API tools faq
paste
Advertisement
Guest User

ania frst

a guest
Jul 11th, 2014
336
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.27 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
  2. Ran by SYSTEM on MININT-J6TH0OM on 11-07-2014 10:19:49
  3. Running from h:\
  4. Platform: Windows 7 Ultimate (X86) OS Language: Polski (Polska)
  5. Internet Explorer Version 8
  6. Boot Mode: Recovery
  7.  
  8. The current controlset is ControlSet003
  9. [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]
  10.  
  11.  
  12. The only official download link for FRST:
  13. Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
  14. Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
  15. Download link from any site other than Bleeping Computer is unpermitted or outdated.
  16. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  17.  
  18. ==================== Registry (Whitelisted) ==================
  19.  
  20. HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-10-19] ( Hewlett-Packard Development Company, L.P.)
  21. HKLM\...\Run: [Conime] => %windir%\system32\conime.exe
  22. HKLM\...\Run: [ADAiO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe [2362880 2010-10-18] (DSGi)
  23. HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  24. HKLM\...\Run: [64upw3264] => C:\Program Files\64upw3264\_rudo64w32.exe [119414 2013-12-08] (mpolkiujhy)
  25. HKLM\...\Policies\Explorer\Run: [WindowsUpdate] => C:\Users\Ania\AppData\Roaming\Microsoft\Windows\svchost.exe [143360 2013-12-08] ( (Texas Instruments Incorporated))
  26. HKLM\...\Policies\Explorer\Run: [12290] => c:\ProgramData\msvcwdae.exe [88706 2009-07-14] ( (jukihygtfe))
  27. HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
  28. HKLM\...\Policies\Explorer: [HideSCAHealth] 1
  29. HKU\Ania\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
  30. HKU\Ania\...\Run: [BearShare] => C:\Program Files\BearShare Applications\BearShare\BearShare.exe [31159360 2013-11-03] (MusicLab, LLC)
  31. HKU\Ania\...\Run: [Google Search] => C:\Users\Ania\AppData\Roaming\nIwRH\ltc.exe [19456 2013-12-08] (COMODO)
  32. HKU\Ania\...\Run: [OpenMin] => C:\Users\Ania\AppData\Local\OpenMin\wincheck.vbs [197 2013-12-08] ()
  33. HKU\Ania\...\Policies\Explorer: [TaskbarNoNotification] 1
  34. HKU\Ania\...\Policies\Explorer: [HideSCAHealth] 1
  35. IFEO\bitguard.exe: [Debugger] tasklist.exe
  36. IFEO\bprotect.exe: [Debugger] tasklist.exe
  37. IFEO\browserdefender.exe: [Debugger] tasklist.exe
  38. IFEO\browserprotect.exe: [Debugger] tasklist.exe
  39. IFEO\rstrui.exe: [Debugger] mwva_.exe
  40. Startup: C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frlfbnqmqw.lnk
  41. ShortcutTarget: frlfbnqmqw.lnk -> C:\ProgramData\wqmqnbflrf.jss (Microsoft Corporation)
  42. HKLM\...\AppCertDlls: [x64] -> c:\program files\music toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
  43.  
  44. ========================== Services (Whitelisted) =================
  45.  
  46. S2 Advent AIO Network Discovery Service; C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe [361904 2010-09-30] (DSGi)
  47. S2 AlotService; C:\Users\Ania\AppData\Roaming\alotservice\alotservice.exe [256328 2013-04-23] (Inuvo Inc.)
  48. S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
  49. S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
  50. S2 syshost32; C:\Windows\Installer\{EA41CDFE-625A-626D-689F-0A1748471D03}\syshost.exe [72192 2013-12-08] ()
  51. S3 Winmgmt; C:\ProgramData\wqmqnbflrf.jss [207360 2013-12-07] (Microsoft Corporation)
  52.  
  53. ==================== Drivers (Whitelisted) ====================
  54.  
  55. S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
  56. S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [47744 2006-07-06] ()
  57. S3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [26752 2006-11-24] (Sonix)
  58. S1 eabfiltr;
  59.  
  60. ==================== NetSvcs (Whitelisted) ===================
  61.  
  62.  
  63. ==================== One Month Created Files and Folders ========
  64.  
  65. 2014-07-11 10:19 - 2014-07-11 10:19 - 00000000 ____D () C:\FRST
  66. 2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\2B22E
  67.  
  68. ==================== One Month Modified Files and Folders =======
  69.  
  70. 2014-07-11 10:19 - 2014-07-11 10:19 - 00000000 ____D () C:\FRST
  71. 2014-07-11 09:14 - 2013-09-18 18:48 - 21052282 _____ () C:\alotserviceruntime.log
  72. 2014-07-11 09:12 - 2013-12-07 18:31 - 95025368 ____T () C:\ProgramData\frlfbnqmqw.fee
  73. 2014-07-11 09:12 - 2013-12-07 18:31 - 00000000 _____ () C:\ProgramData\frlfbnqmqw.odd
  74. 2014-07-11 09:12 - 2013-07-25 20:48 - 00000000 ____D () C:\ProgramData\Advent
  75. 2014-07-11 09:12 - 2009-07-14 05:39 - 00065913 _____ () C:\Windows\setupact.log
  76. 2014-07-10 21:43 - 2009-07-14 05:34 - 00010016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  77. 2014-07-10 21:43 - 2009-07-14 05:34 - 00010016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  78. 2014-07-10 20:49 - 2014-07-10 20:49 - 00000000 ____D () C:\ProgramData\2B22E
  79. 2014-07-10 20:49 - 2012-05-25 22:22 - 00000000 ____D () C:\Users\Ania\AppData\Roaming\Skype
  80.  
  81. Files to move or delete:
  82. ====================
  83. C:\ProgramData\frlfbnqmqw.fee
  84. C:\ProgramData\frlfbnqmqw.odd
  85. C:\ProgramData\frlfbnqmqw.reg
  86. C:\ProgramData\msvcwdae.exe
  87. C:\ProgramData\wqmqnbflrf.jss
  88.  
  89.  
  90. Some content of TEMP:
  91. ====================
  92. C:\Users\Ania\AppData\Local\Temp\AutoRun.exe
  93. C:\Users\Ania\AppData\Local\Temp\AutoRunGUI.dll
  94. C:\Users\Ania\AppData\Local\Temp\BackupSetup.exe
  95. C:\Users\Ania\AppData\Local\Temp\BundleSweetIMSetup.exe
  96. C:\Users\Ania\AppData\Local\Temp\csw.exe
  97. C:\Users\Ania\AppData\Local\Temp\Delta.exe
  98. C:\Users\Ania\AppData\Local\Temp\DeltaTB.exe
  99. C:\Users\Ania\AppData\Local\Temp\download-aresregular219_installer.exe
  100. C:\Users\Ania\AppData\Local\Temp\DrvInst32.exe
  101. C:\Users\Ania\AppData\Local\Temp\DrvInst64.exe
  102. C:\Users\Ania\AppData\Local\Temp\eauninstall.exe
  103. C:\Users\Ania\AppData\Local\Temp\hssinst.dll
  104. C:\Users\Ania\AppData\Local\Temp\MybabylonTB.exe
  105. C:\Users\Ania\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
  106. C:\Users\Ania\AppData\Local\Temp\nsaEE05.exe
  107. C:\Users\Ania\AppData\Local\Temp\nsk92CB.exe
  108. C:\Users\Ania\AppData\Local\Temp\nskFC98.exe
  109. C:\Users\Ania\AppData\Local\Temp\nss18EF.exe
  110. C:\Users\Ania\AppData\Local\Temp\nst33A0.exe
  111. C:\Users\Ania\AppData\Local\Temp\nsvBAA9.exe
  112. C:\Users\Ania\AppData\Local\Temp\nsy3568.exe
  113. C:\Users\Ania\AppData\Local\Temp\propsys.dll
  114. C:\Users\Ania\AppData\Local\Temp\SkypeSetup.exe
  115. C:\Users\Ania\AppData\Local\Temp\SPStub.exe
  116. C:\Users\Ania\AppData\Local\Temp\st50220.dll
  117. C:\Users\Ania\AppData\Local\Temp\tbappm.dll
  118. C:\Users\Ania\AppData\Local\Temp\tbedrs.dll
  119. C:\Users\Ania\AppData\Local\Temp\tbWis2.dll
  120. C:\Users\Ania\AppData\Local\Temp\TB_7924.exe
  121. C:\Users\Ania\AppData\Local\Temp\vcredist_x86.exe
  122. C:\Users\Ania\AppData\Local\Temp\WOWInst.exe
  123. C:\Users\Ania\AppData\Local\Temp\WSSetup.exe
  124.  
  125.  
  126. ==================== Known DLLs (Whitelisted) ============
  127.  
  128.  
  129. ==================== Bamital & volsnap Check =================
  130.  
  131. C:\Windows\explorer.exe => MD5 is legit
  132. C:\Windows\System32\winlogon.exe => MD5 is legit
  133. C:\Windows\System32\wininit.exe => MD5 is legit
  134. C:\Windows\System32\svchost.exe => MD5 is legit
  135. C:\Windows\System32\services.exe => MD5 is legit
  136. C:\Windows\System32\User32.dll => MD5 is legit
  137. C:\Windows\System32\userinit.exe => MD5 is legit
  138. C:\Windows\System32\rpcss.dll => MD5 is legit
  139. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
  140.  
  141. ==================== Restore Points =========================
  142.  
  143.  
  144. ==================== Memory info ===========================
  145.  
  146. Percentage of memory in use: 20%
  147. Total physical RAM: 2046.43 MB
  148. Available physical RAM: 1632.39 MB
  149. Total Pagefile: 2046.43 MB
  150. Available Pagefile: 1635.76 MB
  151. Total Virtual: 2047.88 MB
  152. Available Virtual: 1943.74 MB
  153.  
  154. ==================== Drives ================================
  155.  
  156. Drive c: (WINDOWS 7 ULTIMATE) (Fixed) (Total:49.71 GB) (Free:21.75 GB) NTFS
  157. Drive d: (MULTIMEDIA) (Fixed) (Total:87.72 GB) (Free:70.08 GB) NTFS
  158. Drive f: (HP_RECOVERY) (Fixed) (Total:11.52 GB) (Free:2.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
  159. Drive h: (HITMANPRO) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
  160. Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
  161. Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
  162.  
  163. ==================== MBR & Partition Table ==================
  164.  
  165. ========================================================
  166. Disk: 0 (Size: 149 GB) (Disk ID: 3DE1879C)
  167. Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
  168. Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
  169. Partition 3: (Not Active) - (Size=88 GB) - (Type=OF Extended)
  170. Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
  171.  
  172. ========================================================
  173. Disk: 1 (Size: 7 GB) (Disk ID: 2FD51CB6)
  174. Partition 1: (Active) - (Size=7 GB) - (Type=0B)
  175.  
  176.  
  177. LastRegBack: 2013-12-06 22:20
  178.  
  179. ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!