Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
White screen after Windows has loaded
Message
<blockquote data-quote="Exmortis66" data-source="post: 139279" data-attributes="member: 13681"><p>FRST SCAN RESULTS</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013</p><p>Ran by SYSTEM on REATOGO on 12-10-2013 18:51:07</p><p>Running from D:\</p><p>Windows 7 Ultimate (X86) OS Language: English(US)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10828392 2011-08-26] (Realtek Semiconductor)</p><p>HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)</p><p>HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)</p><p>HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5115192 2012-07-23] (Logitech Inc.)</p><p>HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)</p><p>HKLM\...\Run: [] - [x]</p><p>HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-14] (AVG Technologies CZ, s.r.o.)</p><p>HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?</p><p>HKU\Midgley\...\Run: [Facebook Update] - C:\Users\Midgley\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-12-07] (Facebook Inc.)</p><p>HKU\Midgley\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [ 2013-10-08] (Valve Corporation)</p><p>HKU\Midgley\...\Run: [Google Update] - [x]</p><p>HKU\Midgley\...\Run: [Internet Security] - C:\ProgramData\msprotection.exe</p><p>HKU\Midgley\...\Winlogon: [Shell] explorer.exe,C:\Users\Midgley\AppData\Roaming\data.dat [ 2012-04-15] () <==== ATTENTION </p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-22] (Adobe Systems Incorporated)</p><p>S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-09-03] (AVG Technologies CZ, s.r.o.)</p><p>S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)</p><p>S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)</p><p>S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-26] ()</p><p>S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-26] ()</p><p>S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] ()</p><p>S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]</p><p>S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]</p><p>S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a7247bf5-ea67-3c3a-b114-53fdaa26f79e}\ \...\???\{a7247bf5-ea67-3c3a-b114-53fdaa26f79e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-03] (AVG Technologies CZ, s.r.o.)</p><p>S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-09] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-06-30] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-04] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-20] (AVG Technologies CZ, s.r.o.)</p><p>S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software)</p><p>S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)</p><p>S3 gdrv; C:\Windows\gdrv.sys [17488 2012-05-21] (Windows (R) 2000 DDK provider)</p><p>S3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)</p><p>S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)</p><p>S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)</p><p>S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)</p><p>S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)</p><p>S0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-09] (Corel Corporation)</p><p>S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.)</p><p>S1 twtrroqn; \??\C:\Windows\system32\drivers\twtrroqn.sys [x]</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-10-12 18:35 - 2013-10-12 18:35 - 00000000 ____D C:\FRST</p><p>2013-10-05 12:20 - 2013-10-12 05:24 - 00000004 _____ C:\Users\Midgley\AppData\Roaming\settings.ini</p><p>2013-09-26 02:34 - 2013-09-26 02:34 - 00001496 _____ C:\Windows\PFRO.log</p><p>2013-09-23 00:33 - 2013-09-23 00:33 - 00000000 ____D C:\Users\Midgley\AppData\Local\Unity</p><p>2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software</p><p>2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-10-12 18:35 - 2013-10-12 18:35 - 00000000 ____D C:\FRST</p><p>2013-10-12 18:35 - 2012-05-24 06:32 - 00000000 ____D C:\users\Midgley</p><p>2013-10-12 05:24 - 2013-10-05 12:20 - 00000004 _____ C:\Users\Midgley\AppData\Roaming\settings.ini</p><p>2013-10-12 05:24 - 2013-05-17 01:59 - 00000000 ____D C:\Program Files\Steam</p><p>2013-10-12 05:24 - 2012-05-24 06:27 - 00005872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-10-12 05:24 - 2012-05-24 06:27 - 00005872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-10-12 05:23 - 2013-08-15 18:32 - 02481624 _____ C:\Windows\setupact.log</p><p>2013-10-12 04:21 - 2012-05-24 06:59 - 01867250 _____ C:\Windows\WindowsUpdate.log</p><p>2013-10-12 02:43 - 2012-05-20 04:31 - 00000000 ____D C:\Program Files\Mozilla Firefox</p><p>2013-10-04 21:05 - 2006-11-02 06:23 - 00000206 _____ C:\Windows\win.ini</p><p>2013-10-02 06:26 - 2013-04-12 09:27 - 00001104 _____ C:\Users\Midgley\Desktop\ROBLOX Studio 2013.lnk</p><p>2013-10-02 06:26 - 2013-04-12 08:51 - 00001285 _____ C:\Users\Midgley\Desktop\ROBLOX Player.lnk</p><p>2013-10-02 05:31 - 2013-01-09 04:35 - 00000000 ____D C:\Users\Midgley\AppData\Roaming\TS3Client</p><p>2013-10-01 02:08 - 2013-08-15 10:05 - 00000000 ____D C:\Windows\System32\appmgmt</p><p>2013-09-30 22:38 - 2012-01-16 04:27 - 00000000 ____D C:\Users\Midgley\AppData\Local\Ubisoft Game Launcher</p><p>2013-09-30 22:33 - 2013-04-06 00:40 - 00000000 ____D C:\Users\Midgley\AppData\Roaming\.minecraft</p><p>2013-09-28 01:57 - 2012-10-10 05:14 - 00001200 _____ C:\Users\Midgley\Desktop\settings.dat</p><p>2013-09-26 02:34 - 2013-09-26 02:34 - 00001496 _____ C:\Windows\PFRO.log</p><p>2013-09-23 00:33 - 2013-09-23 00:33 - 00000000 ____D C:\Users\Midgley\AppData\Local\Unity</p><p>2013-09-13 06:46 - 2013-01-09 04:34 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client</p><p>2013-09-13 01:11 - 2011-12-08 02:28 - 00000000 ____D C:\Program Files\Common Files\Adobe</p><p>2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software</p><p>2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software</p><p>2013-09-12 21:41 - 2013-08-15 12:54 - 00000935 _____ C:\Users\Public\Desktop\AVG 2013.lnk</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-21-3128840225-35159620-4175650948-1000\$a7247bf5ea673c3ab11453fdaa26f79e</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-18\$a7247bf5ea673c3ab11453fdaa26f79e</p><p></p><p>ZeroAccess:</p><p>C:\Windows\assembly\GAC\Desktop.ini</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\Midgley\AppData\Roaming\data.dat</p><p>C:\Users\Midgley\AppData\Roaming\settings.ini</p><p>ZeroAccess:</p><p>C:\Users\Midgley\AppData\Local\Google\Desktop\Install</p><p>ZeroAccess:</p><p>C:\Program Files\Google\Desktop\Install</p><p>C:\Users\Midgley\acrobat.exe</p><p>C:\Users\Midgley\acrobatreader.exe</p><p>C:\Users\Midgley\jagex_cl_runescape_LIVE.dat</p><p>C:\Users\Midgley\opera.exe</p><p>C:\Users\Midgley\random.dat</p><p>C:\Users\Midgley\AppData\Roaming\i.ini</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Midgley\AppData\Local\Temp\cnngjmcejyprpydbuci.bfg</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p>C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender</p><p>C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>2</p><p>Restore point made on: 2013-10-01 12:00:04</p><p>Restore point made on: 2013-10-09 12:00:11</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 11%</p><p>Total physical RAM: 3326.23 MB</p><p>Available physical RAM: 2954.27 MB</p><p>Total Pagefile: 3149.36 MB</p><p>Available Pagefile: 3042.58 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1988.18 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:931.51 GB) (Free:715.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 556D2232)</p><p>Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 7 GB) (Disk ID: 00000000)</p><p>Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)</p><p></p><p></p><p>LastRegBack: 2012-12-05 09:21</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Exmortis66, post: 139279, member: 13681"] FRST SCAN RESULTS Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by SYSTEM on REATOGO on 12-10-2013 18:51:07 Running from D:\ Windows 7 Ultimate (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10828392 2011-08-26] (Realtek Semiconductor) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5115192 2012-07-23] (Logitech Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard) HKLM\...\Run: [] - [x] HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-14] (AVG Technologies CZ, s.r.o.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKU\Midgley\...\Run: [Facebook Update] - C:\Users\Midgley\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-12-07] (Facebook Inc.) HKU\Midgley\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [ 2013-10-08] (Valve Corporation) HKU\Midgley\...\Run: [Google Update] - [x] HKU\Midgley\...\Run: [Internet Security] - C:\ProgramData\msprotection.exe HKU\Midgley\...\Winlogon: [Shell] explorer.exe,C:\Users\Midgley\AppData\Roaming\data.dat [ 2012-04-15] () <==== ATTENTION ========================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-22] (Adobe Systems Incorporated) S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-09-03] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-26] () S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-26] () S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] () S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x] S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x] S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a7247bf5-ea67-3c3a-b114-53fdaa26f79e}\ \...\???\{a7247bf5-ea67-3c3a-b114-53fdaa26f79e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-03] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-19] (AVG Technologies CZ, s.r.o.) S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-09] (AVG Technologies CZ, s.r.o.) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.) S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-06-30] (AVG Technologies CZ, s.r.o.) S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-04] (AVG Technologies CZ, s.r.o.) S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-20] (AVG Technologies CZ, s.r.o.) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation) S3 gdrv; C:\Windows\gdrv.sys [17488 2012-05-21] (Windows (R) 2000 DDK provider) S3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.) S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.) S0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-09] (Corel Corporation) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.) S1 twtrroqn; \??\C:\Windows\system32\drivers\twtrroqn.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-12 18:35 - 2013-10-12 18:35 - 00000000 ____D C:\FRST 2013-10-05 12:20 - 2013-10-12 05:24 - 00000004 _____ C:\Users\Midgley\AppData\Roaming\settings.ini 2013-09-26 02:34 - 2013-09-26 02:34 - 00001496 _____ C:\Windows\PFRO.log 2013-09-23 00:33 - 2013-09-23 00:33 - 00000000 ____D C:\Users\Midgley\AppData\Local\Unity 2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software ==================== One Month Modified Files and Folders ======= 2013-10-12 18:35 - 2013-10-12 18:35 - 00000000 ____D C:\FRST 2013-10-12 18:35 - 2012-05-24 06:32 - 00000000 ____D C:\users\Midgley 2013-10-12 05:24 - 2013-10-05 12:20 - 00000004 _____ C:\Users\Midgley\AppData\Roaming\settings.ini 2013-10-12 05:24 - 2013-05-17 01:59 - 00000000 ____D C:\Program Files\Steam 2013-10-12 05:24 - 2012-05-24 06:27 - 00005872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-12 05:24 - 2012-05-24 06:27 - 00005872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-12 05:23 - 2013-08-15 18:32 - 02481624 _____ C:\Windows\setupact.log 2013-10-12 04:21 - 2012-05-24 06:59 - 01867250 _____ C:\Windows\WindowsUpdate.log 2013-10-12 02:43 - 2012-05-20 04:31 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-04 21:05 - 2006-11-02 06:23 - 00000206 _____ C:\Windows\win.ini 2013-10-02 06:26 - 2013-04-12 09:27 - 00001104 _____ C:\Users\Midgley\Desktop\ROBLOX Studio 2013.lnk 2013-10-02 06:26 - 2013-04-12 08:51 - 00001285 _____ C:\Users\Midgley\Desktop\ROBLOX Player.lnk 2013-10-02 05:31 - 2013-01-09 04:35 - 00000000 ____D C:\Users\Midgley\AppData\Roaming\TS3Client 2013-10-01 02:08 - 2013-08-15 10:05 - 00000000 ____D C:\Windows\System32\appmgmt 2013-09-30 22:38 - 2012-01-16 04:27 - 00000000 ____D C:\Users\Midgley\AppData\Local\Ubisoft Game Launcher 2013-09-30 22:33 - 2013-04-06 00:40 - 00000000 ____D C:\Users\Midgley\AppData\Roaming\.minecraft 2013-09-28 01:57 - 2012-10-10 05:14 - 00001200 _____ C:\Users\Midgley\Desktop\settings.dat 2013-09-26 02:34 - 2013-09-26 02:34 - 00001496 _____ C:\Windows\PFRO.log 2013-09-23 00:33 - 2013-09-23 00:33 - 00000000 ____D C:\Users\Midgley\AppData\Local\Unity 2013-09-13 06:46 - 2013-01-09 04:34 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-09-13 01:11 - 2011-12-08 02:28 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-09-12 21:41 - 2013-09-12 21:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2013-09-12 21:41 - 2013-08-15 12:54 - 00000935 _____ C:\Users\Public\Desktop\AVG 2013.lnk ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3128840225-35159620-4175650948-1000\$a7247bf5ea673c3ab11453fdaa26f79e ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$a7247bf5ea673c3ab11453fdaa26f79e ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini Files to move or delete: ==================== C:\Users\Midgley\AppData\Roaming\data.dat C:\Users\Midgley\AppData\Roaming\settings.ini ZeroAccess: C:\Users\Midgley\AppData\Local\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install C:\Users\Midgley\acrobat.exe C:\Users\Midgley\acrobatreader.exe C:\Users\Midgley\jagex_cl_runescape_LIVE.dat C:\Users\Midgley\opera.exe C:\Users\Midgley\random.dat C:\Users\Midgley\AppData\Roaming\i.ini Some content of TEMP: ==================== C:\Users\Midgley\AppData\Local\Temp\cnngjmcejyprpydbuci.bfg ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 2 Restore point made on: 2013-10-01 12:00:04 Restore point made on: 2013-10-09 12:00:11 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 3326.23 MB Available physical RAM: 2954.27 MB Total Pagefile: 3149.36 MB Available Pagefile: 3042.58 MB Total Virtual: 2047.88 MB Available Virtual: 1988.18 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:931.51 GB) (Free:715.08 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 556D2232) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2012-12-05 09:21 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top