Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My FRST64 results


  • This topic is locked This topic is locked
1 reply to this topic

#1 soarwitheagles

soarwitheagles

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 24 January 2015 - 12:04 PM

Our laptop was running perfect.  Downloaded something that caused black screen with white cursor and an ad with a phone number to fix the computer.

 

I ran FRST64.  Here's the results.  Please help us if you can.

Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by SYSTEM on MININT-UE3IK26 on 24-01-2015 00:24:44
Running from D:\
Platform: WIN_8 (X64) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
ATTENTION: Software hive is not loaded.
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 00:24 - 2015-01-24 00:24 - 00000000 ____D () C:\FRST
2015-01-23 23:07 - 2015-01-23 23:07 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 23:06 - 2015-01-23 23:19 - 00000308 _____ () C:\Windows\setupact.log
2015-01-23 23:06 - 2015-01-23 23:06 - 00000916 _____ () C:\Windows\PFRO.log
2015-01-23 23:06 - 2015-01-23 23:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 23:00 - 2015-01-23 18:34 - 00048792 _____ (StdLib) C:\Windows\System32\Drivers\{304c2a7d-b0e5-4752-bc7f-90d4456afe97}Gw64.sys
2015-01-23 22:54 - 2015-01-23 23:06 - 00000308 _____ () C:\Windows\Tasks\WSE_Taplika.job
2015-01-23 22:54 - 2015-01-23 22:54 - 00002646 _____ () C:\Windows\System32\Tasks\WSE_Taplika
2015-01-23 22:54 - 2015-01-23 22:54 - 00000000 ____D () C:\Users\TinTin\AppData\Roaming\WSE_Taplika
2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\ProgramData\{F8A51066-A827-C1E0-19A1-B162C92362EC}
2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\WSE_Taplika
2015-01-23 22:53 - 2015-01-23 22:53 - 00000000 ____D () C:\Program Files (x86)\Reverse Page
2015-01-23 22:52 - 2015-01-23 23:23 - 00002118 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-10_user.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00004500 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-4.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00002452 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5_user.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00002452 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00001356 _____ () C:\Windows\Tasks\JTSHMHM.job
2015-01-23 22:52 - 2015-01-23 23:20 - 00001354 _____ () C:\Windows\Tasks\CVTPQG.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00005524 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-7.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00005524 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-6.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00003128 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-1.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00002116 _____ () C:\Windows\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-2.job
2015-01-23 22:52 - 2015-01-23 23:19 - 00000936 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-23 22:52 - 2015-01-23 22:57 - 00000940 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-23 22:52 - 2015-01-23 22:52 - 01875944 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\CVTPQG.exe
2015-01-23 22:52 - 2015-01-23 22:52 - 01557480 _____ (Joseph CM) C:\Users\TinTin\AppData\Roaming\JTSHMHM.exe
2015-01-23 22:52 - 2015-01-23 22:52 - 00008528 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-7
2015-01-23 22:52 - 2015-01-23 22:52 - 00008528 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-6
2015-01-23 22:52 - 2015-01-23 22:52 - 00007504 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-4
2015-01-23 22:52 - 2015-01-23 22:52 - 00006132 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-1
2015-01-23 22:52 - 2015-01-23 22:52 - 00005456 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-5
2015-01-23 22:52 - 2015-01-23 22:52 - 00005120 _____ () C:\Windows\System32\Tasks\30370e38-34a0-4500-8b24-1ae97426e111-2
2015-01-23 22:52 - 2015-01-23 22:52 - 00004358 _____ () C:\Windows\System32\Tasks\JTSHMHM
2015-01-23 22:52 - 2015-01-23 22:52 - 00004358 _____ () C:\Windows\System32\Tasks\CVTPQG
2015-01-23 22:52 - 2015-01-23 22:52 - 00003912 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-23 22:52 - 2015-01-23 22:52 - 00003676 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Users\TinTin\AppData\Local\globalUpdate
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec C+
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-23 22:52 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\c74242a8-636c-451c-8947-106c861cfdda
2015-01-23 22:48 - 2015-01-23 22:52 - 00000000 ____D () C:\Program Files (x86)\FLVPlayer
2015-01-23 22:48 - 2015-01-23 22:48 - 00000812 _____ () C:\Users\TinTin\Desktop\FLVPlayer.lnk
2015-01-23 22:09 - 2015-01-23 22:09 - 00065472 _____ () C:\Users\TinTin\Downloads\FLVPlayer-Chrome.exe
2015-01-16 18:32 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-16 18:32 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-16 18:32 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2015-01-16 18:32 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-01-16 18:32 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2015-01-16 18:32 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-16 18:32 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-16 18:32 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-16 18:32 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2015-01-04 00:59 - 2015-01-04 00:59 - 11353649 _____ () C:\Users\TinTin\Downloads\Waterfalls.themepack
2015-01-04 00:57 - 2015-01-04 00:58 - 12350831 _____ () C:\Users\TinTin\Downloads\Iceland.themepack
2015-01-04 00:56 - 2015-01-04 00:58 - 16924019 _____ () C:\Users\TinTin\Downloads\CommunityShowcaseDramaticSkies.themepack
2015-01-04 00:56 - 2015-01-04 00:57 - 25780408 _____ () C:\Users\TinTin\Downloads\CommunityShowcaseAqua3.themepack
2015-01-04 00:54 - 2015-01-04 00:54 - 09543774 _____ () C:\Users\TinTin\Downloads\BlueWater.themepack
2015-01-04 00:53 - 2015-01-04 00:54 - 12749346 _____ () C:\Users\TinTin\Downloads\SnowyNight.themepack
2015-01-04 00:52 - 2015-01-04 00:53 - 23510675 _____ () C:\Users\TinTin\Downloads\WaterscapesMarkNelson.themepack
2015-01-04 00:50 - 2015-01-04 00:51 - 16496739 _____ () C:\Users\TinTin\Downloads\ScenesYosemiteIngoScholtes.themepack
2015-01-04 00:49 - 2015-01-04 00:50 - 11278409 _____ () C:\Users\TinTin\Downloads\Reflections.themepack
2015-01-04 00:42 - 2015-01-04 00:42 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-04 00:42 - 2015-01-04 00:42 - 00000844 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-04 00:42 - 2015-01-04 00:42 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-04 00:41 - 2015-01-04 00:42 - 05317104 _____ (Piriform Ltd) C:\Users\TinTin\Downloads\ccsetup501.exe
2015-01-03 00:34 - 2015-01-03 00:46 - 00000000 _RSHD () C:\acroldr
2014-12-27 21:32 - 2014-12-27 21:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-27 21:32 - 2014-12-27 21:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-27 20:56 - 2014-12-27 20:56 - 00000000 ____D () C:\Users\TinTin\Desktop\2012 TAX FOLDER
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 23:24 - 2014-09-23 23:17 - 00818732 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-23 23:20 - 2013-08-22 05:25 - 00000194 _____ () C:\Windows\win.ini
2015-01-23 23:19 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 23:17 - 2014-11-27 09:13 - 00000000 ____D () C:\users\TinTin
2015-01-23 23:08 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2015-01-23 23:06 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2015-01-23 22:53 - 2014-12-23 16:21 - 00001169 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-23 22:53 - 2014-11-25 09:45 - 00001548 _____ () C:\Users\TinTin\Desktop\Google Chrome.lnk
2015-01-23 22:53 - 2014-11-25 00:57 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1816006716-1691034843-748545821-1001
2015-01-23 22:52 - 2014-12-15 21:04 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2015-01-23 22:48 - 2014-11-25 09:43 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816006716-1691034843-748545821-1001UA.job
2015-01-23 18:35 - 2014-11-27 09:24 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10B68A46-1D1E-4B87-B7D0-2B8C10044920}
2015-01-22 19:20 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-22 19:20 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-19 13:32 - 2014-09-24 02:03 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 13:32 - 2014-09-24 02:03 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 19:00 - 2014-11-25 01:28 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-16 18:59 - 2014-11-25 01:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-04 00:44 - 2014-12-23 17:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-04 00:43 - 2014-11-27 09:11 - 00000000 ___DC () C:\Windows\Panther
2015-01-04 00:33 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-03 00:38 - 2013-08-22 06:44 - 00409712 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-03 00:37 - 2014-12-15 21:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-31 03:14 - 2014-11-25 01:54 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2014-12-15 21:59] - [2014-10-28 17:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437
 
