Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Police virus - need Help with a fixlist.txt for Farbar [Closed]


  • This topic is locked This topic is locked

#1
jj1990

jj1990

    New Member

  • Member
  • Pip
  • 2 posts
Fixing my friend's laptop - need a bit of help creating the fixlist. Can't figure out how to do it myself. Stupid police virus... Any help would be appreciated!
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by SYSTEM on MININT-0OURLN1 on 15-04-2014 18:33:14
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3216544 2010-06-09] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$80948820d896dd88bc1b3760593e9f22\n. ATTENTION! ====> ZeroAccess?
HKU\Brad\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Brad\...\Run: [Sidebar] => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Brad\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1631144 2013-03-29] (Valve Corporation)
HKU\Brad\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\Brad\...\Run: [ctfmon.exe] => C:\PROGRA~3\rundll32.exe C:\PROGRA~3\hitt.dat,FG00 <===== ATTENTION
HKU\Default\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\ProgramData\hitt.dat ()
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
========================== Services (Whitelisted) =================
 
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656 2013-03-13] (Adobe Systems Incorporated)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 CLKMSVC10_1628BCEA; C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [240360 2011-03-01] (CyberLink)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822624 2012-01-04] (Microsoft Corporation)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation)
S2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\Shaw Secure\Anti-Virus\fsgk32st.exe [215648 2009-08-05] (F-Secure Corporation)
S2 FAService; c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2409800 2010-02-22] (Sensible Vision )
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
S3 FSDFWD; C:\Program Files (x86)\Shaw Secure\FWES\Program\fsdfwd.exe [844384 2011-02-17] (F-Secure Corporation)
S2 FSMA; C:\Program Files (x86)\Shaw Secure\Common\FSMA32.EXE [186976 2009-08-05] (F-Secure Corporation)
S3 FSORSPClient; C:\Program Files (x86)\Shaw Secure\ORSP Client\fsorsp.exe [63992 2011-02-17] (F-Secure Corporation)
S3 fsssvc; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1492840 2012-03-08] (Microsoft Corporation)
S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [206072 2010-10-12] (WildTangent, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336 2010-03-03] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856384 2009-06-10] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [249136 2010-09-22] (Microsoft Corporation)
S2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776 2011-10-01] (Microsoft Corporation)
S2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [689472 2010-08-20] (SoftThinks SAS)
S3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496 2011-10-01] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S2 sprtsvc_DellSupportCenter; C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [206064 2009-05-21] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543656 2013-03-29] (Valve Corporation)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des -service [X]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S4 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6233088 2010-01-21] (ATI Technologies Inc.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [22520 2009-12-16] (Broadcom Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [3053560 2009-12-16] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S4 F-Secure Filter; C:\Program Files (x86)\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [39776 2009-08-05] ()
S3 F-Secure Gatekeeper; C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [194728 2011-02-17] ()
S1 F-Secure HIPS; C:\Program Files (x86)\Shaw Secure\HIPS\drivers\fshs.sys [57920 2009-08-05] (F-Secure Corporation)
S4 F-Secure Recognizer; C:\Program Files (x86)\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [25184 2009-08-05] ()
S3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [238848 2008-09-24] (Sensible Vision )
S1 FSES; C:\Windows\System32\drivers\fses.sys [45624 2011-02-17] (F-Secure Corporation)
S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94280 2011-02-17] (F-Secure Corporation)
S1 fsvista; C:\Program Files (x86)\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [14904 2009-08-05] ()
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [60416 2009-03-09] (ITE Tech. Inc. )
S3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [321064 2009-11-19] (Broadcom Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [45456 2010-07-21] (Microsoft Corporation)
S2 rimspci; C:\Windows\System32\DRIVERS\rimspe64.sys [60416 2009-07-01] (REDC)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe64.sys [80896 2009-07-01] (REDC)
S2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe64.sys [55808 2009-07-04] (REDC)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [505856 2010-01-20] (IDT, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-15 18:33 - 2014-04-15 18:33 - 00000000 ____D () C:\FRST
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\Users\Brad\AppData\Local\{76B5929F-FA58-453F-8CB6-5FAB87EE169B}
 
==================== One Month Modified Files and Folders =======
 
2014-04-15 18:33 - 2014-04-15 18:33 - 00000000 ____D () C:\FRST
2014-04-15 17:17 - 2013-04-02 20:19 - 95023320 ____T () C:\ProgramData\ttih.pad
2014-04-15 17:17 - 2010-10-15 10:31 - 00000000 ____D () C:\Users\Brad\Tracing
2014-04-15 17:17 - 2009-07-13 20:51 - 00104962 _____ () C:\Windows\setupact.log
2014-04-15 17:11 - 2011-02-21 14:09 - 00000000 ____D () C:\Users\Brad\AppData\Roaming\Skype
2014-04-15 17:11 - 2010-10-21 21:33 - 00000000 ____D () C:\Users\Brad\AppData\Local\Windows Live
2014-04-15 17:10 - 2014-04-15 17:10 - 00000000 ____D () C:\Users\Brad\AppData\Local\{76B5929F-FA58-453F-8CB6-5FAB87EE169B}
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2430918288-738339497-1570114297-1000\$80948820d896dd88bc1b3760593e9f22
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$80948820d896dd88bc1b3760593e9f22
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
C:\ProgramData\coiwr.dat
C:\ProgramData\coorto.dat
C:\ProgramData\hash.dat
C:\ProgramData\hitt.dat
C:\ProgramData\nialto.dat
C:\ProgramData\rundll32.exe
C:\ProgramData\ttih.bat
C:\ProgramData\ttih.js
C:\ProgramData\ttih.pad
C:\ProgramData\ttih.reg
C:\Users\Brad\2724111.dll
C:\Users\Brad\3076608.dll
C:\Users\Brad\6667774.dll
C:\Users\Brad\8261390.dll
C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
 
