Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
HELP !!!!! URGENT HELP REQUIRED !
Message
<blockquote data-quote="L00pht" data-source="post: 602534" data-attributes="member: 59658"><p>Hello I have a same problem but on virtual windows 7. It cannot boot, and there is no way to fix it with windows repair.</p><p>This is a FRST.txt which i got. Can any one make me fixlist from this?</p><p></p><p>Thanks in advance.</p><p></p><p>[code]</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01</p><p>Ran by SYSTEM on MININT-S6VRG12 (24-02-2017 11:49:12)</p><p>Running from C:\</p><p>Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Recovery</p><p>Default: ControlSet001</p><p>[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]</p><p></p><p>Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]</p><p></p><p>==================== Registry (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)</p><p>S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)</p><p>S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-19] (Malwarebytes)</p><p>S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-10] (Microsoft Corporation)</p><p>S2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-11] ()</p><p>S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-10] (Microsoft Corporation)</p><p>S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)</p><p>S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)</p><p>S2 WISSync; C:\WISApp\WISSvc.exe [7168 2015-05-13] ()</p><p>S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)</p><p>S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]</p><p>S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]</p><p>S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]</p><p>S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]</p><p>S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]</p><p>S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]</p><p>S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]</p><p>S2 NoIPDUCService4; C:\ha\remote\remote\ducservice.exe [X]</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-19] ()</p><p>S1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes)</p><p>S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-19] (Malwarebytes)</p><p>S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes)</p><p>S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-19] (Malwarebytes)</p><p>S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-23] (Malwarebytes)</p><p>S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-10] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-02-24 11:44 - 2017-02-24 11:44 - 00000856 _____ C:\Fixlog.txt</p><p>2017-02-24 09:30 - 2017-02-24 11:49 - 00000000 ____D C:\FRST</p><p>2017-02-24 09:30 - 2017-02-24 11:49 - 00000000 _____ C:\FRST.txt</p><p>2017-02-24 00:00 - 2017-02-23 23:59 - 02423296 _____ (Farbar) C:\FRST64.exe</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000020 ___SH C:\Users\backup.WIS-PC\ntuser.ini</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\My Documents</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Videos</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Pictures</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Music</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Roaming\Adobe</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Local\VirtualStore</p><p>2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\users\backup.WIS-PC</p><p>2017-02-23 05:19 - 2010-11-20 23:16 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Roaming\Media Center Programs</p><p>2017-02-23 05:13 - 2016-08-24 01:34 - 00036864 _____ C:\Users\WIS\AppData\Roaming\AdobeART.exe</p><p>2017-02-23 04:35 - 2017-02-23 04:35 - 00000000 ____D C:\Users\Administrator.WIS-PC\AppData\Local\2BrightSparks</p><p>2017-02-23 00:31 - 2017-02-23 00:47 - 00000000 ____D C:\ne diraj</p><p>2017-02-20 10:03 - 2017-02-20 10:03 - 00000000 ____D C:\Users\WIS\AppData\Local\Vitalwerks</p><p>2017-02-13 00:27 - 2017-02-13 00:27 - 00176584 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys</p><p>2017-02-13 00:26 - 2017-02-23 05:05 - 00081696 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys</p><p>2017-02-13 00:26 - 2017-02-19 23:04 - 00110536 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys</p><p>2017-02-13 00:26 - 2017-02-19 23:04 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys</p><p>2017-02-13 00:10 - 2017-02-19 23:04 - 00251848 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys</p><p>2017-02-13 00:10 - 2017-02-13 00:10 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk</p><p>2017-02-13 00:10 - 2017-02-13 00:10 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2017-02-13 00:10 - 2017-02-13 00:10 - 00000000 ____D C:\Program Files\Malwarebytes</p><p>2017-02-13 00:10 - 2017-01-19 22:47 - 00077416 _____ C:\Windows\System32\Drivers\mbae64.sys</p><p>2017-02-13 00:08 - 2017-02-13 00:07 - 55566792 _____ (Malwarebytes ) C:\Users\Administrator.WIS-PC\Downloads\mb3-setup-consumer-3.0.6.1469.exe</p><p>2017-02-13 00:03 - 2017-02-13 00:03 - 00245568 _____ C:\Users\Administrator.WIS-PC\Downloads\Firefox Setup Stub 51.0.1.exe</p><p>2017-02-09 23:48 - 2017-02-09 23:48 - 00000880 _____ C:\Users\WIS\Desktop\_Sava_OC - Shortcut.lnk</p><p>2017-02-09 23:48 - 2017-02-09 23:48 - 00000000 ____D C:\ProgramData\Oracle</p><p>2017-02-09 23:47 - 2017-02-09 23:47 - 00000000 ____D C:\Users\WIS\Desktop\sava_ffws</p><p>2017-02-09 07:26 - 2017-02-09 07:26 - 00000000 ____D