rockstar_realtor

Members

View Profile See their activity

Posts
3
Joined
June 18, 2013
Last visited
June 19, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by rockstar_realtor

Logs for MrC (FBI virus)

rockstar_realtor replied to rockstar_realtor's topic in Resolved Malware Removal Logs

yes
- June 19, 2013
- 6 replies
Logs for MrC (FBI virus)

rockstar_realtor replied to rockstar_realtor's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-06-2013 Ran by SYSTEM at 2013-06-18 22:06:24 Run:1 Running from E:\ Boot Mode: Recovery ============================================== HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. HKU\User\Software\Microsoft\Windows\CurrentVersion\Run\\MFAData => Value deleted successfully. HKU\User\Software\Microsoft\Windows\CurrentVersion\Run\\Hewlett-Packard => Value deleted successfully. HKU\User\Software\Microsoft\Windows\CurrentVersion\Run\\wabEventSupport16 => Value deleted successfully. HKU\User\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully. C:\Users\User\AppData\Local\Hewlett-Packard\gncrbeid.dll => Moved successfully. C:\Users\User\AppData\Roaming\wabEventSupport16\wabEventSupport16.dll => Moved successfully. C:\Users\User\AppData\Local\VirtualStore\MFAData\hkmk.dll => Moved successfully. C:\Users\User\AppData\Roaming\ildefender.exe => Moved successfully. C:\Users\User\Desktop\Internet Security PRO.lnk => Moved successfully. C:\Users\User\mstsc315593.exe => Moved successfully. C:\$Recycle.Bin\S-1-5-21-3090479118-3698766337-2013796773-1000\$b22b05834748ebf764a121f70e4d6814 => Moved successfully. C:\$Recycle.Bin\S-1-5-18\$b22b05834748ebf764a121f70e4d6814 => Moved successfully. C:\Users\User\acrobat.exe => Moved successfully. C:\Users\User\acrobat805475.exe => Moved successfully. C:\Users\User\acrobatreader.exe => Moved successfully. C:\Users\User\acrobatreader551729.exe => Moved successfully. C:\Users\User\chrome.exe => Moved successfully. C:\Users\User\chrome512102.exe => Moved successfully. C:\Users\User\csrss.exe => Moved successfully. C:\Users\User\firefox684667.exe => Moved successfully. C:\Users\User\flashplayer.exe => Moved successfully. C:\Users\User\googleupdate.exe => Moved successfully. C:\Users\User\icq423812.exe => Moved successfully. C:\Users\User\icq846511.exe => Moved successfully. C:\Users\User\java791258.exe => Moved successfully. C:\Users\User\jucheck.exe => Moved successfully. C:\Users\User\jucheck621150.exe => Moved successfully. C:\Users\User\msconfig.exe => Moved successfully. C:\Users\User\msconfig761671.exe => Moved successfully. C:\Users\User\mstsc.exe => Moved successfully. C:\Users\User\mstsc315593.exe => File/Directory not found. C:\Users\User\notepad.exe => Moved successfully. C:\Users\User\notepad111032.exe => Moved successfully. C:\Users\User\notepad714774.exe => Moved successfully. C:\Users\User\opera.exe => Moved successfully. C:\Users\User\opera941704.exe => Moved successfully. C:\Users\User\rundll32.exe => Moved successfully. C:\Users\User\rundll32568748.exe => Moved successfully. C:\Users\User\spoolsv241388.exe => Moved successfully. C:\Users\User\spoolsv992999.exe => Moved successfully. C:\Users\User\teamviewer828070.exe => Moved successfully. C:\Users\User\vlcplayer.exe => Moved successfully. C:\Users\User\windowsupdate.exe => Moved successfully. C:\Users\User\windowsupdate200067.exe => Moved successfully. C:\Users\User\windowsupdate562231.exe => Moved successfully. C:\Windows\Tasks\{D958ED80-CD81-49CA-BB1F-20BE0673E02A}.job => Moved successfully. ==== End of Fixlog ==== Fixlog.txt
- June 19, 2013
- 6 replies
Logs for MrC (FBI virus)

rockstar_realtor posted a topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-06-2013 Ran by SYSTEM on 18-06-2013 18:54:01 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b22b05834748ebf764a121f70e4d6814\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG) HKU\User\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-30] (Google Inc.) HKU\User\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google) HKU\User\...\Run: [MFAData] rundll32 "C:\Users\User\AppData\Local\VirtualStore\MFAData\hkmk.dll",DllRegisterServer [310784 2013-06-08] (Eugene Roshal & Far Group) <===== ATTENTION HKU\User\...\Run: [Hewlett-Packard] Rundll32.exe C:\Users\User\AppData\Local\Hewlett-Packard\gncrbeid.dll,rqmxyldzsidv [833024 2013-06-08] (Dassault Systèmes SolidWorks Corp.) <===== ATTENTION HKU\User\...\Run: [wabEventSupport16] rundll32.exe "C:\Users\User\AppData\Roaming\wabEventSupport16\wabEventSupport16.dll",AwPath KernelUtilLibs [30208 2013-06-16] () HKU\User\...\Run: [internet Security] C:\Users\User\AppData\Roaming\ildefender.exe [849408 2013-06-18] (FileZilla Project) Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk ShortcutTarget: DealFinder.lnk -> C:\Program Files (x86)\AA\DealFinder\DealFinder\DealFinder.exe (No File) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk ShortcutTarget: IMVU.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-14] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-14] (Avira Operations GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-14] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-14] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-14] (Avira Operations GmbH & Co. KG) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] () S2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-18 15:06 - 2013-06-18 15:06 - 00029651 ____A C:\Users\User\Downloads\FRST.txt 2013-06-18 15:05 - 2013-06-18 15:06 - 00013804 ____A C:\Users\User\Downloads\Addition.txt 2013-06-18 14:57 - 2013-06-18 14:57 - 00000000 ____D C:\FRST 2013-06-18 14:56 - 2013-06-18 14:57 - 01928350 ____A (Farbar) C:\Users\User\Downloads\FRST64.exe 2013-06-18 14:55 - 2013-06-18 14:55 - 01367073 ____A (Farbar) C:\Users\User\Downloads\FRST.exe 2013-06-18 12:48 - 2013-06-18 12:48 - 00849408 ____A (FileZilla Project) C:\Users\User\AppData\Roaming\ildefender.exe 2013-06-18 12:48 - 2013-06-18 12:48 - 00163328 ____A (Grand-Automatic Software Group) C:\Users\User\rundll32568748.exe 2013-06-18 12:48 - 2013-06-18 12:48 - 00066989 ____A C:\Users\User\notepad714774.exe 2013-06-18 12:48 - 2013-06-18 12:48 - 00000794 ____A C:\Users\User\Desktop\Internet Security PRO.lnk 2013-06-18 12:48 - 2013-06-18 12:48 - 00000000 ____A C:\Users\User\mstsc315593.exe 2013-06-16 17:50 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 17:50 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 17:50 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 17:50 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 17:50 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 17:50 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 17:50 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 17:50 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 17:50 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 17:50 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 17:50 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 17:50 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-16 17:50 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-16 17:50 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-16 17:50 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-16 17:50 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-16 17:50 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-16 17:50 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-16 17:50 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-16 17:50 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-16 17:50 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-16 17:50 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-16 17:50 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-16 17:50 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-16 17:50 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-16 17:50 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-16 17:50 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-16 17:50 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-16 17:50 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-16 17:50 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-16 17:50 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-16 17:37 - 2013-06-16 17:37 - 00000000 ____D C:\Users\User\AppData\Roaming\wabEventSupport16 2013-06-16 17:36 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-16 17:36 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-16 17:36 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-16 17:36 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-16 17:36 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-16 17:36 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-16 17:36 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-16 17:36 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-16 17:36 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-16 17:36 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-16 17:36 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-16 17:36 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-16 17:36 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-16 17:36 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-16 17:36 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-16 17:36 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-16 17:36 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-16 17:35 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-16 17:35 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-09 19:40 - 2013-06-09 19:40 - 00000000 ____A C:\Users\User\jucheck621150.exe 2013-06-09 19:40 - 2013-06-09 19:40 - 00000000 ____A C:\Users\User\chrome512102.exe 2013-06-09 19:38 - 2013-06-09 19:38 - 00000000 ____A C:\Users\User\msconfig761671.exe 2013-06-09 19:38 - 2013-06-09 19:38 - 00000000 ____A C:\Users\User\acrobat805475.exe 2013-06-09 19:28 - 2013-06-09 19:28 - 00000000 ____A C:\Users\User\icq846511.exe 2013-06-09 19:28 - 2013-06-09 19:28 - 00000000 ____A C:\Users\User\firefox684667.exe 2013-06-09 16:00 - 2013-06-09 16:00 - 00000000 ____A C:\Users\User\windowsupdate562231.exe 2013-06-09 16:00 - 2013-06-09 16:00 - 00000000 ____A C:\Users\User\opera941704.exe 2013-06-09 15:54 - 2013-06-09 15:54 - 00000000 ____A C:\Users\User\java791258.exe 2013-06-09 15:54 - 2013-06-09 15:54 - 00000000 ____A C:\Users\User\acrobatreader551729.exe 2013-06-09 15:52 - 2013-06-09 15:52 - 00000000 ____A C:\Users\User\teamviewer828070.exe 2013-06-09 15:52 - 2013-06-09 15:52 - 00000000 ____A C:\Users\User\spoolsv992999.exe 2013-06-09 15:41 - 2013-06-09 15:41 - 00000000 ____A C:\Users\User\spoolsv241388.exe 2013-06-09 15:41 - 2013-06-09 15:41 - 00000000 ____A C:\Users\User\icq423812.exe 2013-06-09 12:05 - 2013-06-09 12:05 - 00000000 ____A C:\Users\User\windowsupdate200067.exe 2013-06-09 12:05 - 2013-06-09 12:05 - 00000000 ____A C:\Users\User\notepad111032.exe 2013-06-09 11:56 - 2013-06-09 11:56 - 00000000 ____A C:\Users\User\flashplayer.exe 2013-06-09 11:56 - 2013-06-09 11:56 - 00000000 ____A C:\Users\User\acrobatreader.exe 2013-06-09 09:23 - 2013-06-09 09:23 - 00000000 ____A C:\Users\User\vlcplayer.exe 2013-06-09 09:23 - 2013-06-09 09:23 - 00000000 ____A C:\Users\User\mstsc.exe 2013-06-09 09:23 - 2013-06-09 09:23 - 00000000 ____A C:\Users\User\jucheck.exe 2013-06-09 09:17 - 2013-06-09 09:17 - 00000000 ____A C:\Users\User\windowsupdate.exe 2013-06-09 09:17 - 2013-06-09 09:17 - 00000000 ____A C:\Users\User\csrss.exe 2013-06-09 09:17 - 2013-06-09 09:17 - 00000000 ____A C:\Users\User\chrome.exe 2013-06-09 09:07 - 2013-06-09 09:07 - 00000000 ____A C:\Users\User\rundll32.exe 2013-06-09 09:07 - 2013-06-09 09:07 - 00000000 ____A C:\Users\User\googleupdate.exe 2013-06-09 09:07 - 2013-06-09 09:07 - 00000000 ____A C:\Users\User\acrobat.exe 2013-06-09 09:02 - 2013-06-18 14:00 - 00000318 ___AH C:\Windows\Tasks\{D958ED80-CD81-49CA-BB1F-20BE0673E02A}.job 2013-06-09 09:02 - 2013-06-18 12:29 - 00000000 ____D C:\Users\User\AppData\Local\8175cb13-2db1-44e7-88c1-1f125da86854ad 2013-06-09 09:02 - 2013-06-09 09:02 - 00000000 ____A C:\Users\User\opera.exe 2013-06-09 09:02 - 2013-06-09 09:02 - 00000000 ____A C:\Users\User\notepad.exe 2013-06-09 09:02 - 2013-06-09 09:02 - 00000000 ____A C:\Users\User\msconfig.exe 2013-06-08 07:45 - 2013-06-08 11:48 - 00000000 ____D C:\Users\User\AppData\Local\Hewlett-Packard 2013-06-05 06:23 - 2013-06-05 06:23 - 00028778 ____A C:\Users\User\Downloads\refwlesunclassified (1).zip 2013-06-05 06:21 - 2013-06-05 06:21 - 00028778 ____A C:\Users\User\Downloads\refwlesunclassified.zip ==================== One Month Modified Files and Folders ======= 2013-06-18 15:06 - 2013-06-18 15:06 - 00029651 ____A C:\Users\User\Downloads\FRST.txt 2013-06-18 15:06 - 2013-06-18 15:05 - 00013804 ____A C:\Users\User\Downloads\Addition.txt 2013-06-18 14:57 - 2013-06-18 14:57 - 00000000 ____D C:\FRST 2013-06-18 14:57 - 2013-06-18 14:56 - 01928350 ____A (Farbar) C:\Users\User\Downloads\FRST64.exe 2013-06-18 14:55 - 2013-06-18 14:55 - 01367073 ____A (Farbar) C:\Users\User\Downloads\FRST.exe 2013-06-18 14:53 - 2009-07-13 21:13 - 00742028 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-18 14:39 - 2009-07-13 20:51 - 00101817 ____A C:\Windows\setupact.log 2013-06-18 14:38 - 2012-01-27 13:45 - 01101651 ____A C:\Windows\WindowsUpdate.log 2013-06-18 14:37 - 2012-01-30 06:49 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-18 14:00 - 2013-06-09 09:02 - 00000318 ___AH C:\Windows\Tasks\{D958ED80-CD81-49CA-BB1F-20BE0673E02A}.job 2013-06-18 13:51 - 2013-03-19 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-18 12:48 - 2013-06-18 12:48 - 00849408 ____A (FileZilla Project) C:\Users\User\AppData\Roaming\ildefender.exe 2013-06-18 12:48 - 2013-06-18 12:48 - 00163328 ____A (Grand-Automatic Software Group) C:\Users\User\rundll32568748.exe 2013-06-18 12:48 - 2013-06-18 12:48 - 00066989 ____A C:\Users\User\notepad714774.exe 2013-06-18 12:48 - 2013-06-18 12:48 - 00000794 ____A C:\Users\User\Desktop\Internet Security PRO.lnk 2013-06-18 12:48 - 2013-06-18 12:48 - 00000000 ____A C:\Users\User\mstsc315593.exe 2013-06-18 12:33 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-18 12:33 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-18 12:29 - 2013-06-09 09:02 - 00000000 ____D C:\Users\User\AppData\Local\8175cb13-2db1-44e7-88c1-1f125da86854ad 2013-06-18 12:28 - 2013-04-25 05:25 - 00000000 ___SD C:\Users\User\Google Drive 2013-06-18 12:28 - 2012-01-30 06:49 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-18 12:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-16 17:51 - 2013-03-19 07:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-16 17:51 - 2012-01-30 10:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-16 17:37 - 2013-06-16 17:37 - 00000000 ____D C:\Users\User\AppData\Roaming\wabEventSupport16 2013-06-09 19:40 - 2013-06-09 19:40 - 00000000 ____A C:\Users\User\jucheck621150.exe 2013-06-09 19:40 - 2013-06-09 19:40 - 00000000 ____A C:\Users\User\chrome512102.exe 2013-06-09 19:38 - 2013-06-09 19:38 - 00000000 ____A C:\Users\User\msconfig761671.exe 2013-06-09 19:38 - 2013-06-09 19:38 - 00000000 ____A C:\Users\User\acrobat805475.exe 2013-06-09 19:28 - 2013-06-09 19:28 - 00000000 ____A C:\Users\User\icq846511.exe 2013-06-09 19:28 - 2013-06-09 19:28 - 00000000 ____A C:\Users\User\firefox684667.exe 2013-06-09 16:00 - 2013-06-09 16:00 - 00000000 ____A C:\Users\User\windowsupdate562231.exe 2013-06-09 16:00 - 2013-06-09 16:00 - 00000000 ____A C:\Users\User\opera941704.exe 2013-06-09 15:54 - 2013-06-09 15:54 - 00000000 ____A C:\Users\User\java791258.exe 2013-06-09 15:54 - 2013-06-09 15:54 - 00000000 ____A C:\Users\User\acrobatreader551729.exe 2013-06-09 15:52 - 2013-06-09 15:52 - 00000000 ____A C:\Users\User\teamviewer828070.exe 2013-06-09 15:52 - 2013-06-09 15:52 - 00000000 ____A C:\Users\User\spoolsv992999.exe 2013-06-09 15:41 - 2013-06-09 15:41 - 00000000 ____A C:\Users\User\spoolsv241388.exe 2013-06-09 15:41 - 2013-06-09 15:41 - 00000000 ____A C:\Users\User\icq423812.exe 2013-06-09 12:05 - 2013-06-09 12:05 - 00000000 ____A C:\Users\User\windowsupdate200067.exe 2013-06-09 12:05 - 2013-06-09 12:05 - 00000000 ____A C:\Users\User\notepad111032.exe 2013-06-09 11:56 - 2013-06-09 11:56 - 00000000 ____A C:\Users\User\flashplayer.exe 2013-06-09 11:56 - 2013-06-09 11:56 - 00000000 ____A C:\Users\User\acrobatreader.exe 2013-06-09 09:23 - 2013-06-09 09:23 - 00000000 ____A C:\Users\User\vlcplayer.exe 2013-06-09 09:23 - 2013-06-09 09:23 - 00000000 ____A C:\Users\User\mstsc.exe 2013-06-09 09:23 - 2013-06-09 09:23 - 00000000 ____A C:\Users\User\jucheck.exe 2013-06-09 09:17 - 2013-06-09 09:17 - 00000000 ____A C:\Users\User\windowsupdate.exe 2013-06-09 09:17 - 2013-06-09 09:17 - 00000000 ____A C:\Users\User\csrss.exe 2013-06-09 09:17 - 2013-06-09 09:17 - 00000000 ____A C:\Users\User\chrome.exe 2013-06-09 09:07 - 2013-06-09 09:07 - 00000000 ____A C:\Users\User\rundll32.exe 2013-06-09 09:07 - 2013-06-09 09:07 - 00000000 ____A C:\Users\User\googleupdate.exe 2013-06-09 09:07 - 2013-06-09 09:07 - 00000000 ____A C:\Users\User\acrobat.exe 2013-06-09 09:02 - 2013-06-09 09:02 - 00000000 ____A C:\Users\User\opera.exe 2013-06-09 09:02 - 2013-06-09 09:02 - 00000000 ____A C:\Users\User\notepad.exe 2013-06-09 09:02 - 2013-06-09 09:02 - 00000000 ____A C:\Users\User\msconfig.exe 2013-06-08 11:48 - 2013-06-08 07:45 - 00000000 ____D C:\Users\User\AppData\Local\Hewlett-Packard 2013-06-08 07:45 - 2012-01-27 11:53 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore 2013-06-08 06:08 - 2013-06-16 17:50 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 06:07 - 2013-06-16 17:50 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 06:06 - 2013-06-16 17:50 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 06:06 - 2013-06-16 17:50 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 06:06 - 2013-06-16 17:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 04:28 - 2013-06-16 17:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 03:42 - 2013-06-16 17:50 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 03:40 - 2013-06-16 17:50 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 03:40 - 2013-06-16 17:50 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 03:40 - 2013-06-16 17:50 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 03:40 - 2013-06-16 17:50 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 03:13 - 2013-06-16 17:50 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-06 16:40 - 2013-04-03 15:04 - 00002187 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-05 06:23 - 2013-06-05 06:23 - 00028778 ____A C:\Users\User\Downloads\refwlesunclassified (1).zip 2013-06-05 06:21 - 2013-06-05 06:21 - 00028778 ____A C:\Users\User\Downloads\refwlesunclassified.zip 2013-06-04 06:17 - 2012-01-29 12:58 - 00000000 ____D C:\Users\User\Desktop\Danielle 2013-06-03 19:05 - 2012-11-06 05:58 - 00000000 ____D C:\Users\User\Documents\My Scans 2013-06-03 10:37 - 2012-09-19 13:02 - 00000000 ____D C:\Users\User\ZipForm 2013-06-02 21:30 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-06-02 21:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-06-02 21:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2013-05-22 04:08 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-20 18:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3090479118-3698766337-2013796773-1000\$b22b05834748ebf764a121f70e4d6814 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$b22b05834748ebf764a121f70e4d6814 Files to move or delete: ==================== C:\Users\User\acrobat.exe C:\Users\User\acrobat805475.exe C:\Users\User\acrobatreader.exe C:\Users\User\acrobatreader551729.exe C:\Users\User\chrome.exe C:\Users\User\chrome512102.exe C:\Users\User\csrss.exe C:\Users\User\firefox684667.exe C:\Users\User\flashplayer.exe C:\Users\User\googleupdate.exe C:\Users\User\icq423812.exe C:\Users\User\icq846511.exe C:\Users\User\java791258.exe C:\Users\User\jucheck.exe C:\Users\User\jucheck621150.exe C:\Users\User\msconfig.exe C:\Users\User\msconfig761671.exe C:\Users\User\mstsc.exe C:\Users\User\mstsc315593.exe C:\Users\User\notepad.exe C:\Users\User\notepad111032.exe C:\Users\User\notepad714774.exe C:\Users\User\opera.exe C:\Users\User\opera941704.exe C:\Users\User\rundll32.exe C:\Users\User\rundll32568748.exe C:\Users\User\spoolsv241388.exe C:\Users\User\spoolsv992999.exe C:\Users\User\teamviewer828070.exe C:\Users\User\vlcplayer.exe C:\Users\User\windowsupdate.exe C:\Users\User\windowsupdate200067.exe C:\Users\User\windowsupdate562231.exe C:\Windows\Tasks\{D958ED80-CD81-49CA-BB1F-20BE0673E02A}.job ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-15 17:52:36 Restore point made on: 2013-05-20 15:15:44 Restore point made on: 2013-05-23 17:59:10 Restore point made on: 2013-05-31 08:56:39 Restore point made on: 2013-06-03 12:36:37 Restore point made on: 2013-06-03 12:47:22 Restore point made on: 2013-06-03 14:25:31 Restore point made on: 2013-06-16 17:49:19 Restore point made on: 2013-06-18 12:50:17 Restore point made on: 2013-06-18 13:35:19 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3839.18 MB Available physical RAM: 3263.52 MB Total Pagefile: 3837.38 MB Available Pagefile: 3257.8 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:921.72 GB) (Free:845.68 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive f: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.65 GB) FAT32 (Disk=2 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CB5BD2B2) Partition 1: (Not Active) - (Size=10 GB) - (Type=1B) Partition 2: (Active) - (Size=922 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=0C) LastRegBack: 2013-06-03 08:59 ==================== End Of Log ============================ FRST.txt
- June 19, 2013
- 6 replies

Sign In

rockstar_realtor

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by rockstar_realtor

Logs for MrC (FBI virus)

Logs for MrC (FBI virus)

Logs for MrC (FBI virus)

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information