1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved can not boot up win 7 corrupt AVc3.sys

Discussion in 'Malware and Virus Removal' started by thanhi, 2016/03/30.

  1. 2016/03/30
    thanhi

    thanhi New Member Thread Starter

    Joined:
    2016/03/30
    Messages:
    2
    Likes Received:
    0
    [Solved] can not boot up win 7 corrupt AVc3.sys

    Please help, after install Bitfender total security 2016 restart windows can not boot up, windows automatic run repair. Can not restore, safemode. I ran Far bar and got text result.
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by SYSTEM on MININT-RMKEKCK (30-03-2016 22:00:40)
    Running from e:\
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    Default: ControlSet002
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-30] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-15] (Apple Inc.)
    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1644824 2016-03-14] (Bitdefender)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [5251072 2010-09-09] (Telstra)
    HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-04-27] (Microsoft Corporation)
    HKU\TERRY BROS 1\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-08] (Advanced Micro Devices, Inc.)
    S4 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-16] (Advanced Micro Devices)
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-06] (Apple Inc.)
    S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-14] ()
    S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [925328 2016-03-21] (Bitdefender)
    S2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [308080 2010-09-01] (Sierra Wireless, Inc.)
    S2 Tyro Terminal Adapter - Update Service; C:\Program Files (x86)\Tyro\Tyro Terminal Adapter\Service\Update.Service.exe [73728 2011-03-10] ()
    S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-02-24] (Bitdefender)
    S2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1679672 2016-03-14] (Bitdefender)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [0 2016-03-29] () <==== ATTENTION (zero byte File/Folder)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [0 2016-03-29] () <==== ATTENTION (zero byte File/Folder)
    S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-08] (BitDefender LLC)
    S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-21] ()
    S3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [0 2016-03-29] () <==== ATTENTION (zero byte File/Folder)
    S0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [290032 2016-02-16] (Bitdefender)
    S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [102656 2010-06-20] (Sierra Wireless Inc.)
    S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [240640 2010-06-20] (Sierra Wireless Inc.)
    S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [210944 2010-06-20] (Sierra Wireless Inc.)
    S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2016-03-29] (BitDefender S.R.L.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-30 22:00 - 2016-03-30 22:00 - 00000000 ____D C:\FRST
    2016-03-29 23:14 - 2016-03-29 23:14 - 00000000 ____D C:\Users\TERRY BROS 1\AppData\Temp
    2016-03-29 22:55 - 2016-03-29 22:55 - 00616404 _____ C:\ProgramData\1459320187.bdinstall.bin
    2016-03-29 22:53 - 2016-03-29 22:53 - 00000385 _____ C:\Windows\System32\user_gensett.xml
    2016-03-29 22:52 - 2016-03-29 22:52 - 00002202 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
    2016-03-29 22:52 - 2016-02-16 17:55 - 00290032 _____ (Bitdefender) C:\Windows\System32\Drivers\ignis.sys
    2016-03-29 22:52 - 2015-12-04 00:27 - 00087912 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
    2016-03-29 22:44 - 2016-03-29 22:56 - 00000000 ____D C:\Users\TERRY BROS 1\AppData\Roaming\Bitdefender
    2016-03-29 22:43 - 2016-03-29 23:26 - 00000000 ____D C:\ProgramData\Bitdefender
    2016-03-29 22:32 - 2016-03-29 22:32 - 10277544 _____ C:\Users\TERRY BROS 1\Downloads\bitdefender_windows_d3a9bff0-6e7d-4bc9-b629-1d4a4dde860c.exe
    2016-03-29 22:16 - 2016-03-29 22:16 - 00000000 ____D C:\Program Files\Bitdefender
    2016-03-29 22:15 - 2016-03-29 22:43 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2016-03-29 22:07 - 2016-03-29 22:07 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2016-03-29 22:05 - 2016-03-30 00:10 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2016-03-29 22:05 - 2016-03-29 22:05 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2016-03-29 22:04 - 2016-03-29 22:05 - 10277544 _____ C:\Users\TERRY BROS 1\Downloads\bitdefender_windows_c96a9e98-cc77-406e-8e3a-14d32c26df44.exe
    2016-03-29 21:28 - 2016-03-30 00:38 - 00086952 _____ C:\Users\TERRY BROS 1\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-29 21:26 - 2016-03-29 21:26 - 00345176 _____ C:\Windows\System32\FNTCACHE.DAT
    2016-03-29 15:20 - 2016-03-29 15:20 - 00084848 _____ (BitDefender SRL) C:\Windows\System32\bdsandboxuiskin.dll.upd
    2016-03-29 15:20 - 2016-03-29 15:20 - 00074512 _____ (BitDefender SRL) C:\Windows\System32\bdsandboxuiskin32.dll.upd
    2016-03-29 15:20 - 2016-03-29 15:20 - 00034384 _____ (BitDefender SRL) C:\Windows\System32\bdsandboxuh.dll.upd
    2016-03-29 15:20 - 2016-03-29 15:20 - 00000000 _____ C:\Windows\System32\Drivers\gzflt.sys
    2016-03-29 15:20 - 2016-03-29 15:20 - 00000000 _____ C:\Windows\System32\Drivers\bdsandbox.sys.upd
    2016-03-29 15:20 - 2016-03-29 15:20 - 00000000 _____ C:\Windows\System32\Drivers\avckf.sys
    2016-03-29 15:20 - 2016-03-29 15:20 - 00000000 _____ C:\Windows\System32\Drivers\avchv.sys
    2016-03-29 15:20 - 2016-03-29 15:20 - 00000000 _____ C:\Windows\System32\Drivers\avc3.sys
    2016-03-29 15:19 - 2016-03-29 15:19 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
    2016-03-29 14:59 - 2016-03-29 14:59 - 00000000 ____D C:\ProgramData\bdch
    2016-03-29 14:48 - 2016-03-29 14:48 - 00000000 ____D C:\Program Files\WinRAR
    2016-03-29 00:01 - 2016-03-29 00:01 - 00000000 _____ C:\autoexec.bat
    2016-03-29 00:00 - 2016-03-29 05:34 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
    2016-03-29 00:00 - 2016-03-29 00:00 - 00003376 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2016-03-29 00:00 - 2016-03-29 00:00 - 00000000 ____D C:\sh4ldr
    2016-03-28 23:59 - 2016-03-29 00:00 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
    2016-03-28 23:43 - 2016-03-29 21:28 - 00143360 ___SH C:\Users\TERRY BROS 1\Desktop\Thumbs.db
    2016-03-28 23:38 - 2016-03-28 23:41 - 00000000 ____D C:\Users\TERRY BROS 1\AppData\Roaming\Wise Registry Cleaner
    2016-03-28 23:38 - 2016-03-28 23:38 - 00001238 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
    2016-03-28 23:37 - 2016-03-30 00:36 - 00000000 ____D C:\Users\TERRY BROS 1\AppData\Roaming\Wise Uninstaller
    2016-03-28 23:37 - 2016-03-28 23:37 - 00001299 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
    2016-03-28 23:26 - 2016-03-29 20:02 - 00000000 ____D C:\Users\TERRY BROS 1\AppData\Roaming\Wise Disk Cleaner
    2016-03-28 23:26 - 2016-03-28 23:38 - 00000000 ____D C:\Program Files (x86)\Wise
    2016-03-28 23:26 - 2016-03-28 23:26 - 00001215 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
    2016-03-22 17:56 - 2016-03-22 17:56 - 00283177 _____ C:\Users\TERRY BROS 1\Documents\Scan0019.pdf
    2016-03-21 22:14 - 2016-03-21 22:15 - 00000000 _____ C:\Users\TERRY BROS 1\AppData\Local\{F7681EEF-B19D-4868-85AE-EF6B767C1990}
    2016-03-21 22:14 - 2016-03-21 22:15 - 00000000 _____ C:\Users\TERRY BROS 1\AppData\Local\{CBA12F07-468C-4944-9756-CB7C2B70B2BB}
    2016-03-19 19:09 - 2016-03-19 19:10 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\SUNSHINE
    2016-03-19 19:09 - 2016-03-19 19:09 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\SUITES
    2016-03-19 19:08 - 2016-03-19 19:08 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\STOCKTAKE
    2016-03-19 19:06 - 2016-03-19 19:07 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\MATTS $ ENS
    2016-03-15 22:06 - 2016-03-15 22:06 - 00000501 _____ C:\Users\TERRY BROS 1\Desktop\Backup and Restore - Shortcut.lnk
    2016-03-15 22:04 - 2016-03-29 00:01 - 00001276 _____ C:\Users\TERRY BROS 1\Desktop\Recovered Files.lnk
    2016-03-15 21:42 - 2016-03-15 21:42 - 00000000 ____D C:\Users\TERRY BROS 1\AppData\Roaming\www.shadowexplorer.com
    2016-03-15 20:32 - 2016-03-15 20:32 - 00033030 _____ C:\Windows\System32\.crusader
    2016-03-15 20:28 - 2016-03-15 20:29 - 00000000 ____D C:\Encrypted Files
    2016-03-15 20:22 - 2016-03-15 20:33 - 00000000 ____D C:\ProgramData\HitmanPro

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-30 00:40 - 2014-11-13 13:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff8b8a8a6b6c.job
    2016-03-30 00:40 - 2013-08-18 23:30 - 00589329 _____ C:\bdlog.txt
    2016-03-30 00:40 - 2011-07-03 18:29 - 00000000 ____D C:\Users\TERRY BROS 1\Documents\Outlook Files
    2016-03-30 00:29 - 2012-05-02 19:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-30 00:13 - 2009-07-13 20:45 - 00040096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-03-30 00:13 - 2009-07-13 20:45 - 00040096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-03-29 23:51 - 2012-04-10 15:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-03-29 23:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2016-03-29 23:09 - 2014-11-13 13:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff8b88fa843e.job
    2016-03-29 23:09 - 2012-05-02 19:49 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-29 23:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-29 21:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2016-03-29 20:51 - 2011-07-03 15:51 - 00000000 ____D C:\RetailM
    2016-03-29 19:52 - 2015-07-29 01:30 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-03-29 03:34 - 2015-08-14 19:17 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\matt template
    2016-03-29 03:34 - 2015-06-15 20:26 - 00000000 ____D C:\Users\TERRY BROS 1\Documents\Bestwin
    2016-03-29 03:34 - 2013-07-31 20:02 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\COMPANY INFO
    2016-03-29 03:34 - 2013-04-29 18:22 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\CLAIM DAMAGE STOCK
    2016-03-29 03:34 - 2012-10-21 14:50 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\GLOBAL-HOME FUR
    2016-03-29 03:34 - 2011-08-28 18:55 - 00000000 ____D C:\RM Safety
    2016-03-29 03:34 - 2011-08-28 16:58 - 00000000 ____D C:\ZD2659
    2016-03-29 03:34 - 2011-07-31 15:11 - 00000000 ____D C:\Netgear
    2016-03-29 03:34 - 2011-07-23 20:55 - 00000000 ____D C:\Users\TERRY BROS 1\Documents\LOGO
    2016-03-29 00:01 - 2015-11-25 21:12 - 00001710 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-03-29 00:01 - 2015-11-25 21:06 - 00001846 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
    2016-03-29 00:01 - 2013-12-15 18:35 - 00002184 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-03-28 23:30 - 2011-07-03 18:20 - 00000000 __RHD C:\MSOCache
    2016-03-28 23:27 - 2011-07-30 21:44 - 00000000 ____D C:\Windows\Minidump
    2016-03-28 23:27 - 2011-04-07 09:10 - 00000000 ____D C:\Windows\Panther
    2016-03-28 23:27 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2016-03-28 23:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
    2016-03-28 22:47 - 2011-07-13 14:10 - 00000000 ____D C:\Program Files (x86)\Google
    2016-03-28 22:36 - 2011-07-02 17:26 - 00000000 ____D C:\users\TERRY BROS 1
    2016-03-28 02:12 - 2013-04-13 18:24 - 00000828 _____ C:\Windows\System32\Drivers\etc\hosts.txt
    2016-03-19 21:08 - 2011-11-14 15:52 - 00000000 ____D C:\Users\TERRY BROS 1\Desktop\TerryBro-Pix
    2016-03-15 20:40 - 2009-07-13 21:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-03-15 20:32 - 2015-11-05 18:15 - 00000000 ____D C:\Users\TERRY BROS 1\AppData\Roaming\tor
    2016-03-13 14:58 - 2015-10-23 18:57 - 00245692 _____ C:\Windows\System32\CFG3941478951

