Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need a fixlist.text farbar recovery tool


  • This topic is locked This topic is locked
3 replies to this topic

#1 macmacyo

macmacyo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 29 August 2013 - 08:12 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 20:37:59
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [DATAMNGR] - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [x]
HKLM-x32\...\Run: [BYRUA_AGENT] - C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PrivitizeVPN] - C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe [196784 2013-02-06] (OOO Industry)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1303360 2013-07-05] (Spigot, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1549120 2013-08-16] (IObit)
HKLM-x32\...\Run: [PCFixSpeed] - C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe [384088 2013-03-20] (Crawler.com)
HKLM-x32\...\Run: [24x7HELP] - C:\Program Files (x86)\24x7Help\App24x7Help.exe [1773648 2013-03-20] (Crawler, LLC)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Jose Adam\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Jose Adam\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Jose Adam\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-29] (Google Inc.)
HKU\Jose Adam\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\Jose Adam\...\Policies\system: [WallpaperStyle] 2
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll  [491840 2013-04-18] ()
AppInit_DLLs-x32: c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll , c:\progra~2\magnipic\sprote~1.dll [491840 2013-04-18] ()
 
==================== Services (Whitelisted) =================
 
S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-20] (PCRx.com, LLC)
S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 gupdate1cad8e42f29d42a; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-04-10] (Google Inc.)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
S2 LanmanServer32; c:\windows\system32\msexch4032.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S1 MpKsldab31916; C:\Windows\system32\MpEngineStore\MpKsldab31916.sys [35664 2013-08-19] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S1 aaloxtvg; \??\C:\Windows\system32\drivers\aaloxtvg.sys [x]
S1 aryimmtg; \??\C:\Windows\system32\drivers\aryimmtg.sys [x]
S4 eabfiltr; 
S1 mcpjpcch; \??\C:\Windows\system32\drivers\mcpjpcch.sys [x]
S1 pweeambs; \??\C:\Windows\system32\drivers\pweeambs.sys [x]
S1 qzctaqvb; \??\C:\Windows\system32\drivers\qzctaqvb.sys [x]
S1 rajmczdb; \??\C:\Windows\system32\drivers\rajmczdb.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S1 suojosvl; \??\C:\Windows\system32\drivers\suojosvl.sys [x]
S3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-29 15:41 - 2013-08-29 15:41 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-29 11:36 - 2013-08-29 11:36 - 468625722 _____ C:\Windows\MEMORY.DMP
2013-08-29 11:36 - 2013-08-29 11:36 - 00276360 _____ C:\Windows\Minidump\082913-22994-01.dmp
2013-08-29 11:34 - 2013-05-22 14:49 - 00017720 _____ C:\Windows\System32\Drivers\SmartDefragDriver.sys
2013-08-21 20:59 - 2013-08-29 11:36 - 00000280 _____ C:\Windows\setupact.log
2013-08-21 20:59 - 2013-08-22 23:40 - 00007720 _____ C:\Windows\PFRO.log