C:\Windows\System32\wininit.exe
[2014-12-15 21:59] - [2014-10-28 17:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380
 
C:\Windows\explorer.exe
[2014-12-15 21:59] - [2014-10-28 19:57] - 2501368 ____A (Microsoft Corporation) 85D47EB257B06094F052E0C8AEFA3BEE
 
C:\Windows\SysWOW64\explorer.exe
[2014-12-15 22:00] - [2014-10-28 19:10] - 2207488 ____A (Microsoft Corporation) 4B37A33F4F5237BF02E537F8D12D1129
 
C:\Windows\System32\svchost.exe
[2014-12-15 21:59] - [2014-10-28 20:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47
 
C:\Windows\SysWOW64\svchost.exe
[2014-12-15 22:00] - [2014-10-28 19:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D
 
C:\Windows\System32\services.exe
[2014-12-15 21:59] - [2014-10-28 19:53] - 0411128 ____A (Microsoft Corporation) 5BF02EBEFEDC706318C96E2E60EDCB91
 
C:\Windows\System32\User32.dll
[2014-12-15 21:59] - [2014-10-28 20:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5
 
C:\Windows\SysWOW64\User32.dll
[2014-12-15 22:00] - [2014-10-28 17:04] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE
 
C:\Windows\System32\userinit.exe
[2014-12-15 21:59] - [2014-10-28 17:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
 
C:\Windows\SysWOW64\userinit.exe
[2014-12-15 22:00] - [2014-10-28 17:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
 
C:\Windows\System32\rpcss.dll
[2014-12-15 21:59] - [2014-10-28 17:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-23 23:35] - [2014-09-23 23:35] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB
 
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-03 00:30:12
Restore point made on: 2015-01-16 18:59:30
Restore point made on: 2015-01-22 19:19:58
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 3981.68 MB
Available physical RAM: 3432.54 MB
Total Pagefile: 3981.68 MB
Available Pagefile: 3446.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (Windows OS) (Fixed) (Total:223.13 GB) (Free:198.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:15.09 GB) (Free:15.09 GB) FAT32
Drive e: (HRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.34 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 000907D4)
Partition 1: (Active) - (Size=223.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)
 
 
LastRegBack: 2015-01-22 19:19
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,559 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:21 AM

Posted 24 January 2015 - 02:50 PM

Being helped here.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users