kjoyner Posted September 5, 2013 ID:725376 Share Posted September 5, 2013 Hi please help me - i Have read previous posts on this and have the following scan info from running FRST64 with command prompt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013Ran by SYSTEM on MININT-2IAHU3H on 04-09-2013 21:39:52Running from F:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet002ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)HKLM\...\Run: [synAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-15] (Realtek Semiconductor)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)HKLM\...\Policies\Explorer: [NoActiveDesktop] 1HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-17] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)HKLM-x32\...\Run: [sonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x]HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)==================== Services (Whitelisted) =================S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-03 22:12 - 2013-09-03 22:12 - 00000272 ____H C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job2013-08-19 19:32 - 2013-08-19 19:32 - 00000000 ____D C:\Windows\System32\MRT==================== One Month Modified Files and Folders =======2013-09-04 21:38 - 2013-09-04 21:38 - 00000000 ____D C:\FRST2013-09-03 22:51 - 2012-06-13 16:19 - 00001984 _____ C:\Windows\System32\AutoRunFilter.ini2013-09-03 22:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-03 22:50 - 2009-07-13 20:51 - 00048883 _____ C:\Windows\setupact.log2013-09-03 22:12 - 2013-09-03 22:12 - 00000272 ____H C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job2013-09-03 22:09 - 2012-02-17 23:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-03 22:05 - 2012-11-15 10:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-09-03 22:03 - 2012-06-13 16:10 - 01922983 _____ C:\Windows\WindowsUpdate.log2013-08-30 05:40 - 2013-04-25 09:04 - 00048384 _____ C:\Windows\IE9_main.log2013-08-21 20:05 - 2012-11-15 10:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-21 20:05 - 2012-11-15 10:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-19 19:36 - 2009-07-13 21:13 - 00793204 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-19 19:34 - 2013-08-19 19:32 - 00000000 ____D C:\Windows\System32\MRT2013-08-19 19:32 - 2012-11-15 09:01 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-08-14 17:03 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-14 17:03 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-05 17:49 - 2013-06-01 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-05 16:55 - 2012-11-06 20:00 - 00000000 ___HD C:\ASUS.DAT2013-08-05 16:54 - 2013-04-03 06:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-08-05 16:54 - 2013-04-03 06:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-08-05 16:54 - 2012-02-17 23:15 - 00051132 _____ C:\Windows\PFRO.logFiles to move or delete:====================C:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.job==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-08-10 17:21:36Restore point made on: 2013-08-14 16:59:13Restore point made on: 2013-08-19 19:29:43Restore point made on: 2013-08-21 19:55:53Restore point made on: 2013-08-26 06:52:14Restore point made on: 2013-08-28 18:35:59Restore point made on: 2013-08-30 05:38:18Restore point made on: 2013-09-02 12:28:04==================== Memory info ===========================Percentage of memory in use: 11%Total physical RAM: 6048.13 MBAvailable physical RAM: 5347.14 MBTotal Pagefile: 6046.27 MBAvailable Pagefile: 5348.2 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.87 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:70.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.76 GB) NTFSDrive f: (CORSAIR) (Removable) (Total:15.05 GB) (Free:14.73 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3102A4B)Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)Partition 2: (Active) - (Size=119 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 15 GB) (Disk ID: 04DD5721)Partition 1: (Active) - (Size=15 GB) - (Type=0C)LastRegBack: 2013-08-28 20:11==================== End Of Log ============================ I dont know what to do from here please help Thank you Link to post Share on other sites More sharing options...
Psychotic Posted September 5, 2013 ID:725384 Share Posted September 5, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. hmmm...that could be difficult. Let´s try that first: Fix with FRST (Recovery Environment)Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txtC:\Windows\Tasks\{0C02A81B-844F-42D8-9736-EFB6079D3B48}.jobNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options again.Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Try to boot into windows and report. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728235 Share Posted September 11, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts