Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLEASE HELP ME CREATE A FIXLIST.TXT


  • This topic is locked This topic is locked
2 replies to this topic

#1 jkalish

jkalish

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 August 2013 - 10:14 AM

I recently ran Frst 32 in response to an ICE  Ransom Virus i received yesterday, which would not allow me to reslove using any of the Safe Mode functions. FRST requires a personalized FIXLIST.TXT. Please help me create that. THANK YOU!!

 

Here is my Frst log: 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by SYSTEM on 22-08-2013 10:39:03
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a4793daec6868eb6f8e7b304e5fc2f68\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-06-30] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\JLK\...\Run: [Copernic Desktop Search - Home] - C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [1692200 2013-01-28] (Copernic Inc.)
HKU\JLK\...\Run: [Google Update] -  [x]
HKU\JLK\...\Run: [Adobe CSS5.1 Manager] - C:\Users\JLK\AppData\Local\4ba7aaf7-3169-4cc8-9322-782ad91fbb00ad\baaafccadfbbad.exe [253952 2013-08-19] () <===== ATTENTION
HKU\JLK\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\JLK\AppData\Local\Temp\oyhlmxyxrdhqfbhlv.exe [51712 2013-08-21] (Valve Corporation) <===== ATTENTION
HKU\JLK\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\JLK\...\Command Processor: "C:\Users\JLK\AppData\Local\Temp\oyhlmxyxrdhqfbhlv.exe" <===== ATTENTION!
AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll c:\progra~2\browse~1\sprote~1.dll [123392 2010-11-10] (Google)

==================== Services (Whitelisted) =================

S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] ()
S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
S2 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-11-10] (Google)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
S2 Yontoo Desktop Updater; C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552 2013-04-30] (Microsoft)

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [9728 2011-03-20] ()
S3 BCMH43XX; No ImagePath
S3 BTCFilterService; No ImagePath
S3 motandroidusb; No ImagePath
S3 motccgp; No ImagePath
S3 motccgpfl; No ImagePath
S3 motmodem; No ImagePath
S3 MotoSwitchService; No ImagePath
S3 Motousbnet; No ImagePath
S3 NPF; No ImagePath
S3 PcdrNdisuio; No ImagePath
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-21 20:00 - 2013-08-21 20:00 - 01328182 _____ C:\Users\JLK\AppData\Roaming\2433f433
2013-08-21 20:00 - 2013-08-21 20:00 - 01328146 _____ C:\Users\JLK\AppData\Local\2433f433
2013-08-19 18:33 - 2013-08-19 18:45 - 00025746 _____ C:\Windows\PFRO.log
2013-08-19 18:17 - 2013-08-19 18:18 - 00000004 _____ C:\Users\JLK\AppData\Roaming\skype.ini
2013-08-19 18:14 - 2013-08-21 20:01 - 00000320 ____H C:\Windows\Tasks\{B18CA935-1B68-4541-A4B1-3D8528DDEA3C}.job
2013-08-19 18:14 - 2013-08-19 18:14 - 00151552 _____ (MicroDigits Software Group) C:\Users\JLK\alg.exe
2013-08-19 18:14 - 2013-08-19 18:14 - 00003058 _____ C:\Windows\System32\Tasks\{B18CA935-1B68-4541-A4B1-3D8528DDEA3C}
2013-08-19 18:14 - 2013-08-19 18:14 - 00000000 ____D C:\Users\JLK\AppData\Local\4ba7aaf7-3169-4cc8-9322-782ad91fbb00ad
2013-08-14 15:17 - 2013-08-14 15:17 - 00000000 ____D C:\Program Files (x86)\LAVMediaCodec
2013-08-14 15:16 - 2013-08-19 18:32 - 00000000 ____D C:\Users\JLK\AppData\Local\SwvUpdater
2013-08-14 15:16 - 2013-08-14 15:17 - 00000000 ____D C:\Users\JLK\AppData\Local\DownloadTerms
2013-08-14 15:16 - 2013-08-14 15:16 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-08-14 15:16 - 2013-08-14 15:16 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-08-14 15:16 - 2013-08-14 15:16 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-08-10 03:04 - 2013-08-10 03:04 - 00000025 ____N C:\Users\JLK\Desktop\Untitled attachment 00004.txt
2013-08-09 12:25 - 2013-08-22 03:42 - 00000392 _____ C:\Windows\setupact.log
2013-08-09 12:25 - 2013-08-09 12:25 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 05:01 - 2013-08-09 05:19 - 00000000 ____D C:\Users\JLK\AppData\Roaming\MyPhoneExplorer
2013-08-09 05:01 - 2013-08-09 05:01 - 00002019 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-08-09 04:54 - 2013-08-09 04:54 - 00174597 _____ C:\Users\JLK\Desktop\CONTACTS SAVED.vcf
2013-08-07 03:58 - 2013-08-07 03:58 - 00000000 ____D C:\Users\JLK\Documents\New folder
2013-08-05 02:45 - 2013-08-05 02:45 - 00000000 ____D C:\Users\JLK\Desktop\MMS
2013-08-05 02:45 - 2013-08-05 02:45 - 00000000 ____D C:\Users\JLK\Desktop\GSM
2013-08-05 02:44 - 2013-08-05 02:44 - 00000000 ____D C:\Users\JLK\Desktop\DCIM
2013-08-02 09:39 - 2013-08-21 11:34 - 01568089 _____ C:\Windows\WindowsUpdate.log
2013-07-28 09:52 - 2013-07-28 09:52 - 00000023 _____ C:\Users\JLK\Desktop\duplicates.txt
2013-07-28 09:47 - 2013-07-28 09:47 - 00003011 _____ C:\Users\JLK\Desktop\OutlookFreeware.com Utilities.lnk
2013-07-28 09:46 - 2013-07-28 09:52 - 00000000 ____D C:\Users\JLK\AppData\Local\OutlookFreeware.com
2013-07-26 12:34 - 2013-07-26 12:34 - 02171958 ____T C:\Users\JLK\Desktop\lu-afcfb.prn
2013-07-26 12:33 - 2013-07-26 12:33 - 05640347 _____ C:\Users\JLK\Documents\lu-afcfb_01.tif
2013-07-23 18:55 - 2013-07-23 18:55 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-23 18:55 - 2013-07-23 18:55 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat

==================== One Month Modified Files and Folders =======

2013-08-22 03:44 - 2013-04-03 16:13 - 00000418 _____ C:\Windows\Tasks\Wise Care 365.job
2013-08-22 03:43 - 2013-03-14 16:38 - 00000000 ____D C:\Program Files (x86)\BrowseToSave
2013-08-22 03:43 - 2011-01-15 13:13 - 00000000 __SHD C:\ProgramData\MPK
2013-08-22 03:42 - 2013-08-09 12:25 - 00000392 _____ C:\Windows\setupact.log
2013-08-22 03:42 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-21 20:01 - 2013-08-19 18:14 - 00000320 ____H C:\Windows\Tasks\{B18CA935-1B68-4541-A4B1-3D8528DDEA3C}.job
2013-08-21 20:01 - 2013-08-02 09:39 - 01568089 _____ C:\Windows\WindowsUpdate.log
2013-08-21 20:01 - 2011-09-17 03:40 - 00000000 ____D C:\Users\JLK\Documents\Mid Vermont Earthworks
2013-08-21 20:01 - 2010-11-10 14:54 - 00000000 ____D C:\Users\JLK\AppData\Roaming\Azureus
2013-08-21 20:00 - 2013-08-21 20:00 - 01328221 _____ C:\ProgramData\2433f433
2013-08-21 20:00 - 2013-08-21 20:00 - 01328182 _____ C:\Users\JLK\AppData\Roaming\2433f433
2013-08-21 20:00 - 2013-08-21 20:00 - 01328146 _____ C:\Users\JLK\AppData\Local\2433f433
2013-08-21 19:12 - 2012-02-01 10:22 - 00000320 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-08-21 17:58 - 2013-05-15 12:13 - 00000000 ____D C:\Users\JLK\AppData\Roaming\Yontoo
2013-08-21 14:57 - 2010-11-10 07:12 - 00000000 ____D C:\ProgramData\MFAData
2013-08-21 14:53 - 2013-05-08 12:40 - 00000398 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2013-08-20 02:37 - 2013-04-03 16:09 - 00001118 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
2013-08-20 02:37 - 2013-04-03 16:09 - 00000000 ____D C:\Users\JLK\AppData\Roaming\Wise Care 365
2013-08-19 18:53 - 2009-07-13 20:45 - 00015984 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 18:53 - 2009-07-13 20:45 - 00015984 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-19 18:45 - 2013-08-19 18:33 - 00025746 _____ C:\Windows\PFRO.log
2013-08-19 18:44 - 2013-03-14 16:38 - 00000000 ____D C:\ProgramData\EboookkBroowsse
2013-08-19 18:44 - 2013-03-14 16:37 - 00000000 ____D C:\ProgramData\Browase2ssAAve
2013-08-19 18:32 - 2013-08-14 15:16 - 00000000 ____D C:\Users\JLK\AppData\Local\SwvUpdater
2013-08-19 18:18 - 2013-08-19 18:17 - 00000004 _____ C:\Users\JLK\AppData\Roaming\skype.ini
2013-08-19 18:17 - 2010-11-10 07:18 - 00000000 ____D C:\users\JLK
2013-08-19 18:17 - 2010-11-10 07:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-19 18:14 - 2013-08-19 18:14 - 00151552 _____ (MicroDigits Software Group) C:\Users\JLK\alg.exe
2013-08-19 18:14 - 2013-08-19 18:14 - 00003058 _____ C:\Windows\System32\Tasks\{B18CA935-1B68-4541-A4B1-3D8528DDEA3C}
2013-08-19 18:14 - 2013-08-19 18:14 - 00000000 ____D C:\Users\JLK\AppData\Local\4ba7aaf7-3169-4cc8-9322-782ad91fbb00ad
2013-08-19 18:14 - 2010-11-10 07:15 - 00000000 ____D C:\Users\JLK\AppData\Local\Google
2013-08-17 08:10 - 2010-11-10 07:44 - 00000000 ____D C:\Users\JLK\Documents\Birchwood Realty Investments_Rockingham
2013-08-14 17:54 - 2010-11-10 09:11 - 00000000 ____D C:\Users\JLK\Documents\Killington Hospitality Group,LLC
2013-08-14 15:17 - 2013-08-14 15:17 - 00000000 ____D C:\Program Files (x86)\LAVMediaCodec
2013-08-14 15:17 - 2013-08-14 15:16 - 00000000 ____D C:\Users\JLK\AppData\Local\DownloadTerms
2013-08-14 15:16 - 2013-08-14 15:16 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp
2013-08-14 15:16 - 2013-08-14 15:16 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-08-14 15:16 - 2013-08-14 15:16 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-08-14 15:16 - 2013-04-03 11:01 - 00000002 _____ C:\end
2013-08-14 08:56 - 2010-11-10 09:12 - 00000000 ____D C:\Users\JLK\Documents\Longwood Senior Housing
2013-08-13 08:17 - 2010-11-10 07:45 - 00000000 ____D C:\Users\JLK\Documents\James Road Medical Center, LLC
2013-08-12 05:19 - 2013-05-30 18:22 - 00000000 ____D C:\Users\JLK\AppData\Roaming\Media Player Classic
2013-08-11 13:52 - 2012-08-30 15:43 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJLK
2013-08-11 13:52 - 2012-08-30 15:43 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForJLK.job
2013-08-10 14:47 - 2011-01-12 08:23 - 00015360 _____ C:\Users\JLK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-10 14:47 - 2010-11-10 09:09 - 00000000 ____D C:\Users\JLK\Documents\Kalish_Silverstone JV
2013-08-10 14:45 - 2013-01-13 11:24 - 00000000 ___SD C:\Users\JLK\Google Drive
2013-08-10 14:45 - 2010-11-10 09:12 - 00000000 ____D C:\Users\JLK\Documents\Mendon - 400 Acres
2013-08-10 03:04 - 2013-08-10 03:04 - 00000025 ____N C:\Users\JLK\Desktop\Untitled attachment 00004.txt
2013-08-09 12:25 - 2013-08-09 12:25 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 05:19 - 2013-08-09 05:01 - 00000000 ____D C:\Users\JLK\AppData\Roaming\MyPhoneExplorer
2013-08-09 05:01 - 2013-08-09 05:01 - 00002019 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-08-09 05:01 - 2013-03-25 10:32 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-08-09 04:54 - 2013-08-09 04:54 - 00174597 _____ C:\Users\JLK\Desktop\CONTACTS SAVED.vcf
2013-08-07 09:28 - 2010-11-10 09:14 - 00000000 ____D C:\Users\JLK\Documents\My Scans
2013-08-07 04:03 - 2012-07-23 17:14 - 00000000 ____D C:\Users\JLK\Documents\erin
2013-08-07 03:58 - 2013-08-07 03:58 - 00000000 ____D C:\Users\JLK\Documents\New folder
2013-08-05 03:54 - 2012-01-25 10:34 - 00000000 ____D C:\Users\JLK\Documents\Dana
2013-08-05 02:45 - 2013-08-05 02:45 - 00000000 ____D C:\Users\JLK\Desktop\MMS
2013-08-05 02:45 - 2013-08-05 02:45 - 00000000 ____D C:\Users\JLK\Desktop\GSM
2013-08-05 02:44 - 2013-08-05 02:44 - 00000000 ____D C:\Users\JLK\Desktop\DCIM
2013-08-02 09:36 - 2012-04-02 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-02 05:00 - 2012-04-02 15:19 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-02 05:00 - 2011-02-16 04:21 - 00003696 _____ C:\Windows\System32\Tasks\Adobe online update program
2013-07-31 12:16 - 2012-01-24 19:03 - 00000000 ____D C:\Users\JLK\Documents\Piana
2013-07-31 06:53 - 2010-11-10 07:06 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-07-31 06:00 - 2010-11-10 07:32 - 00032253 _____ C:\Windows\System32\lvcoinst.log
2013-07-31 05:42 - 2013-03-27 05:52 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 13:44 - 2013-03-26 15:13 - 00000000 ____D C:\Users\JLK\Documents\Clifton Park
2013-07-28 09:52 - 2013-07-28 09:52 - 00000023 _____ C:\Users\JLK\Desktop\duplicates.txt
2013-07-28 09:52 - 2013-07-28 09:46 - 00000000 ____D C:\Users\JLK\AppData\Local\OutlookFreeware.com
2013-07-28 09:47 - 2013-07-28 09:47 - 00003011 _____ C:\Users\JLK\Desktop\OutlookFreeware.com Utilities.lnk
2013-07-28 09:43 - 2012-07-16 16:29 - 00000000 ____D C:\Program Files (x86)\ODIR
2013-07-26 12:34 - 2013-07-26 12:34 - 02171958 ____T C:\Users\JLK\Desktop\lu-afcfb.prn
2013-07-26 12:33 - 2013-07-26 12:33 - 05640347 _____ C:\Users\JLK\Documents\lu-afcfb_01.tif
2013-07-24 09:36 - 2010-11-10 07:44 - 00000000 ____D C:\Users\JLK\Documents\Titan
2013-07-24 08:52 - 2011-03-10 10:13 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3EA46623-0DA4-4E01-9770-005B8D205E6C}
2013-07-24 05:19 - 2011-08-26 05:48 - 00000000 ____D C:\Users\JLK\Documents\Solar Farm
2013-07-23 18:55 - 2013-07-23 18:55 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-23 18:55 - 2013-07-23 18:55 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-977780554-527331362-2117724744-1000\$a4793daec6868eb6f8e7b304e5fc2f68

