Post by rohwerk on Oct 18, 2013 16:00:35 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-18 16:58:09 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Kyle Rohwer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jdlwlbmq.lnk
ShortcutTarget: jdlwlbmq.lnk -> C:\PROGRA~3\qmblwldj.plz (Eggenberg Corporation)
S2 Winmgmt; C:\PROGRA~3\jdlwlbmq.pzz [61544 2013-10-17] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\jdlwlbmq.pzz [61544 2013-10-17] (Microsoft Corporation)
2013-10-17 08:14 - 2013-10-17 08:14 - 01250304 ____T C:\ProgramData\jdlwlbmq.fki
2013-10-17 07:24 - 2013-10-17 07:24 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\jdlwlbmq.pzz
2013-10-17 07:23 - 2013-10-17 08:14 - 95025368 ____T C:\ProgramData\jdlwlbmq.pff
2013-10-17 07:23 - 2013-10-17 08:14 - 00000000 _____ C:\ProgramData\jdlwlbmq.ctrl
2013-10-17 07:23 - 2013-10-17 07:23 - 00229376 _____ (Eggenberg Corporation) C:\ProgramData\qmblwldj.plz
C:\$Recycle.Bin\S-1-5-21-3506036945-745545750-2397074263-1001\$34abdb91f75e6e4d3541138e74b7a4fe
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe
C:\Users\Kyle Rohwer\AppData\Local\Temp\qxf3lhe_.dll
C:\Users\Kyle Rohwer\AppData\Local\Temp\_is5DD6.exe
C:\Users\Kyle Rohwer\AppData\Local\Temp\~tmf4113820792029229838.dll
end
*****************
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\Users\Kyle Rohwer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jdlwlbmq.lnk => Moved successfully.
C:\PROGRA~3\qmblwldj.plz => Moved successfully.
Winmgmt => Service restored successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\jdlwlbmq.fki => Moved successfully.
C:\ProgramData\jdlwlbmq.pzz => Moved successfully.
C:\ProgramData\jdlwlbmq.pff => Moved successfully.
C:\ProgramData\jdlwlbmq.ctrl => Moved successfully.
"C:\ProgramData\qmblwldj.plz" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-3506036945-745545750-2397074263-1001\$34abdb91f75e6e4d3541138e74b7a4fe => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe => Moved successfully.
C:\Users\Kyle Rohwer\AppData\Local\Temp\qxf3lhe_.dll => Moved successfully.
C:\Users\Kyle Rohwer\AppData\Local\Temp\_is5DD6.exe => Moved successfully.
C:\Users\Kyle Rohwer\AppData\Local\Temp\~tmf4113820792029229838.dll => Moved successfully.
==== End of Fixlog ====
Ran by SYSTEM at 2013-10-18 16:58:09 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Kyle Rohwer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jdlwlbmq.lnk
ShortcutTarget: jdlwlbmq.lnk -> C:\PROGRA~3\qmblwldj.plz (Eggenberg Corporation)
S2 Winmgmt; C:\PROGRA~3\jdlwlbmq.pzz [61544 2013-10-17] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\jdlwlbmq.pzz [61544 2013-10-17] (Microsoft Corporation)
2013-10-17 08:14 - 2013-10-17 08:14 - 01250304 ____T C:\ProgramData\jdlwlbmq.fki
2013-10-17 07:24 - 2013-10-17 07:24 - 00061544 ____T (Microsoft Corporation) C:\ProgramData\jdlwlbmq.pzz
2013-10-17 07:23 - 2013-10-17 08:14 - 95025368 ____T C:\ProgramData\jdlwlbmq.pff
2013-10-17 07:23 - 2013-10-17 08:14 - 00000000 _____ C:\ProgramData\jdlwlbmq.ctrl
2013-10-17 07:23 - 2013-10-17 07:23 - 00229376 _____ (Eggenberg Corporation) C:\ProgramData\qmblwldj.plz
C:\$Recycle.Bin\S-1-5-21-3506036945-745545750-2397074263-1001\$34abdb91f75e6e4d3541138e74b7a4fe
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe
C:\Users\Kyle Rohwer\AppData\Local\Temp\qxf3lhe_.dll
C:\Users\Kyle Rohwer\AppData\Local\Temp\_is5DD6.exe
C:\Users\Kyle Rohwer\AppData\Local\Temp\~tmf4113820792029229838.dll
end
*****************
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\Users\Kyle Rohwer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jdlwlbmq.lnk => Moved successfully.
C:\PROGRA~3\qmblwldj.plz => Moved successfully.
Winmgmt => Service restored successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\jdlwlbmq.fki => Moved successfully.
C:\ProgramData\jdlwlbmq.pzz => Moved successfully.
C:\ProgramData\jdlwlbmq.pff => Moved successfully.
C:\ProgramData\jdlwlbmq.ctrl => Moved successfully.
"C:\ProgramData\qmblwldj.plz" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-3506036945-745545750-2397074263-1001\$34abdb91f75e6e4d3541138e74b7a4fe => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe => Moved successfully.
C:\Users\Kyle Rohwer\AppData\Local\Temp\qxf3lhe_.dll => Moved successfully.
C:\Users\Kyle Rohwer\AppData\Local\Temp\_is5DD6.exe => Moved successfully.
C:\Users\Kyle Rohwer\AppData\Local\Temp\~tmf4113820792029229838.dll => Moved successfully.
==== End of Fixlog ====