Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Fixlist.txt


  • This topic is locked This topic is locked
32 replies to this topic

#1 Sibz2040

Sibz2040

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 30 August 2017 - 10:14 AM

how do i get fixlist.txt for these results

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2017
Ran by SYSTEM on MININT-8OCM6ID (30-08-2017 13:26:10)
Running from f:\
Platform: Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1879152 2017-07-31] (Smadsoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7533072 2015-04-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1016336 2015-04-29] (Realtek Semiconductor)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BavTray.exe [2016800 2017-07-02] (Baidu, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [919032 2017-08-17] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2009-07-13] (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128432 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [490968 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [490968 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1525240 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 BavMiniService; C:\ProgramData\Baidu\Antivirus\BavMSService.exe [0 2017-08-16] () <==== ATTENTION (zero byte File/Folder)
S2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BavSvc.exe [2488536 2017-07-02] (Baidu, Inc.)
S2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BHipsSvc.exe [433488 2017-07-02] (Baidu, Inc.)
S2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-13] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [255504 2015-04-29] (Realtek Semiconductor)
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S3 wpscloudsvr; C:\Users\hp\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [0 2017-08-06] () <==== ATTENTION (zero byte File/Folder)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BdSandboxSrv.exe [X]
S2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe -m security [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2014-09-23] (Advanced Micro Devices)
S0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2014-09-23] (Advanced Micro Devices)
S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [140304 2017-08-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153664 2017-08-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-08-17] (Avira Operations GmbH & Co. KG)
S0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [23304 2017-08-17] (Avira Operations GmbH & Co. KG)
S3 bdark; C:\Windows\system32\drivers\bdark.sys [81912 2015-02-05] ()
S1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51192 2017-07-02] (Baidu, Inc.)
S1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31224 2017-07-02] (Baidu, Inc.)
S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74936 2017-07-02] (Baidu, Inc.)
S3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [150008 2017-07-02] (Baidu, Inc.)
S1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75480 2017-07-02] (Baidu, Inc.)
S1 Bndef; C:\Windows\System32\drivers\bndef.sys [462200 2017-07-02] (Baidu, Inc.)
S3 Bnmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\Bnmon.sys [84984 2017-07-02] (Baidu, Inc.)
S1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [197112 2017-07-02] (Baidu, Inc.)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2017-08-24] (Glarysoft Ltd)
S3 netr28; C:\Windows\System32\DRIVERS\netr28.sys [2097296 2015-02-10] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [230104 2015-01-21] (Realtek Semiconductor Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-30 13:25 - 2017-08-30 13:26 - 000000000 ____D C:\FRST
2017-08-29 19:44 - 2017-08-29 19:44 - 000000000 ____D C:\Users\hp\AppData\Roaming\Avira
2017-08-29 19:43 - 2017-08-29 19:43 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-08-29 19:42 - 2017-08-29 19:42 - 000000000 ____H C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-08-29 19:41 - 2017-08-29 19:41 - 000000000 ____D C:\ProgramData\Avira
2017-08-29 19:41 - 2017-08-29 19:41 - 000000000 ____D C:\Program Files\Avira
2017-08-29 19:41 - 2017-08-17 17:25 - 000153664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000140304 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000059000 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000046440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avdevprot.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000035840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000023304 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avusbflt.sys
2017-08-29 18:32 - 2017-08-29 18:32 - 003514368 ____S C:\Windows\tasksche.exe
2017-08-29 18:28 - 2017-08-29 18:29 - 033582949 _____ C:\Users\hp\Downloads\30 Rare Goals We See in Football.mp4
2017-08-29 18:19 - 2017-08-29 19:44 - 000000000 ____D C:\Users\hp\AppData\Roaming\DMCache
2017-08-29 18:19 - 2017-08-29 18:21 - 000000000 ____D C:\Users\hp\AppData\Roaming\IDM
2017-08-29 18:19 - 2017-08-29 18:19 - 000000983 _____ C:\Users\hp\Desktop\Internet Download Manager.lnk
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\Users\hp\Downloads\Video
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\Users\hp\Downloads\Compressed
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\ProgramData\IDM
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\Program Files\Internet Download Manager
2017-08-29 18:11 - 2017-08-29 18:16 - 007196640 _____ (Tonec Inc.) C:\Users\hp\Downloads\idman628build17.exe
2017-08-29 18:03 - 2017-08-29 18:14 - 017331739 _____ C:\Users\hp\Downloads\FIFA_14_v1.3.6.apk
2017-08-29 17:59 - 2017-08-29 18:27 - 008650164 _____ C:\Users\hp\Downloads\-Oceanofgames.com-FIF13.rar.opdownload
2017-08-29 17:53 - 2017-08-29 17:53 - 000001263 _____ C:\Users\hp\Desktop\Opera Browser.lnk
2017-08-29 17:53 - 2017-08-29 17:53 - 000000000 ____D C:\Users\hp\AppData\Roaming\Opera Software
2017-08-29 17:53 - 2017-08-29 17:53 - 000000000 ____D C:\Users\hp\AppData\Local\Opera Software
2017-08-29 16:57 - 2017-08-29 16:58 - 001155768 _____ (Opera Software) C:\Users\hp\Downloads\OperaSetup.exe
2017-08-28 22:08 - 2017-08-28 22:08 - 000000000 ____D C:\Users\hp\Desktop\Family Guy S14
2017-08-28 22:06 - 2017-08-28 19:04 - 1098754092 ____N C:\Users\hp\Desktop\Teenage Mutant Ninja Turtles Out of the Shadows Watch Online SeeHD The Best Movie Club Around.mp4
2017-08-28 22:05 - 2017-08-28 22:12 - 000000000 ____D C:\Users\hp\Desktop\Independence Day-Resurgence 2016
2017-08-28 12:43 - 2017-08-26 12:37 - 1024868702 ____N C:\Users\hp\Desktop\The.Mummy.2017.KORSUB.HDRip.x264-STUTTERbleep.mp4
2017-08-28 12:40 - 2017-08-26 12:29 - 1582187370 ____N C:\Users\hp\Desktop\[seriesonline.io] - Fast and Furious 8- The Fate of the Furious.mp4
2017-08-26 09:48 - 2017-08-26 09:50 - 000000000 ____D C:\Users\hp\Documents\UEFA Champions League 2006-2007
2017-08-26 09:39 - 2017-08-26 09:47 - 000000000 ____D C:\UEFA Champions League 2006-2007
2017-08-26 09:35 - 2017-08-26 09:35 - 000001965 _____ C:\Users\hp\Desktop\GameTeam.com.lnk
2017-08-26 09:35 - 2017-08-26 09:35 - 000001963 _____ C:\Users\hp\Desktop\GameTop.com.lnk
2017-08-26 09:35 - 2017-08-26 09:35 - 000001166 _____ C:\Users\hp\Desktop\Star Shooter.lnk
2017-08-26 09:35 - 2017-08-26 09:35 - 000000000 ____D C:\Program Files\GameTop.com
2017-08-26 09:31 - 2017-08-26 09:34 - 000000000 ____D C:\Users\hp\Documents\Euro Truck Simulator 2
2017-08-26 09:31 - 2017-08-26 09:31 - 000001294 _____ C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
2017-08-26 09:29 - 2017-08-26 09:31 - 000000000 ____D C:\Program Files\Euro Truck Simulator 2
2017-08-26 09:06 - 2017-08-26 09:06 - 000000000 ____D C:\$WINDOWS.~LS
2017-08-26 09:01 - 2017-08-26 09:01 - 000000000 ____D C:\$WINDOWS.~BT
2017-08-26 09:01 - 2017-08-26 09:01 - 000000000 ____D C:\$UPGRADE.~OS
2017-08-26 08:51 - 2017-08-26 08:51 - 000001978 _____ C:\Users\hp\Desktop\FL Studio 12.lnk
2017-08-24 16:29 - 2017-08-24 16:29 - 000003288 ____N C:\bootsqm.dat
2017-08-24 14:06 - 2017-08-24 14:06 - 000000207 _____ C:\Windows\tweaking.com-regbackup-HP-PC-Windows-7-Ultimate-(32-bit).dat
2017-08-24 14:06 - 2017-08-24 14:06 - 000000000 ____D C:\RegBackup
2017-08-24 11:26 - 2017-08-06 17:24 - 000029680 _____ (Glarysoft Ltd) C:\Windows\System32\RegBootDefrag.exe
2017-08-24 11:05 - 2017-08-29 19:34 - 000000000 ____D C:\Program Files\Glary Utilities 5
2017-08-24 11:05 - 2017-08-24 11:05 - 000017472 _____ (Glarysoft Ltd) C:\Windows\System32\Drivers\GUBootStartup.sys
2017-08-24 11:05 - 2017-08-24 11:05 - 000001042 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-08-24 10:58 - 2017-08-24 18:20 - 000000000 ____D C:\ProgramData\SecTaskMan
2017-08-24 10:58 - 2017-08-24 10:58 - 000001097 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-08-24 10:58 - 2017-08-24 10:58 - 000000000 ____D C:\Program Files\Security Task Manager
2017-08-21 18:56 - 2017-08-18 14:17 - 288680784 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_offline.exe
2017-08-21 18:56 - 2017-08-18 14:17 - 288680784 _____ (AVAST Software) C:\Users\hp\Desktop\avast_free_antivirus_setup_offline.exe
2017-08-21 17:51 - 2017-08-21 18:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-21 17:51 - 2017-08-21 17:51 - 000170200 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-08-21 17:51 - 2017-08-21 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-21 17:50 - 2017-08-21 19:05 - 000094936 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-08-21 17:26 - 2017-08-21 17:26 - 000000000 ____D C:\Windows\ERDNT
2017-08-21 17:25 - 2017-08-21 19:02 - 000000000 ____D C:\Program Files\ERUNT
2017-08-21 17:25 - 2017-08-21 17:25 - 000000879 _____ C:\Users\hp\Desktop\ERUNT.lnk
2017-08-18 16:12 - 2017-08-18 16:12 - 000000811 _____ C:\Windows\System32\0
2017-08-18 14:57 - 2017-08-24 11:12 - 000000000 ____D C:\ProgramData\GlarySoft
2017-08-18 14:46 - 2017-08-24 15:52 - 000000000 ____D C:\Users\hp\AppData\Roaming\GlarySoft
2017-08-18 14:46 - 2017-08-18 14:46 - 000000000 ____D C:\Users\hp\AppData\Roaming\DiskDefrag
2017-08-18 14:43 - 2017-08-18 14:43 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-17 18:26 - 2017-08-17 18:26 - 000000000 ____D C:\Users\hp\AppData\Local\iolo
2017-08-17 18:26 - 2017-08-17 18:26 - 000000000 ____D C:\Program Files\Common Files\iolo
2017-08-17 10:35 - 2009-11-25 11:47 - 001130824 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2017-08-17 10:35 - 2009-11-25 11:47 - 000297808 _____ (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2017-08-17 10:35 - 2009-11-25 11:47 - 000295264 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2017-08-17 10:35 - 2009-11-25 11:47 - 000099176 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2017-08-17 10:35 - 2009-11-25 11:47 - 000049472 _____ (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2017-08-17 09:38 - 2017-08-17 09:38 - 000074703 _____ C:\Windows\System32\mfc45.dat
2017-08-17 09:38 - 2017-08-17 09:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\iolo
2017-08-16 19:14 - 2017-08-16 19:14 - 000000000 ____D C:\Users\hp\AppData\Roaming\BavMini
2017-08-06 18:46 - 2017-08-29 16:53 - 000000000 ____D C:\ProgramData\BavSvc_exe
2017-08-06 16:17 - 2017-08-21 20:03 - 000000000 ___HD C:\boots
2017-08-05 08:31 - 2017-08-05 08:26 - 000149224 _____ (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-29 19:40 - 2009-07-13 20:34 - 000020560 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-29 19:40 - 2009-07-13 20:34 - 000020560 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-29 19:33 - 2017-05-18 20:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-29 16:53 - 2017-05-18 20:05 - 000000000 ____D C:\Users\hp\AppData\Roaming\Yandex
2017-08-29 11:41 - 2017-07-03 17:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc
2017-08-29 10:56 - 2017-05-18 20:05 - 000000000 ____D C:\Program Files\TeamViewer
2017-08-26 10:46 - 2017-04-30 14:40 - 000000000 __SHD C:\[Smad-Cage]
2017-08-26 10:24 - 2017-05-20 13:45 - 000002861 _____ C:\Windows\diagwrn.xml
2017-08-26 10:24 - 2017-05-20 13:45 - 000001908 _____ C:\Windows\diagerr.xml
2017-08-26 09:06 - 2017-05-20 13:50 - 000000002 _____ C:\$UpgDrv$
2017-08-26 08:51 - 2017-05-18 06:50 - 000000000 ____D C:\Program Files\Image-Line
2017-08-25 20:55 - 2017-07-09 15:21 - 000000000 ____D C:\Users\hp\AppData\Roaming\AIMP3
2017-08-25 19:23 - 2009-08-28 03:29 - 000000000 ____D C:\users\hp
2017-08-24 15:32 - 2009-07-13 20:33 - 000268184 _____ C:\Windows\System32\FNTCACHE.DAT
2017-08-24 15:31 - 2009-07-13 23:49 - 000000000 ____D C:\Windows\CSC
2017-08-24 15:23 - 2017-04-30 14:43 - 000799656 _____ C:\Windows\System32\PerfStringBackup.INI
2017-08-24 15:23 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2017-08-24 14:47 - 2017-05-18 07:20 - 000057992 _____ C:\Users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-24 14:31 - 2009-07-13 18:04 - 000000855 _____ C:\Windows\System32\Drivers\etc\hosts_bak_690
2017-08-24 11:27 - 2009-07-13 18:03 - 030670848 _____ C:\Windows\System32\config\software.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 019922944 _____ C:\Windows\System32\config\system.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 000262144 _____ C:\Windows\System32\config\security.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 000262144 _____ C:\Windows\System32\config\sam.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 000262144 _____ C:\Windows\System32\config\default.gu.bak
2017-08-21 20:03 - 2017-04-30 14:40 - 000000000 ____D C:\Program Files\SMADAV
2017-08-21 16:38 - 2017-05-18 20:13 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-08-18 15:52 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\registration
2017-08-18 14:49 - 2017-05-05 13:49 - 000000000 ____D C:\Windows\Minidump
2017-08-18 10:13 - 2017-07-25 16:58 - 000000000 ____D C:\Users\hp\Desktop\New folder (2)
2017-08-17 09:44 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\inetsrv
2017-08-17 09:38 - 2017-05-18 20:17 - 000000000 ____D C:\Users\hp\AppData\Local\Downloaded Installations
2017-08-16 18:44 - 2017-07-05 18:03 - 000000000 ____D C:\Users\hp\AppData\Roaming\dvdcss
2017-08-16 16:14 - 2017-04-30 14:40 - 000001022 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2017-08-14 14:01 - 2017-05-28 12:06 - 000000000 ____D C:\Program Files\Java
2017-08-06 18:59 - 2017-05-18 19:59 - 000000000 ____D C:\Program Files\7-Zip
2017-08-06 16:19 - 2017-05-28 11:41 - 000000000 ____D C:\Users\hp\AppData\Roaming\DriverPack Notifier
2017-08-04 16:33 - 2017-05-27 11:48 - 000000000 ____D C:\Users\hp\Documents\FIFA 14

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-08-21 17:00
Restore point date: 2017-08-28 12:48
Restore point date: 2017-08-29 17:36
Restore point date: 2017-08-29 19:47

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3680.36 MB
Available physical RAM: 3212.23 MB
Total Virtual: 3678.64 MB
Available Virtual: 3214.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:236.85 GB) NTFS
Drive f: (NESTORZ) (Removable) (Total:1.84 GB) (Free:0.46 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0585AD0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-06-20 12:55

==================== End of FRST.txt ============================


Edited by hamluis, 30 August 2017 - 10:16 AM.
Moved from Crashes/BSODs to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 31 August 2017 - 07:17 PM

Hi Sibz2040 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Download the attached fixlist.txt and save it on your USB Flash Drive where the FRST executable is. Go back in the Recovery Environment, launch FRST but this time use the Fix button. After that, you should be able to restart your computer normally. A fixlog.txt should be on your USB. Attach it here.

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 04:12 AM

I did as you said but it still wont boot.
Here are the results
Fix result of Farbar Recovery Scan Tool (x86) Version: 19-08-2017
Ran by SYSTEM (01-09-2017 11:06:07) Run:1
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
S2 BavMiniService; C:\ProgramData\Baidu\Antivirus\BavMSService.exe [0 2017-08-16] () <==== ATTENTION (zero byte File/Folder)
S3 wpscloudsvr; C:\Users\hp\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [0 2017-08-06] () <==== ATTENTION (zero byte File/Folder)
S2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe -m security [X]

C:\WINDOWS\mssecsvc.exe
*****************

HKLM\System\ControlSet001\Services\BavMiniService => key removed successfully.
BavMiniService => service removed successfully.
HKLM\System\ControlSet001\Services\wpscloudsvr => key removed successfully.
wpscloudsvr => service removed successfully.
HKLM\System\ControlSet001\Services\mssecsvc2.0 => key removed successfully.
mssecsvc2.0 => service removed successfully.
"C:\WINDOWS\mssecsvc.exe" => not found.

==== End of Fixlog 11:06:07 ====

#4 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 04:24 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-08-2017
Ran by SYSTEM (01-09-2017 11:18:51) Run:2
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
S2 BavMiniService; C:\ProgramData\Baidu\Antivirus\BavMSService.exe [0 2017-08-16] () <==== ATTENTION (zero byte File/Folder)
S3 wpscloudsvr; C:\Users\hp\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [0 2017-08-06] () <==== ATTENTION (zero byte File/Folder)
S2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe -m security [X]

C:\WINDOWS\mssecsvc.exe
*****************

BavMiniService => service not found.
wpscloudsvr => service not found.
mssecsvc2.0 => service not found.
"C:\WINDOWS\mssecsvc.exe" => not found.

==== End of Fixlog 11:18:51 ====

#5 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 04:55 AM

it still wont boot

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 01 September 2017 - 07:07 AM

Alright, can you run a new scan with FRST in the Recovery Environment and attach or copy/paste the content of the new FRST.txt log here after?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 08:22 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2017
Ran by SYSTEM on MININT-8QP8S58 (01-09-2017 15:16:08)
Running from f:\
Platform: Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1879152 2017-07-31] (Smadsoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [7533072 2015-04-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1016336 2015-04-29] (Realtek Semiconductor)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BavTray.exe [2016800 2017-07-02] (Baidu, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [919032 2017-08-17] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2009-07-13] (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128432 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [490968 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [490968 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1525240 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BavSvc.exe [2488536 2017-07-02] (Baidu, Inc.)
S2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BHipsSvc.exe [433488 2017-07-02] (Baidu, Inc.)
S2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-13] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [255504 2015-04-29] (Realtek Semiconductor)
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BdSandboxSrv.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [71880 2014-09-23] (Advanced Micro Devices)
S0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2014-09-23] (Advanced Micro Devices)
S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [140304 2017-08-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153664 2017-08-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-08-17] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-08-17] (Avira Operations GmbH & Co. KG)
S0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [23304 2017-08-17] (Avira Operations GmbH & Co. KG)
S3 bdark; C:\Windows\system32\drivers\bdark.sys [81912 2015-02-05] ()
S1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51192 2017-07-02] (Baidu, Inc.)
S1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31224 2017-07-02] (Baidu, Inc.)
S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74936 2017-07-02] (Baidu, Inc.)
S3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [150008 2017-07-02] (Baidu, Inc.)
S1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75480 2017-07-02] (Baidu, Inc.)
S1 Bndef; C:\Windows\System32\drivers\bndef.sys [462200 2017-07-02] (Baidu, Inc.)
S3 Bnmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\Bnmon.sys [84984 2017-07-02] (Baidu, Inc.)
S1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [197112 2017-07-02] (Baidu, Inc.)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2017-08-24] (Glarysoft Ltd)
S3 netr28; C:\Windows\System32\DRIVERS\netr28.sys [2097296 2015-02-10] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [230104 2015-01-21] (Realtek Semiconductor Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-30 13:25 - 2017-09-01 15:16 - 000000000 ____D C:\FRST
2017-08-29 19:44 - 2017-08-29 19:44 - 000000000 ____D C:\Users\hp\AppData\Roaming\Avira
2017-08-29 19:43 - 2017-08-29 19:43 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-08-29 19:42 - 2017-08-29 19:42 - 000000000 ____H C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-08-29 19:41 - 2017-08-29 19:41 - 000000000 ____D C:\ProgramData\Avira
2017-08-29 19:41 - 2017-08-29 19:41 - 000000000 ____D C:\Program Files\Avira
2017-08-29 19:41 - 2017-08-17 17:25 - 000153664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000140304 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000059000 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000046440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avdevprot.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000035840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2017-08-29 19:41 - 2017-08-17 17:25 - 000023304 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avusbflt.sys
2017-08-29 18:32 - 2017-08-29 18:32 - 003514368 ____S C:\Windows\tasksche.exe
2017-08-29 18:28 - 2017-08-29 18:29 - 033582949 _____ C:\Users\hp\Downloads\30 Rare Goals We See in Football.mp4
2017-08-29 18:19 - 2017-08-29 19:44 - 000000000 ____D C:\Users\hp\AppData\Roaming\DMCache
2017-08-29 18:19 - 2017-08-29 18:21 - 000000000 ____D C:\Users\hp\AppData\Roaming\IDM
2017-08-29 18:19 - 2017-08-29 18:19 - 000000983 _____ C:\Users\hp\Desktop\Internet Download Manager.lnk
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\Users\hp\Downloads\Video
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\Users\hp\Downloads\Compressed
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\ProgramData\IDM
2017-08-29 18:19 - 2017-08-29 18:19 - 000000000 ____D C:\Program Files\Internet Download Manager
2017-08-29 18:11 - 2017-08-29 18:16 - 007196640 _____ (Tonec Inc.) C:\Users\hp\Downloads\idman628build17.exe
2017-08-29 18:03 - 2017-08-29 18:14 - 017331739 _____ C:\Users\hp\Downloads\FIFA_14_v1.3.6.apk
2017-08-29 17:59 - 2017-08-29 18:27 - 008650164 _____ C:\Users\hp\Downloads\-Oceanofgames.com-FIF13.rar.opdownload
2017-08-29 17:53 - 2017-08-29 17:53 - 000001263 _____ C:\Users\hp\Desktop\Opera Browser.lnk
2017-08-29 17:53 - 2017-08-29 17:53 - 000000000 ____D C:\Users\hp\AppData\Roaming\Opera Software
2017-08-29 17:53 - 2017-08-29 17:53 - 000000000 ____D C:\Users\hp\AppData\Local\Opera Software
2017-08-29 16:57 - 2017-08-29 16:58 - 001155768 _____ (Opera Software) C:\Users\hp\Downloads\OperaSetup.exe
2017-08-28 22:08 - 2017-08-28 22:08 - 000000000 ____D C:\Users\hp\Desktop\Family Guy S14
2017-08-28 22:06 - 2017-08-28 19:04 - 1098754092 ____N C:\Users\hp\Desktop\Teenage Mutant Ninja Turtles Out of the Shadows Watch Online SeeHD The Best Movie Club Around.mp4
2017-08-28 22:05 - 2017-08-28 22:12 - 000000000 ____D C:\Users\hp\Desktop\Independence Day-Resurgence 2016
2017-08-28 12:43 - 2017-08-26 12:37 - 1024868702 ____N C:\Users\hp\Desktop\The.Mummy.2017.KORSUB.HDRip.x264-STUTTERbleep.mp4
2017-08-28 12:40 - 2017-08-26 12:29 - 1582187370 ____N C:\Users\hp\Desktop\[seriesonline.io] - Fast and Furious 8- The Fate of the Furious.mp4
2017-08-26 09:48 - 2017-08-26 09:50 - 000000000 ____D C:\Users\hp\Documents\UEFA Champions League 2006-2007
2017-08-26 09:39 - 2017-08-26 09:47 - 000000000 ____D C:\UEFA Champions League 2006-2007
2017-08-26 09:35 - 2017-08-26 09:35 - 000001965 _____ C:\Users\hp\Desktop\GameTeam.com.lnk
2017-08-26 09:35 - 2017-08-26 09:35 - 000001963 _____ C:\Users\hp\Desktop\GameTop.com.lnk
2017-08-26 09:35 - 2017-08-26 09:35 - 000001166 _____ C:\Users\hp\Desktop\Star Shooter.lnk
2017-08-26 09:35 - 2017-08-26 09:35 - 000000000 ____D C:\Program Files\GameTop.com
2017-08-26 09:31 - 2017-08-26 09:34 - 000000000 ____D C:\Users\hp\Documents\Euro Truck Simulator 2
2017-08-26 09:31 - 2017-08-26 09:31 - 000001294 _____ C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
2017-08-26 09:29 - 2017-08-26 09:31 - 000000000 ____D C:\Program Files\Euro Truck Simulator 2
2017-08-26 09:06 - 2017-08-26 09:06 - 000000000 ____D C:\$WINDOWS.~LS
2017-08-26 09:01 - 2017-08-26 09:01 - 000000000 ____D C:\$WINDOWS.~BT
2017-08-26 09:01 - 2017-08-26 09:01 - 000000000 ____D C:\$UPGRADE.~OS
2017-08-26 08:51 - 2017-08-26 08:51 - 000001978 _____ C:\Users\hp\Desktop\FL Studio 12.lnk
2017-08-24 16:29 - 2017-08-24 16:29 - 000003288 ____N C:\bootsqm.dat
2017-08-24 14:06 - 2017-08-24 14:06 - 000000207 _____ C:\Windows\tweaking.com-regbackup-HP-PC-Windows-7-Ultimate-(32-bit).dat
2017-08-24 14:06 - 2017-08-24 14:06 - 000000000 ____D C:\RegBackup
2017-08-24 11:26 - 2017-08-06 17:24 - 000029680 _____ (Glarysoft Ltd) C:\Windows\System32\RegBootDefrag.exe
2017-08-24 11:05 - 2017-08-29 19:34 - 000000000 ____D C:\Program Files\Glary Utilities 5
2017-08-24 11:05 - 2017-08-24 11:05 - 000017472 _____ (Glarysoft Ltd) C:\Windows\System32\Drivers\GUBootStartup.sys
2017-08-24 11:05 - 2017-08-24 11:05 - 000001042 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-08-24 10:58 - 2017-08-24 18:20 - 000000000 ____D C:\ProgramData\SecTaskMan
2017-08-24 10:58 - 2017-08-24 10:58 - 000001097 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-08-24 10:58 - 2017-08-24 10:58 - 000000000 ____D C:\Program Files\Security Task Manager
2017-08-21 18:56 - 2017-08-18 14:17 - 288680784 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_offline.exe
2017-08-21 18:56 - 2017-08-18 14:17 - 288680784 _____ (AVAST Software) C:\Users\hp\Desktop\avast_free_antivirus_setup_offline.exe
2017-08-21 17:51 - 2017-08-21 18:38 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-21 17:51 - 2017-08-21 17:51 - 000170200 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-08-21 17:51 - 2017-08-21 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-21 17:50 - 2017-08-21 19:05 - 000094936 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-08-21 17:26 - 2017-08-21 17:26 - 000000000 ____D C:\Windows\ERDNT
2017-08-21 17:25 - 2017-08-21 19:02 - 000000000 ____D C:\Program Files\ERUNT
2017-08-21 17:25 - 2017-08-21 17:25 - 000000879 _____ C:\Users\hp\Desktop\ERUNT.lnk
2017-08-18 16:12 - 2017-08-18 16:12 - 000000811 _____ C:\Windows\System32\0
2017-08-18 14:57 - 2017-08-24 11:12 - 000000000 ____D C:\ProgramData\GlarySoft
2017-08-18 14:46 - 2017-08-24 15:52 - 000000000 ____D C:\Users\hp\AppData\Roaming\GlarySoft
2017-08-18 14:46 - 2017-08-18 14:46 - 000000000 ____D C:\Users\hp\AppData\Roaming\DiskDefrag
2017-08-18 14:43 - 2017-08-18 14:43 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-17 18:26 - 2017-08-17 18:26 - 000000000 ____D C:\Users\hp\AppData\Local\iolo
2017-08-17 18:26 - 2017-08-17 18:26 - 000000000 ____D C:\Program Files\Common Files\iolo
2017-08-17 10:35 - 2009-11-25 11:47 - 001130824 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2017-08-17 10:35 - 2009-11-25 11:47 - 000297808 _____ (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2017-08-17 10:35 - 2009-11-25 11:47 - 000295264 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2017-08-17 10:35 - 2009-11-25 11:47 - 000099176 _____ (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2017-08-17 10:35 - 2009-11-25 11:47 - 000049472 _____ (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2017-08-17 09:38 - 2017-08-17 09:38 - 000074703 _____ C:\Windows\System32\mfc45.dat
2017-08-17 09:38 - 2017-08-17 09:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\iolo
2017-08-16 19:14 - 2017-08-16 19:14 - 000000000 ____D C:\Users\hp\AppData\Roaming\BavMini
2017-08-06 18:46 - 2017-08-29 16:53 - 000000000 ____D C:\ProgramData\BavSvc_exe
2017-08-06 16:17 - 2017-08-21 20:03 - 000000000 ___HD C:\boots
2017-08-05 08:31 - 2017-08-05 08:26 - 000149224 _____ (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-29 19:40 - 2009-07-13 20:34 - 000020560 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-29 19:40 - 2009-07-13 20:34 - 000020560 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-29 19:33 - 2017-05-18 20:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-29 16:53 - 2017-05-18 20:05 - 000000000 ____D C:\Users\hp\AppData\Roaming\Yandex
2017-08-29 11:41 - 2017-07-03 17:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc
2017-08-29 10:56 - 2017-05-18 20:05 - 000000000 ____D C:\Program Files\TeamViewer
2017-08-26 10:46 - 2017-04-30 14:40 - 000000000 __SHD C:\[Smad-Cage]
2017-08-26 10:24 - 2017-05-20 13:45 - 000002861 _____ C:\Windows\diagwrn.xml
2017-08-26 10:24 - 2017-05-20 13:45 - 000001908 _____ C:\Windows\diagerr.xml
2017-08-26 09:06 - 2017-05-20 13:50 - 000000002 _____ C:\$UpgDrv$
2017-08-26 08:51 - 2017-05-18 06:50 - 000000000 ____D C:\Program Files\Image-Line
2017-08-25 20:55 - 2017-07-09 15:21 - 000000000 ____D C:\Users\hp\AppData\Roaming\AIMP3
2017-08-25 19:23 - 2009-08-28 03:29 - 000000000 ____D C:\users\hp
2017-08-24 15:32 - 2009-07-13 20:33 - 000268184 _____ C:\Windows\System32\FNTCACHE.DAT
2017-08-24 15:31 - 2009-07-13 23:49 - 000000000 ____D C:\Windows\CSC
2017-08-24 15:23 - 2017-04-30 14:43 - 000799656 _____ C:\Windows\System32\PerfStringBackup.INI
2017-08-24 15:23 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2017-08-24 14:47 - 2017-05-18 07:20 - 000057992 _____ C:\Users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-24 14:31 - 2009-07-13 18:04 - 000000855 _____ C:\Windows\System32\Drivers\etc\hosts_bak_690
2017-08-24 11:27 - 2009-07-13 18:03 - 030670848 _____ C:\Windows\System32\config\software.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 019922944 _____ C:\Windows\System32\config\system.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 000262144 _____ C:\Windows\System32\config\security.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 000262144 _____ C:\Windows\System32\config\sam.gu.bak
2017-08-24 11:27 - 2009-07-13 18:03 - 000262144 _____ C:\Windows\System32\config\default.gu.bak
2017-08-21 20:03 - 2017-04-30 14:40 - 000000000 ____D C:\Program Files\SMADAV
2017-08-21 16:38 - 2017-05-18 20:13 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-08-18 15:52 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\registration
2017-08-18 14:49 - 2017-05-05 13:49 - 000000000 ____D C:\Windows\Minidump
2017-08-18 10:13 - 2017-07-25 16:58 - 000000000 ____D C:\Users\hp\Desktop\New folder (2)
2017-08-17 09:44 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\inetsrv
2017-08-17 09:38 - 2017-05-18 20:17 - 000000000 ____D C:\Users\hp\AppData\Local\Downloaded Installations
2017-08-16 18:44 - 2017-07-05 18:03 - 000000000 ____D C:\Users\hp\AppData\Roaming\dvdcss
2017-08-16 16:14 - 2017-04-30 14:40 - 000001022 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2017-08-14 14:01 - 2017-05-28 12:06 - 000000000 ____D C:\Program Files\Java
2017-08-06 18:59 - 2017-05-18 19:59 - 000000000 ____D C:\Program Files\7-Zip
2017-08-06 16:19 - 2017-05-28 11:41 - 000000000 ____D C:\Users\hp\AppData\Roaming\DriverPack Notifier
2017-08-04 16:33 - 2017-05-27 11:48 - 000000000 ____D C:\Users\hp\Documents\FIFA 14