C:\ProgramData\Vitalwerks</p><p>2017-02-09 07:22 - 2017-02-09 07:22 - 00058016 _____ C:\Users\backup\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2017-02-09 07:22 - 2017-02-09 07:22 - 00000000 ____D C:\Users\backup\AppData\Local\Vitalwerks</p><p>2017-02-09 07:14 - 2017-02-09 07:14 - 00000000 ____D C:\Users\backup\AppData\Local\TeamViewer</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000020 ___SH C:\Users\backup\ntuser.ini</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\My Documents</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Videos</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Pictures</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Music</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____H C:\Users\backup\Documents\Default.rdp</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\Users\backup\AppData\Roaming\Adobe</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\Users\backup\AppData\Local\VirtualStore</p><p>2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\users\backup</p><p>2017-02-09 07:12 - 2010-11-20 23:16 - 00000000 ____D C:\Users\backup\AppData\Roaming\Media Center Programs</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-02-24 11:44 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy</p><p>2017-02-23 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv</p><p>2017-02-23 05:26 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp</p><p>2017-02-23 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf</p><p>2017-02-23 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help</p><p>2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media</p><p>2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration</p><p>2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA</p><p>2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat</p><p>2017-02-23 05:19 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2017-02-23 05:19 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2017-02-22 07:50 - 2015-08-11 23:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer</p><p>2017-02-19 23:07 - 2009-07-13 21:13 - 00991984 _____ C:\Windows\System32\PerfStringBackup.INI</p><p>2017-02-19 23:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2017-02-12 23:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF</p><p></p><p>==================== Known DLLs (Whitelisted) =========================</p><p></p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe</p><p>[2016-10-12 00:29] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA</p><p></p><p>C:\Windows\SysWOW64\explorer.exe</p><p>[2016-10-12 00:29] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935</p><p></p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll</p><p>[2016-12-13 14:13] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542</p><p></p><p>C:\Windows\SysWOW64\User32.dll</p><p>[2016-12-13 14:13] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C</p><p></p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\rpcss.dll => MD5 is legit</p><p>C:\Windows\System32\dnsapi.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== Association (Whitelisted) =============</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point date: 2017-01-16 03:02</p><p>Restore point date: 2017-01-17 12:54</p><p>Restore point date: 2017-01-24 04:47</p><p>Restore point date: 2017-01-24 17:03</p><p>Restore point date: 2017-01-27 10:55</p><p>Restore point date: 2017-01-28 21:03</p><p>Restore point date: 2017-01-29 19:03</p><p>Restore point date: 2017-02-02 21:03</p><p>Restore point date: 2017-02-07 10:12</p><p>Restore point date: 2017-02-14 14:39</p><p>Restore point date: 2017-02-14 15:01</p><p>Restore point date: 2017-02-21 05:40</p><p>Restore point date: 2017-02-24 07:41</p><p></p><p>==================== BCD ================================</p><p></p><p>Windows Boot Manager</p><p>--------------------</p><p>identifier {bootmgr}</p><p>device partition=Y:</p><p>path \bootmgr</p><p>description Windows Boot Manager</p><p>locale en-US</p><p>inherit {globalsettings}</p><p>default {default}</p><p>resumeobject {aa5aad3a-7f03-11e4-835d-c58457326f39}</p><p>displayorder {default}</p><p>toolsdisplayorder {memdiag}</p><p>timeout 30</p><p></p><p>Windows Boot Loader</p><p>-------------------</p><p>identifier {default}</p><p>device partition=C:</p><p>path \Windows\system32\winload.exe</p><p>description Windows 7</p><p>locale en-US</p><p>inherit {bootloadersettings}</p><p>recoverysequence {current}</p><p>recoveryenabled Yes</p><p>osdevice partition=C:</p><p>systemroot \Windows</p><p>resumeobject {aa5aad3a-7f03-11e4-835d-c58457326f39}</p><p>nx OptIn</p><p></p><p>Windows Boot Loader</p><p>-------------------</p><p>identifier {current}</p><p>device ramdisk=[C:]\Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\Winre.wim,{aa5aad3d-7f03-11e4-835d-c58457326f39}</p><p>path \windows\system32\winload.exe</p><p>description Windows Recovery Environment</p><p>inherit {bootloadersettings}</p><p>osdevice ramdisk=[C:]\Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\Winre.wim,{aa5aad3d-7f03-11e4-835d-c58457326f39}</p><p>systemroot \windows</p><p>nx OptIn</p><p>winpe Yes</p><p></p><p>Resume from Hibernate</p><p>---------------------</p><p>identifier {aa5aad3a-7f03-11e4-835d-c58457326f39}</p><p>device partition=C:</p><p>path \Windows\system32\winresume.exe</p><p>description Windows Resume Application</p><p>locale en-US</p><p>inherit {resumeloadersettings}</p><p>filedevice partition=C:</p><p>filepath \hiberfil.sys</p><p>debugoptionenabled No</p><p></p><p>Windows Memory Tester</p><p>---------------------</p><p>identifier {memdiag}</p><p>device partition=Y:</p><p>path \boot\memtest.exe</p><p>description Windows Memory Diagnostic</p><p>locale en-US</p><p>inherit {globalsettings}</p><p>badmemoryaccess Yes</p><p></p><p>EMS Settings</p><p>------------</p><p>identifier {emssettings}</p><p>bootems Yes</p><p></p><p>Debugger Settings</p><p>-----------------</p><p>identifier {dbgsettings}</p><p>debugtype Serial</p><p>debugport 1</p><p>baudrate 115200</p><p></p><p>RAM Defects</p><p>-----------</p><p>identifier {badmemory}</p><p></p><p>Global Settings</p><p>---------------</p><p>identifier {globalsettings}</p><p>inherit {dbgsettings}</p><p> {emssettings}</p><p> {badmemory}</p><p></p><p>Boot Loader Settings</p><p>--------------------</p><p>identifier {bootloadersettings}</p><p>inherit {globalsettings}</p><p> {hypervisorsettings}</p><p></p><p>Hypervisor Settings</p><p>-------------------</p><p>identifier {hypervisorsettings}</p><p>hypervisordebugtype Serial</p><p>hypervisordebugport 1</p><p>hypervisorbaudrate 115200</p><p></p><p>Resume Loader Settings</p><p>----------------------</p><p>identifier {resumeloadersettings}</p><p>inherit {globalsettings}</p><p></p><p>Device options</p><p>--------------</p><p>identifier {aa5aad3d-7f03-11e4-835d-c58457326f39}</p><p>description Ramdisk Options</p><p>ramdisksdidevice partition=C:</p><p>ramdisksdipath \Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\boot.sdi</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Percentage of memory in use: 10%</p><p>Total physical RAM: 8191.55 MB</p><p>Available physical RAM: 7340.29 MB</p><p>Total Virtual: 8189.75 MB</p><p>Available Virtual: 7318.38 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:159.9 GB) (Free:97.48 GB) NTFS</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p>Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 160 GB) (Disk ID: E3C085C4)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=159.9 GB) - (Type=07 NTFS)</p><p></p><p>LastRegBack: 2017-02-21 15:09</p><p></p><p>==================== End of FRST.txt ============================[/code]</p></blockquote><p></p>
[QUOTE="L00pht, post: 602534, member: 59658"] Hello I have a same problem but on virtual windows 7. It cannot boot, and there is no way to fix it with windows repair. This is a FRST.txt which i got. Can any one make me fixlist from this? Thanks in advance. [code] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01 Ran by SYSTEM on MININT-S6VRG12 (24-02-2017 11:49:12) Running from C:\ Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation) S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-19] (Malwarebytes) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-10] (Microsoft Corporation) S2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-11] () S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-10] (Microsoft Corporation) S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 WISSync; C:\WISApp\WISSvc.exe [7168 2015-05-13] () S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation) S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X] S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X] S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X] S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X] S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X] S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X] S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X] S2 NoIPDUCService4; C:\ha\remote\remote\ducservice.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-19] () S1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes) S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-19] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes) S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-19] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-23] (Malwarebytes) S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-10] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-24 11:44 - 2017-02-24 11:44 - 00000856 _____ C:\Fixlog.txt 2017-02-24 09:30 - 2017-02-24 11:49 - 00000000 ____D C:\FRST 2017-02-24 09:30 - 2017-02-24 11:49 - 00000000 _____ C:\FRST.txt 2017-02-24 00:00 - 2017-02-23 23:59 - 02423296 _____ (Farbar) C:\FRST64.exe 2017-02-23 05:19 - 2017-02-23 05:19 - 00000020 ___SH C:\Users\backup.WIS-PC\ntuser.ini 2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\My Documents 2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Videos 2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Pictures 2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Music 2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Roaming\Adobe 2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Local\VirtualStore 2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\users\backup.WIS-PC 2017-02-23 05:19 - 2010-11-20 23:16 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Roaming\Media Center Programs 2017-02-23 05:13 - 2016-08-24 01:34 - 00036864 _____ C:\Users\WIS\AppData\Roaming\AdobeART.exe 2017-02-23 04:35 - 2017-02-23 04:35 - 00000000 ____D C:\Users\Administrator.WIS-PC\AppData\Local\2BrightSparks 2017-02-23 00:31 - 2017-02-23 00:47 - 00000000 ____D C:\ne diraj 2017-02-20 10:03 - 2017-02-20 10:03 - 00000000 ____D C:\Users\WIS\AppData\Local\Vitalwerks 2017-02-13 00:27 - 2017-02-13 00:27 - 00176584 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys 2017-02-13 00:26 - 2017-02-23 05:05 - 00081696 