 
Some content of TEMP:
====================
C:\Users\Brad\AppData\Local\Temp\0.5799210575322084.exe
C:\Users\Brad\AppData\Local\Temp\2jfuweif.exe
C:\Users\Brad\AppData\Local\Temp\3BE7.exe
C:\Users\Brad\AppData\Local\Temp\7E53.exe
C:\Users\Brad\AppData\Local\Temp\burnsetup.exe
C:\Users\Brad\AppData\Local\Temp\C6E.exe
C:\Users\Brad\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Brad\AppData\Local\Temp\detectionui_r.exe
C:\Users\Brad\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Brad\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Brad\AppData\Local\Temp\DivXSetup.exe
C:\Users\Brad\AppData\Local\Temp\doxillionsetup.exe
C:\Users\Brad\AppData\Local\Temp\farmanager.exe
C:\Users\Brad\AppData\Local\Temp\fsprod.dll
C:\Users\Brad\AppData\Local\Temp\fssfm.dll
C:\Users\Brad\AppData\Local\Temp\generka.exe
C:\Users\Brad\AppData\Local\Temp\GLFAC4C.tmp.ConduitEngineSetup.exe
C:\Users\Brad\AppData\Local\Temp\installerdll4569908.dll
C:\Users\Brad\AppData\Local\Temp\installerdll4583668.dll
C:\Users\Brad\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Brad\AppData\Local\Temp\install_flashplayer11x32au_gtba_chra_dy_aih.exe
C:\Users\Brad\AppData\Local\Temp\IPx64_1033.exe
C:\Users\Brad\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Brad\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Brad\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Brad\AppData\Local\Temp\local.dll
C:\Users\Brad\AppData\Local\Temp\mfc80.dll
C:\Users\Brad\AppData\Local\Temp\mfc80u.dll
C:\Users\Brad\AppData\Local\Temp\mpsetup.exe
C:\Users\Brad\AppData\Local\Temp\msvcp80.dll
C:\Users\Brad\AppData\Local\Temp\msvcr80.dll
C:\Users\Brad\AppData\Local\Temp\preconfig.exe
C:\Users\Brad\AppData\Local\Temp\prismsetup.exe
C:\Users\Brad\AppData\Local\Temp\ripsetup.exe
C:\Users\Brad\AppData\Local\Temp\rootsupd.exe
C:\Users\Brad\AppData\Local\Temp\Setup.exe
C:\Users\Brad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Brad\AppData\Local\Temp\tbNCH.dll
C:\Users\Brad\AppData\Local\Temp\uninst.exe
C:\Users\Brad\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Brad\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Brad\AppData\Local\Temp\_is1332.exe
C:\Users\Brad\AppData\Local\Temp\_is160F.exe
C:\Users\Brad\AppData\Local\Temp\_is25F7.exe
C:\Users\Brad\AppData\Local\Temp\_is4FF3.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2011-04-26 14:29] - [2011-02-25 22:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93
 
C:\Windows\System32\winlogon.exe
[2010-10-06 11:04] - [2010-10-06 11:04] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A
 
C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
 
C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
C:\Windows\System32\userinit.exe
[2009-07-13 15:50] - [2009-07-13 17:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE
 
C:\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-11 22:08] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1
 
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-03-19 17:43:08
Restore point made on: 2013-03-23 10:28:28
Restore point made on: 2013-03-23 10:54:38
Restore point made on: 2013-03-27 14:48:17
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 8180.5 MB
Available physical RAM: 7581.64 MB
Total Pagefile: 8178.78 MB
Available Pagefile: 7592.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.67 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:448.14 GB) (Free:260.92 GB) NTFS
Drive e: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
Drive f: (Lexar) (Removable) (Total:29.8 GB) (Free:6.2 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:17.58 GB) (Free:10.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 78DBB486)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2013-03-27 19:56
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   17.72KB   114 downloads

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Hello jj1990,

Welcome to Geekstogo.

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Also please tell me if there is any change when you restart your computer.


  • 0

#3
jj1990

jj1990

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Worked like a charm! Thank you so much!  :spoton:


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts
Okay a bit more to do. ;)
 
Now that you can boot up normally we need to check for other malware and left over bits and pieces .
 
Firstly we need another look using FRST but this time in normal mode.
 
To do this you can download FRST again to your computer from here and run a scan or, run it from you flash drive but this time following the instructions below. That is we don't want it run in the Recovery Environment this time.  :)
  • Please run Farbars Recovery Scan Tool again
  • Check/tick the Addition.txt box
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP