Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In need of a fixlist.txt file for Farbar recovery scan tool


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mr.LucianoSno

Mr.LucianoSno

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 AM

Posted 21 November 2013 - 01:03 AM

Hi, any help  with this would be greatly appreciated! Here is my FRST.txt file     

 

==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-10-26] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
HKU\Fabian Zayas\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} -  No File
 
==================== Services (Whitelisted) =================
 
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-07] (KORG INC.)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S1 MpKsl24c7195b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl24c7195b.sys [46768 2013-10-26] (Microsoft Corporation)
S1 MpKsl71c12e8c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl71c12e8c.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl7de8a784; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl7de8a784.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl81550350; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl81550350.sys [46768 2013-11-01] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav
 
==================== One Month Modified Files and Folders =======
 
2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-21 00:13 - 2010-01-19 21:39 - 00000000 ____D C:\users\Fabian Zayas
2013-11-21 00:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-18 00:00 - 2009-10-31 01:17 - 01296133 _____ C:\Windows\WindowsUpdate.log
2013-11-17 23:58 - 2012-02-03 07:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
2013-11-17 23:52 - 2013-03-06 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 23:40 - 2011-02-15 19:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 22:40 - 2011-02-15 19:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 20:58 - 2012-02-03 07:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
2013-11-17 19:02 - 2013-10-21 16:36 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForFabian Zayas.job
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 06:58 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-11-08 06:51 - 2010-01-29 07:38 - 410054500 _____ C:\Windows\MEMORY.DMP
2013-11-08 06:51 - 2010-01-29 07:38 - 00000000 ____D C:\Windows\Minidump
2013-11-08 06:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 06:51 - 2009-07-13 20:51 - 00191847 _____ C:\Windows\setupact.log
2013-11-01 23:01 - 2013-04-30 11:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-01 23:01 - 2013-04-30 11:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-01 23:01 - 2013-04-30 11:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-31 05:59 - 2010-01-19 22:39 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-26 23:20 - 2009-08-19 02:18 - 00348350 _____ C:\Windows\PFRO.log
2013-10-26 23:00 - 2013-08-14 23:01 - 00000000 ____D C:\Windows\System32\MRT
2013-10-26 23:00 - 2010-02-21 23:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-26 12:02 - 2013-10-21 16:36 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFabian Zayas
2013-10-25 16:36 - 2010-01-20 22:44 - 00000000 ____D C:\Users\Fabian Zayas\AppData\Roaming\HpUpdate
2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav
2013-10-22 22:04 - 2012-02-03 07:04 - 00002409 _____ C:\Users\Fabian Zayas\Desktop\Google Chrome.lnk
2013-10-22 21:35 - 2011-02-15 19:09 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-22 21:35 - 2011-02-15 19:09 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
 
Files to move or delete:
====================
C:\ProgramData\0949343.pad
C:\ProgramData\4v7x6c2B2.dat
C:\Users\Fabian Zayas\audacity-win-1.2.6.exe
C:\Users\Fabian Zayas\switchsetup.exe
C:\Users\Fabian Zayas\utorrent.exe
 
 
Some content of TEMP:
====================
C:\Users\Fabian Zayas\AppData\Local\Temp\50or.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\alw8tfq0.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\bitool.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\Bonjour64Setup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\bpuninstall.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\burnsetup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\default_pack_installer.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\emhumjj-.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\FlashPlayer.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\intrau3.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\oyhilrl7.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\tspohk6x.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\uninst.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\vpsetup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\wctikeq3.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\xtj1ygy9.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\zfqyfyh4.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\zipsetup.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
19
Restore point made on: 2013-10-28 23:00:15
Restore point made on: 2013-10-29 23:00:15
Restore point made on: 2013-10-30 23:00:14
Restore point made on: 2013-10-31 23:00:15
Restore point made on: 2013-11-01 23:00:24
Restore point made on: 2013-11-02 23:00:20
Restore point made on: 2013-11-03 00:00:16
Restore point made on: 2013-11-08 06:53:45
Restore point made on: 2013-11-09 00:00:26
Restore point made on: 2013-11-10 00:00:15
Restore point made on: 2013-11-11 00:00:14
Restore point made on: 2013-11-12 00:00:15
Restore point made on: 2013-11-13 00:00:15
Restore point made on: 2013-11-14 00:00:15
Restore point made on: 2013-11-15 00:00:15
Restore point made on: 2013-11-16 00:00:15
Restore point made on: 2013-11-17 00:00:15
Restore point made on: 2013-11-18 00:00:15
Restore point made on: 2013-11-19 00:00:14
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 3966.49 MB
Available physical RAM: 3197.69 MB
Total Pagefile: 3964.69 MB
Available Pagefile: 3217.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-11-09 21:03
 
==================== End Of Log ============================ :thumbsup:

Edited by Queen-Evie, 21 November 2013 - 01:58 PM.
moved from Windows 7 to the appropriate forum. FRST logs are allowed only in Malware Removal Logs


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:30 PM

Posted 21 November 2013 - 05:40 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

The log is cut off? Is the computer bootable or you ran FRST from Recovery Environment?

 

 

Download the following file =>[attachment=144155:fixlist.txt] and save it to an USB flash drive. (if you ran FRST from RE)
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST the way you did before.

When the tool opens click Yes to disclaimer.

Press the Fix button just once and wait.

The tool will make a log on the USB flash drive named (Fixlog.txt). Please post it to your reply.

Also reboot the computer to Normal Mode and let me know if that was successful.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:30 PM

Posted 26 November 2013 - 12:59 PM

Hello,

 

Are you still with me?

 

 

Regards,

Georgi


cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:30 PM

Posted 03 December 2013 - 07:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users