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$a4793daec6868eb6f8e7b304e5fc2f68

Files to move or delete:
====================
C:\Users\JLK\AppData\Local\4ba7aaf7-3169-4cc8-9322-782ad91fbb00ad\baaafccadfbbad.exe
C:\Users\JLK\AppData\Local\Temp\oyhlmxyxrdhqfbhlv.exe
ZeroAccess:
C:\Users\JLK\AppData\Local\Google\Desktop\Install\{a4793dae-c686-8eb6-f8e7-b304e5fc2f68}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{a4793dae-c686-8eb6-f8e7-b304e5fc2f68}
C:\ProgramData\dz4jmj.bat
C:\ProgramData\dz4jmj.pad
C:\ProgramData\dz4jmj.reg
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\JonDoFox.paf.exe
C:\ProgramData\odl1l.bat
C:\ProgramData\odl1l.pad
C:\ProgramData\odl1l.reg
C:\ProgramData\reyalpclv.pad
C:\ProgramData\ssrsc.pad
C:\ProgramData\taina.pad
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\JLK\alg.exe
C:\Users\JLK\AppData\Roaming\skype.ini
C:\Users\JLK\AppData\Roaming\cache.ini
C:\Windows\Tasks\{B18CA935-1B68-4541-A4B1-3D8528DDEA3C}.job

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-25 06:46:16
Restore point made on: 2013-07-05 07:56:13
Restore point made on: 2013-07-05 18:28:35
Restore point made on: 2013-07-05 18:31:41
Restore point made on: 2013-07-12 22:30:26
Restore point made on: 2013-07-18 04:49:19
Restore point made on: 2013-07-20 03:23:27
Restore point made on: 2013-07-20 03:24:34
Restore point made on: 2013-07-27 22:08:39
Restore point made on: 2013-07-28 09:47:48
Restore point made on: 2013-07-31 07:08:12
Restore point made on: 2013-08-07 22:51:51
Restore point made on: 2013-08-15 22:23:55

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 5887.24 MB
Available physical RAM: 4968.8 MB
Total Pagefile: 5885.39 MB
Available Pagefile: 4951.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.6 GB) (Free:646.5 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:10.81 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (2013_08_11) (CDROM) (Total:4.11 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:7.46 GB) (Free:3.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 77738F25)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=921 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

LastRegBack: 2013-08-12 14:50

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:51 AM

Posted 22 August 2013 - 12:34 PM

Hello,

 

Welcome to the forum.

 

Please download Attached File  fixlist.txt   2.81KB   24 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Also restart, let it boot normally and tell me how it went. We are not done yet.



#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:51 AM

Posted 31 August 2013 - 03:57 AM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users