2013-08-21 20:59 - 2013-08-21 20:59 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 20:57 - 2013-08-29 11:33 - 00000000 ____D C:\Users\Jose Adam\AppData\Roaming\PCFixSpeed
2013-08-21 20:57 - 2013-08-29 11:32 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-21 20:57 - 2013-08-23 10:06 - 00000280 _____ C:\Windows\Tasks\TopArcadeHits.job
2013-08-21 20:57 - 2013-08-21 20:57 - 00003168 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-21 20:57 - 2013-08-21 20:57 - 00003042 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-21 20:57 - 2013-08-21 20:57 - 00001240 _____ C:\Users\Jose Adam\Desktop\Create Amazing Presentations.lnk
2013-08-21 20:57 - 2013-08-21 20:57 - 00000982 _____ C:\Users\Public\Desktop\24x7 Help.lnk
2013-08-21 20:57 - 2013-08-21 20:57 - 00000923 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Roaming\24x7 Help
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Local\TopArcadeHits
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Local\emaze
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\ProgramData\PCFixSpeed
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Program Files (x86)\24x7Help
2013-08-21 20:50 - 2013-08-21 20:50 - 00657768 _____ C:\Users\Jose Adam\Downloads\setup (3).exe
2013-08-21 20:50 - 2013-08-21 20:50 - 00001107 _____ C:\Users\Jose Adam\Desktop\Continue Download Helper Installation.lnk
2013-08-21 20:47 - 2013-08-21 20:47 - 00301184 _____ (StarApp) C:\Users\Jose Adam\Downloads\setup (2).exe
2013-08-21 20:47 - 2013-08-21 20:47 - 00000000 ____D C:\ProgramData\StarApp
2013-08-21 20:37 - 2013-08-21 20:38 - 00015086 _____ C:\Windows\DPINST.LOG
2013-08-21 20:34 - 2013-08-21 20:35 - 26314800 _____ (Intel® Corporation) C:\Users\Jose Adam\Downloads\Wireless_15.3.1_Ds64.exe
2013-08-21 20:03 - 2013-08-21 20:03 - 82362368 _____ C:\Windows\System32\config\software.iobit
2013-08-21 20:03 - 2013-08-21 20:03 - 04714496 _____ C:\Windows\System32\config\default.iobit
2013-08-21 20:03 - 2013-08-21 20:03 - 00057344 _____ C:\Windows\System32\config\sam.iobit
2013-08-21 20:03 - 2013-08-21 20:03 - 00024576 _____ C:\Windows\System32\config\security.iobit
2013-08-21 20:00 - 2013-08-21 20:00 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-08-21 19:57 - 2013-08-21 19:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Roaming\Vtools
2013-08-21 19:55 - 2013-08-21 19:56 - 00000000 ____D C:\Users\Jose Adam\Downloads\Download
2013-08-21 19:55 - 2013-08-21 19:55 - 00943952 _____ C:\Users\Jose Adam\Downloads\IObit_Uninstaller_downloader.exe
2013-08-21 19:40 - 2013-08-21 19:40 - 24372096 _____ (IObit                                                       ) C:\Users\Jose Adam\Downloads\asc-setup (1).exe
2013-08-21 13:10 - 2013-08-21 13:10 - 21824552 _____ (IObit                                                       ) C:\Users\Jose Adam\Downloads\imf-setup (1).exe
2013-08-19 13:29 - 2013-08-19 18:02 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-08-13 23:06 - 2013-08-13 23:06 - 00000000 ____D C:\Windows\System32\MRT
2013-08-08 18:52 - 2013-08-08 18:52 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-08-08 18:52 - 2013-08-08 18:52 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-08-08 18:52 - 2013-08-08 18:52 - 00000000 _____ C:\search.sqlite
 