    ==================== Known DLLs (Whitelisted) =========================


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE Association (Whitelisted) =============


    ==================== Restore Points =========================

    Restore point date: 2016-03-30 00:09

    ==================== Memory info ===========================

    Percentage of memory in use: 8%
    Total physical RAM: 12287.3 MB
    Available physical RAM: 11291.15 MB
    Total Virtual: 12285.5 MB
    Available Virtual: 11285.38 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:921.5 GB) (Free:716.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive e: (HP V100W) (Removable) (Total:7.46 GB) (Free:6.7 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 595DD6EF)
    Partition 1: (Active) - (Size=921.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=1C)

    ========================================================
    Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

    Partition: GPT.


    LastRegBack: 2016-03-29 16:06

    ==================== End of FRST.txt ============================


    PLEASE HELP
     
    thanhi,
    #1
  2. 2016/03/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    It looks like something went wrong with that installation.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run [color= "#0000FF"]FRST(FRST64)[/color] and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

    broni,
    #2


  3. to hide this advert.

  4. 2016/03/31
    thanhi

    thanhi New Member Thread Starter

    Joined:
    2016/03/30
    Messages:
    2
    Likes Received:
    0
    Hi Broni,
    !!!!!!!!! YOU ARE MY HERO !!!!!!!!
    After ran the The Farbar Recovery Tool with your file fixlist.txt I was able to boot into the windows normally without any problem. I am greatly appreciate your help. The only thing I notice is Bitdefender Total Security 2016 not running properly such as:
    1. Real time file protection is disable.
    2. Instrusion not working (white out)
    3. Ransomeware protection at boot is not working (white out)
    Should I uninstall bitdefender and reinstall it?
    This is fixlog.txt generated from the Farbar.
    Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by SYSTEM (2016-03-31 18:03:01) Run:1
    Running from e:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    GroupPolicyScripts: Restriction <======= ATTENTION
    S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [0 2016-03-29] () <==== ATTENTION (zero byte File/Folder)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [0 2016-03-29] () <==== ATTENTION (zero byte File/Folder)
    C:\Windows\System32\DRIVERS\avc3.sys
    C:\Windows\System32\DRIVERS\avckf.sys
    S3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [0 2016-03-29] () <==== ATTENTION (zero byte File/Folder)
    C:\Windows\System32\DRIVERS\gzflt.sys

    *****************

    C:\Windows\System32\GroupPolicy\Machine => moved successfully
    avc3 => service removed successfully
    avckf => service removed successfully
    C:\Windows\System32\DRIVERS\avc3.sys => moved successfully
    C:\Windows\System32\DRIVERS\avckf.sys => moved successfully
    gzflt => service removed successfully
    C:\Windows\System32\DRIVERS\gzflt.sys => moved successfully

    ==== End of Fixlog 18:03:01 ====
     
    thanhi,
    #3
  5. 2016/03/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    The fix removed some Bitdefender services and files.
    You need to reinstall it.
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...