-11-23 21:55 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-02 03:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-10-02 03:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-02 03:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-28 06:34 - 2013-09-28 06:34 - 00001308 _____ C:\Users\Gisele\Desktop\Gisele Savoie Letter 3 - Shortcut.lnk
2013-09-27 06:38 - 2013-09-27 06:14 - 00000000 ____D C:\Users\Gisele\Desktop\Resume
2013-09-27 05:50 - 2013-09-27 05:50 - 00001556 _____ C:\Users\Gisele\Desktop\Gisele Savoie Letter 2.txt
2013-09-27 05:45 - 2013-09-27 05:45 - 00000000 ____D C:\Users\Gisele\acadian const
2013-09-26 03:40 - 2012-04-08 05:59 - 00000000 ____D C:\Users\Gisele\AppData\Roaming\SoftGrid Client
2013-09-25 17:42 - 2013-09-25 17:42 - 00000000 ____D C:\Users\Gisele\AppData\Local\{749B8EA0-49FD-4BBA-9CCA-7F220695CAE4}
2013-09-24 06:28 - 2013-09-24 06:28 - 00032920 _____ C:\Users\Gisele\Downloads\Resume.zip
2013-09-24 02:20 - 2013-09-21 07:06 - 00000000 ____D C:\Users\Gisele\AppData\Roaming\Google
2013-09-21 16:46 - 2013-09-21 16:46 - 00000193 _____ C:\Users\Gisele\Desktop\Outlook - [email protected]
2013-09-20 11:30 - 2013-09-20 11:30 - 00004608 _____ C:\Users\Gisele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-20 11:27 - 2012-09-26 14:07 - 00000000 ____D C:\ProgramData\Creative
2013-09-20 11:26 - 2013-09-20 11:26 - 00000000 ____D C:\Users\Gisele\AppData\Local\{95A4F872-E3E7-43A1-9358-7EA1C5636C1A}
2013-09-20 02:20 - 2013-04-12 15:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 02:20 - 2013-04-12 15:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 02:20 - 2011-11-23 20:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 13:39 - 2013-04-12 15:52 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-18 06:38 - 2013-09-18 06:38 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-09-18 06:38 - 2013-09-18 06:38 - 00000000 ____D C:\Program Files\Dell Support Center
2013-09-18 06:38 - 2013-05-22 01:46 - 00000000 ____D C:\Program Files\My Dell
2013-09-18 06:37 - 2011-12-13 14:10 - 00000000 ____D C:\ProgramData\PCDr
2013-09-16 11:20 - 2013-09-10 16:08 - 00000000 ____D C:\Users\Gisele\Desktop\daniel
2013-09-12 09:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 03:25 - 2009-07-13 20:45 - 00322280 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 03:18 - 2012-04-08 05:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 03:18 - 2011-11-23 20:18 - 00788116 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 03:15 - 2013-08-02 22:00 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 03:15 - 2011-12-27 17:55 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-10 10:59 - 2013-06-22 19:33 - 00014848 _____ C:\Users\Gisele\Desktop\Gisele Hrs at La Sagouine.xlsx

Files to move or delete:
====================
ZeroAccess:
C:\Users\Gisele\AppData\Local\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Gisele\AppData\Local\Temp\api-ms-win-downlevel-shell32-l1-1-0.dll
C:\Users\Gisele\AppData\Local\Temp\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Users\Gisele\AppData\Local\Temp\aulauncher.exe
C:\Users\Gisele\AppData\Local\Temp\IEFRAME.dll
C:\Users\Gisele\AppData\Local\Temp\iexplore.exe
C:\Users\Gisele\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Gisele\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Gisele\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gisele\AppData\Local\Temp\TB_CF7D.exe
C:\Users\Gisele\AppData\Local\Temp\zxd0tu6l.dll
C:\Users\Gisele\AppData\Local\Temp\~tmf8229824162418640657.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

9
Restore point made on: 2013-09-11 19:23:14
Restore point made on: 2013-09-17 03:36:30
Restore point made on: 2013-09-17 17:41:33
Restore point made on: 2013-09-24 08:43:35
Restore point made on: 2013-10-01 02:14:01
Restore point made on: 2013-10-02 03:34:45
Restore point made on: 2013-10-02 03:43:52
Restore point made on: 2013-10-02 10:58:39
Restore point made on: 2013-10-07 17:03:12

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3894.68 MB
Available physical RAM: 3240.88 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3257.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:402.08 GB) NTFS
Drive e: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive g: (HITMANPRO) (Removable) (Total:14.5 GB) (Free:14.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Recovery) (Fixed) (Total:14.65 GB) (Free:6.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 85D164A4)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: EF310D51)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-10-01 06:18

==================== End Of Log ============================

Edited by WWEFreak666, 08 October 2013 - 01:16 PM.

  • 0

Advertisements

#2
admin
Posted 08 October 2013 - 03:28 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
This is a duplicate topic that has also been posted at another site: http://www.bleepingc...sks-do-nothing/

Please respect the time of our volunteers, and don't post for help at multiple sites. Since that topic was posted first, I am closing this one.

P.S. Had you not posted at two sites you would have had a reply an hour ago.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP