Scribd
Upload
35 views

FRST

456464646

Uploaded by

Poorya Pakdaman
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
35 views

FRST

456464646

Uploaded by

Poorya Pakdaman
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014

Ran by Marjorie (administrator) on MARJORIE-PC on 05-02-2014 23:33:23


Running from K:\
Microsoft Windows Vista Home Premium Service Pack 2 (X86) OS Language: English(US
)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farba
r-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farba
r-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outda
ted.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial
-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AOL LLC) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows L
ive\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows L
ive\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files\Common Files\aol\1301950658\ee\aolsoftware.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.
exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeAR
M.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\Users\Marjorie\AppData\Roaming\HpUpdate\WIN7E10.exe
(IirDoramkel S.R.L.) C:\Users\Marjorie\AppData\Roaming\Fowacye\noiwevm.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EX
E
(IirDoramkel S.R.L.) C:\Users\Marjorie\AppData\Roaming\Fowacye\noiwevm.exe
(IirDoramkel S.R.L.) C:\Users\Marjorie\AppData\Roaming\Fowacye\noiwevm.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.6\waol.exe

(IirDoramkel S.R.L.) C:\Users\Marjorie\AppData\Roaming\Fowacye\noiwevm.exe


(AOL Inc.) C:\Program Files\AOL Desktop 9.6\shellmon.exe
(IirDoramkel S.R.L.) C:\Users\Marjorie\AppData\Roaming\Fowacye\noiwevm.exe
(IirDoramkel S.R.L.) C:\Users\Marjorie\AppData\Roaming\Fowacye\noiwevm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe
[1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek
Semiconductor)
HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1301950658\ee\AO
LSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Upd
ate\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWu
Schd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\
Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM
.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWel
comeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWel
comeCenter
HKU\S-1-5-21-250966054-3069191643-3255178872-1000\...\Run: [ehTray.exe] - C:\Win
dows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-250966054-3069191643-3255178872-1000\...\Run: [AOL Fast Start] - C:
\Program Files\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKU\S-1-5-21-250966054-3069191643-3255178872-1000\...\Run: [Msmdmwbs] - C:\Users
\Marjorie\Apps\NT\msapps.exe [109212160 2008-01-20] ()
HKU\S-1-5-21-250966054-3069191643-3255178872-1000\...\Run: [Omics] - regsvr32.ex
e C:\Users\Marjorie\AppData\Local\Omics\CfEula16.dll <===== ATTENTION
HKU\S-1-5-21-250966054-3069191643-3255178872-1000\...\Run: [GameServer518] - C:\
Users\Marjorie\AppData\Roaming\HpUpdate\WIN7E10.exe [171008 2014-01-29] ()
HKU\S-1-5-21-250966054-3069191643-3255178872-1000\...\Run: [Zyivfuubd] - C:\User
s\Marjorie\AppData\Roaming\Fowacye\noiwevm.exe [301802 2013-12-08] (IirDoramkel
S.R.L.)
HKU\S-1-5-21-250966054-3069191643-3255178872-1000\...409d6c4515e9\InprocServer32
: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Marjorie\AppData
\Local\Temp\suipfrb\sxebqtw\wow.dll ATTENTION! ====> ZeroAccess?
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.del
l.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c
om/
URLSearchHook: HKCU - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D}
- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {8AF0D044-52DA-4ED1-9D69-75C1E7C07CB5} URL = http://search.
aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKCU - DefaultScope {6708EAA3-A927-4789-92C7-66E02D9FD605} URL = h
ttp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKCU - {6708EAA3-A927-4789-92C7-66E02D9FD605} URL = http://search.
aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKCU - {8AF0D044-52DA-4ED1-9D69-75C1E7C07CB5} URL =

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Fil


es\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packar
d Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems In
corporated)
BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program
Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C
:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files
\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:
\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Fi
les\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Progra
m Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program F
iles\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Progra
m Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://iv.archives.ncdcr.gov/Resourc
es/DjVuControl-6.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin
stall-1_6_0_24-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://144.75.184.14/activex/AxisCam
Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin
stall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin
stall-1_6_0_24-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.
1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.
1700.107\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.17
00.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.
0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\n
ppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin
\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_pl
ugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\
npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogle
Update3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experie
nce Technology\npViewpoint.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.1

0411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framewo
rk\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Marjorie\AppData\Local\Google\Chrome\U
ser Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
========================== Services (Whitelisted) =================
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23]
(AOL LLC)
==================== Drivers (Whitelisted) ====================
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America O
nline, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 00:48 - 2014-02-05 23:00 - 00000822 _____ () C:\Windows\Tasks\Securit
y Center Update - 3488496724.job
2014-01-29 00:48 - 2014-01-29 00:48 - 00000000 ____D () C:\Users\Marjorie\AppDat
a\Roaming\Fowacye
==================== One Month Modified Files and Folders =======
2014-02-05 23:33 - 2013-09-30 22:04 - 00000000 ____D () C:\FRST
2014-02-05 23:31 - 2006-11-02 04:33 - 00703516 _____ () C:\Windows\system32\Perf
StringBackup.INI
2014-02-05 23:30 - 2006-11-02 06:52 - 00296322 _____ () C:\Windows\setupact.log
2014-02-05 23:30 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B29
6FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 23:30 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B29
6FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 23:18 - 2012-09-01 19:10 - 00000890 _____ () C:\Windows\Tasks\GoogleU
pdateTaskMachineUA.job
2014-02-05 23:00 - 2014-01-29 00:48 - 00000822 _____ () C:\Windows\Tasks\Securit
y Center Update - 3488496724.job
2014-02-05 22:56 - 2011-04-03 23:19 - 01637604 _____ () C:\Windows\WindowsUpdate
.log
2014-02-05 22:52 - 2013-09-28 12:28 - 00000680 _____ () C:\Users\Marjorie\AppDat
a\Local\d3d9caps.dat
2014-02-05 22:45 - 2012-04-06 12:57 - 00000830 _____ () C:\Windows\Tasks\Adobe F
lash Player Updater.job
2014-02-05 21:32 - 2012-09-01 19:10 - 00000886 _____ () C:\Windows\Tasks\GoogleU
pdateTaskMachineCore.job
2014-02-05 21:28 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 21:25 - 2006-11-02 07:01 - 00032600 _____ () C:\Windows\Tasks\SCHEDLG
U.TXT
2014-02-04 16:47 - 2012-04-06 12:57 - 00692616 _____ (Adobe Systems Incorporated
) C:\Windows\system32\FlashPlayerApp.exe
2014-02-04 16:47 - 2012-04-06 12:57 - 00071048 _____ (Adobe Systems Incorporated
) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-03 17:34 - 2012-09-01 22:33 - 00001978 _____ () C:\Users\Public\Desktop\
Google Chrome.lnk

2014-01-29 00:48 - 2014-01-29


a\Roaming\Fowacye
2014-01-29 00:42 - 2012-01-05
a\Roaming\HpUpdate
2014-01-29 00:41 - 2011-04-04
2014-01-16 03:05 - 2011-04-04
Help
2014-01-16 03:04 - 2013-08-13
2014-01-16 03:01 - 2006-11-02
Windows\system32\mrt.exe
2014-01-13 19:56 - 2011-04-04

00:48 - 00000000 ____D () C:\Users\Marjorie\AppDat


10:52 - 00000000 ____D () C:\Users\Marjorie\AppDat
14:03 - 00000000 ____D () C:\Users\Marjorie
15:50 - 00000000 ____D () C:\ProgramData\Microsoft
02:05 - 00000000 ____D () C:\Windows\system32\MRT
04:24 - 83425928 _____ (Microsoft Corporation) C:\
14:26 - 00000000 ____D () C:\GWR

Some content of TEMP:


====================
C:\Users\Marjorie\AppData\Local\Temp\01384810431830.exe
C:\Users\Marjorie\AppData\Local\Temp\AcsInstall.dll
C:\Users\Marjorie\AppData\Local\Temp\czlqyfbr.exe
C:\Users\Marjorie\AppData\Local\Temp\hihikmn.exe
C:\Users\Marjorie\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Marjorie\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Marjorie\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Marjorie\AppData\Local\Temp\ose00000.exe
C:\Users\Marjorie\AppData\Local\Temp\Quarantine.exe
C:\Users\Marjorie\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Marjorie\AppData\Local\Temp\UpdateFlashPlayer_8511631b.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-05 21:37
==================== End Of Log ============================

You might also like