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-08-21 17:00
Restore point date: 2017-08-28 12:48
Restore point date: 2017-08-29 17:36
Restore point date: 2017-08-29 19:47

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3680.36 MB
Available physical RAM: 3211.28 MB
Total Virtual: 3678.64 MB
Available Virtual: 3207.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:236.81 GB) NTFS
Drive f: (NESTORZ) (Removable) (Total:1.84 GB) (Free:1.36 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0585AD0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-06-20 12:55

==================== End of FRST.txt ============================

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 01 September 2017 - 08:33 AM

It could be the Baidu Sandbox Service. Let's remove it. Use the attached fixlist.txt.

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 10:07 AM

here are the results

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-08-2017
Ran by SYSTEM (01-09-2017 16:59:57) Run:3
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.5.2.117090.0\BdSandboxSrv.exe [X]
*****************

HKLM\System\ControlSet001\Services\BdSandboxSrv => key removed successfully.
BdSandboxSrv => service removed successfully.

==== End of Fixlog 16:59:57 ====

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 01 September 2017 - 10:13 AM

Now if you restart your computer, does it works?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 10:39 AM

No. There is no change

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 01 September 2017 - 10:42 AM

Are you able to at least make it boot in Safe Mode?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 10:59 AM

No, I cant

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 01 September 2017 - 11:12 AM

When you get the Blue Screen of Death, what is the exception code, message and driver involved?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Sibz2040

Sibz2040
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 12:41 PM

it disappears so fast. That really hard to read




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users