==================== One Month Modified Files and Folders =======
 
2013-08-29 20:37 - 2013-08-29 20:37 - 00000000 ____D C:\FRST
2013-08-29 15:41 - 2013-08-29 15:41 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-08-29 11:36 - 2013-08-29 11:36 - 468625722 _____ C:\Windows\MEMORY.DMP
2013-08-29 11:36 - 2013-08-29 11:36 - 00276360 _____ C:\Windows\Minidump\082913-22994-01.dmp
2013-08-29 11:36 - 2013-08-21 20:59 - 00000280 _____ C:\Windows\setupact.log
2013-08-29 11:36 - 2011-05-19 08:37 - 00000000 ____D C:\Windows\Minidump
2013-08-29 11:36 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 11:33 - 2013-08-21 20:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Roaming\PCFixSpeed
2013-08-29 11:33 - 2012-12-26 13:44 - 00000000 ____D C:\ProgramData\IObit
2013-08-29 11:32 - 2013-08-21 20:57 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-29 11:32 - 2010-04-10 11:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 11:32 - 2009-07-13 20:45 - 00022976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 11:32 - 2009-07-13 20:45 - 00022976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 11:06 - 2011-09-06 16:56 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3632301940-3042269947-925311445-1000UA.job
2013-08-23 10:51 - 2010-04-10 11:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-23 10:06 - 2013-08-21 20:57 - 00000280 _____ C:\Windows\Tasks\TopArcadeHits.job
2013-08-22 23:40 - 2013-08-21 20:59 - 00007720 _____ C:\Windows\PFRO.log
2013-08-22 23:39 - 2009-09-25 00:26 - 01935626 _____ C:\Windows\WindowsUpdate.log
2013-08-22 23:22 - 2011-01-30 10:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-22 23:22 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2013-08-22 23:06 - 2011-09-06 16:56 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3632301940-3042269947-925311445-1000Core.job
2013-08-21 20:59 - 2013-08-21 20:59 - 00000000 _____ C:\Windows\setuperr.log
2013-08-21 20:57 - 2013-08-21 20:57 - 00003168 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-21 20:57 - 2013-08-21 20:57 - 00003042 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-21 20:57 - 2013-08-21 20:57 - 00001240 _____ C:\Users\Jose Adam\Desktop\Create Amazing Presentations.lnk
2013-08-21 20:57 - 2013-08-21 20:57 - 00000982 _____ C:\Users\Public\Desktop\24x7 Help.lnk
2013-08-21 20:57 - 2013-08-21 20:57 - 00000923 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Roaming\24x7 Help
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Local\TopArcadeHits
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Local\emaze
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\ProgramData\PCFixSpeed
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-21 20:57 - 2013-08-21 20:57 - 00000000 ____D C:\Program Files (x86)\24x7Help
2013-08-21 20:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2013-08-21 20:51 - 2010-01-29 13:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-21 20:50 - 2013-08-21 20:50 - 00657768 _____ C:\Users\Jose Adam\Downloads\setup (3).exe
2013-08-21 20:50 - 2013-08-21 20:50 - 00001107 _____ C:\Users\Jose Adam\Desktop\Continue Download Helper Installation.lnk
2013-08-21 20:49 - 2013-02-06 08:12 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-21 20:47 - 2013-08-21 20:47 - 00301184 _____ (StarApp) C:\Users\Jose Adam\Downloads\setup (2).exe
2013-08-21 20:47 - 2013-08-21 20:47 - 00000000 ____D C:\ProgramData\StarApp
2013-08-21 20:38 - 2013-08-21 20:37 - 00015086 _____ C:\Windows\DPINST.LOG
2013-08-21 20:35 - 2013-08-21 20:34 - 26314800 _____ (Intel® Corporation) C:\Users\Jose Adam\Downloads\Wireless_15.3.1_Ds64.exe
2013-08-21 20:31 - 2013-06-15 11:55 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-21 20:20 - 2009-12-25 07:06 - 00000000 ____D C:\users\Jose Adam
2013-08-21 20:12 - 2010-08-25 10:32 - 00000000 ____D C:\Users\Jose Adam\Documents\Youcam
2013-08-21 20:09 - 2012-12-26 14:59 - 00002008 _____ C:\Windows\epplauncher.mif
2013-08-21 20:08 - 2009-07-24 22:11 - 00000000 ____D C:\Windows\Panther
2013-08-21 20:07 - 2010-11-01 20:23 - 00000000 ____D C:\Users\Jose Adam\AppData\Roaming\uTorrent
2013-08-21 20:03 - 2013-08-21 20:03 - 82362368 _____ C:\Windows\System32\config\software.iobit
2013-08-21 20:03 - 2013-08-21 20:03 - 04714496 _____ C:\Windows\System32\config\default.iobit
2013-08-21 20:03 - 2013-08-21 20:03 - 00057344 _____ C:\Windows\System32\config\sam.iobit
2013-08-21 20:03 - 2013-08-21 20:03 - 00024576 _____ C:\Windows\System32\config\security.iobit
2013-08-21 20:00 - 2013-08-21 20:00 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-08-21 19:57 - 2013-08-21 19:57 - 00000000 ____D C:\Users\Jose Adam\AppData\Roaming\Vtools
2013-08-21 19:57 - 2010-04-10 11:32 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-21 19:56 - 2013-08-21 19:55 - 00000000 ____D C:\Users\Jose Adam\Downloads\Download
2013-08-21 19:55 - 2013-08-21 19:55 - 00943952 _____ C:\Users\Jose Adam\Downloads\IObit_Uninstaller_downloader.exe
2013-08-21 19:40 - 2013-08-21 19:40 - 24372096 _____ (IObit                                                       ) C:\Users\Jose Adam\Downloads\asc-setup (1).exe
2013-08-21 13:10 - 2013-08-21 13:10 - 21824552 _____ (IObit                                                       ) C:\Users\Jose Adam\Downloads\imf-setup (1).exe
2013-08-21 13:04 - 2010-12-22 20:02 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B7EF0B8-0B96-40C8-930C-7E3BFF58055E}
2013-08-19 18:02 - 2013-08-19 13:29 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-08-13 23:06 - 2013-08-13 23:06 - 00000000 ____D C:\Windows\System32\MRT
2013-08-13 23:06 - 2010-03-21 04:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-08 18:52 - 2013-08-08 18:52 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
2013-08-08 18:52 - 2013-08-08 18:52 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-08-08 18:52 - 2013-08-08 18:52 - 00000000 _____ C:\search.sqlite
2013-08-08 18:52 - 2013-02-06 08:12 - 00000464 _____ C:\prefs.js
 