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys 2017-02-13 00:26 - 2017-02-19 23:04 - 00110536 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys 2017-02-13 00:26 - 2017-02-19 23:04 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys 2017-02-13 00:10 - 2017-02-19 23:04 - 00251848 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2017-02-13 00:10 - 2017-02-13 00:10 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-13 00:10 - 2017-02-13 00:10 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-13 00:10 - 2017-02-13 00:10 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-13 00:10 - 2017-01-19 22:47 - 00077416 _____ C:\Windows\System32\Drivers\mbae64.sys 2017-02-13 00:08 - 2017-02-13 00:07 - 55566792 _____ (Malwarebytes ) C:\Users\Administrator.WIS-PC\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-02-13 00:03 - 2017-02-13 00:03 - 00245568 _____ C:\Users\Administrator.WIS-PC\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-09 23:48 - 2017-02-09 23:48 - 00000880 _____ C:\Users\WIS\Desktop\_Sava_OC - Shortcut.lnk 2017-02-09 23:48 - 2017-02-09 23:48 - 00000000 ____D C:\ProgramData\Oracle 2017-02-09 23:47 - 2017-02-09 23:47 - 00000000 ____D C:\Users\WIS\Desktop\sava_ffws 2017-02-09 07:26 - 2017-02-09 07:26 - 00000000 ____D C:\ProgramData\Vitalwerks 2017-02-09 07:22 - 2017-02-09 07:22 - 00058016 _____ C:\Users\backup\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-09 07:22 - 2017-02-09 07:22 - 00000000 ____D C:\Users\backup\AppData\Local\Vitalwerks 2017-02-09 07:14 - 2017-02-09 07:14 - 00000000 ____D C:\Users\backup\AppData\Local\TeamViewer 2017-02-09 07:12 - 2017-02-09 07:12 - 00000020 ___SH C:\Users\backup\ntuser.ini 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\My Documents 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Videos 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Pictures 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Music 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____H C:\Users\backup\Documents\Default.rdp 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\Users\backup\AppData\Roaming\Adobe 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\Users\backup\AppData\Local\VirtualStore 2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\users\backup 2017-02-09 07:12 - 2010-11-20 23:16 - 00000000 ____D C:\Users\backup\AppData\Roaming\Media Center Programs ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-24 11:44 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy 2017-02-23 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv 2017-02-23 05:26 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2017-02-23 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2017-02-23 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media 2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration 2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA 2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2017-02-23 05:19 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-23 05:19 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-22 07:50 - 2015-08-11 23:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-02-19 23:07 - 2009-07-13 21:13 - 00991984 _____ C:\Windows\System32\PerfStringBackup.INI 2017-02-19 23:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-12 23:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2016-10-12 00:29] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA C:\Windows\SysWOW64\explorer.exe [2016-10-12 00:29] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2016-12-13 14:13] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542 C:\Windows\SysWOW64\User32.dll [2016-12-13 14:13] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-01-16 03:02 Restore point date: 2017-01-17 12:54 Restore point date: 2017-01-24 04:47 Restore point date: 2017-01-24 17:03 Restore point date: 2017-01-27 10:55 Restore point date: 2017-01-28 21:03 Restore point date: 2017-01-29 19:03 Restore point date: 2017-02-02 21:03 Restore point date: 2017-02-07 10:12 Restore point date: 2017-02-14 14:39 Restore point date: 2017-02-14 15:01 Restore point date: 2017-02-21 05:40 Restore point date: 2017-02-24 07:41 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=Y: path \bootmgr description Windows Boot Manager locale en-US inherit {globalsettings} default {default} resumeobject {aa5aad3a-7f03-11e4-835d-c58457326f39} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {aa5aad3a-7f03-11e4-835d-c58457326f39} nx OptIn Windows Boot Loader ------------------- identifier {current} device ramdisk=[C:]\Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\Winre.wim,{aa5aad3d-7f03-11e4-835d-c58457326f39} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\Winre.wim,{aa5aad3d-7f03-11e4-835d-c58457326f39} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {aa5aad3a-7f03-11e4-835d-c58457326f39} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {aa5aad3d-7f03-11e4-835d-c58457326f39} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8191.55 MB Available physical RAM: 7340.29 MB Total Virtual: 8189.75 MB Available Virtual: 7318.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:159.9 GB) (Free:97.48 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 160 GB) (Disk ID: E3C085C4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=159.9 GB) - (Type=07 NTFS) LastRegBack: 2017-02-21 15:09 ==================== End of FRST.txt ============================[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top