Files to move or delete:
====================
C:\Users\Jose Adam\jagex_runescape_preferences.dat
C:\Users\Jose Adam\jagex_runescape_preferences2.dat
C:\Users\Jose Adam\AppData\Local\Temp\GetCC.dll
C:\Users\Jose Adam\AppData\Local\Temp\ICReinstall_setup (3).exe
C:\Users\Jose Adam\AppData\Local\Temp\SendMsg.dll
C:\Users\Jose Adam\AppData\Local\Temp\SetupToparcadehits.exe
C:\Users\Jose Adam\AppData\Local\Temp\vbmz17.exe
C:\Users\Jose Adam\AppData\Local\Temp\nsv8671.tmp\CLR.dll
C:\Users\Jose Adam\AppData\Local\Temp\nsv8671.tmp\System.dll
C:\Users\Jose Adam\AppData\Local\Temp\nsp340D.tmp\CLR.dll
C:\Users\Jose Adam\AppData\Local\Temp\nsp340D.tmp\inetc.dll
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\3661281_Setup.EXE
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\4046391_Setup.EXE
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\4046757_Setup.EXE
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\DeltaTB.exe
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\nss_handler.exe
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\PCFixSpeedSetup.exe
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\SymCCIS.dll
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\Toparcadehits.exe
C:\Users\Jose Adam\AppData\Local\Temp\is1326335552\VisualBeeSilent.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
TDL4: custom:26000022 <===== ATTENTION!
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-08-11 23:00:27
Restore point made on: 2013-08-12 23:00:31
Restore point made on: 2013-08-13 23:00:27
Restore point made on: 2013-08-14 23:00:27
Restore point made on: 2013-08-15 00:50:47
Restore point made on: 2013-08-19 18:36:45
Restore point made on: 2013-08-21 12:11:39
Restore point made on: 2013-08-22 23:00:28
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 3998.93 MB
Available physical RAM: 3269.59 MB
Total Pagefile: 3997.07 MB
Available Pagefile: 3270.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.77 GB) (Free:172.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive c: detected.
Drive e: (RECOVERY) (Fixed) (Total:12.12 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (MARK) (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: E7E8E0A0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-08-21 21:29
 
==================== End Of Log ============================

Edited by hamluis, 30 August 2013 - 06:53 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 30 August 2013 - 10:48 PM

Hello macmacyo



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 
 
S1 aaloxtvg; \??\C:\Windows\system32\drivers\aaloxtvg.sys [x]
S1 aryimmtg; \??\C:\Windows\system32\drivers\aryimmtg.sys [x]
S1 mcpjpcch; \??\C:\Windows\system32\drivers\mcpjpcch.sys [x]
S1 pweeambs; \??\C:\Windows\system32\drivers\pweeambs.sys [x]
S1 qzctaqvb; \??\C:\Windows\system32\drivers\qzctaqvb.sys [x]
S1 rajmczdb; \??\C:\Windows\system32\drivers\rajmczdb.sys [x]
S1 suojosvl; \??\C:\Windows\system32\drivers\suojosvl.sys [x]
C:\Users\Jose Adam\AppData\Local\Temp
TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

Edited by gringo_pr, 30 August 2013 - 10:49 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 01 September 2013 - 11:36 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 05 September 2013 - 12:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users