Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

stuck in the error loop of restarting every 60 seconds


  • This topic is locked This topic is locked
26 replies to this topic

#1 NETX_guy

NETX_guy

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 17 July 2012 - 11:50 PM

Hi I hope you can help me.

One of my computers was struck with the Security Shield malware.
I tried removing it and now it is stuck in the error loop of restarting every 60 seconds.
This happens even in safe mode.
The error message I receive is: "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."

The computer is a HP/Compaq SR5113WM running Vista home basic

It will not stay on long enough to generate a DDS or GMER log.
The infected computer is disconnected from the router.
I have a clean computer and a flash drive to download tools.

I run Farbar Recovery Scan Tool and here is the scan log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 17-07-2012 22:56:57
Running from J:\
Windows Vista ™ Home Basic (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
HKLM\...\runonceex: [Flags] 128 [x]
HKLM\...\runonceex: [Title] UnHackMe Rootkit Check [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit, [1716784 2012-04-24] (Soluto)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
IMEO\taskmgr.exe: [Debugger] "C:\WINDOWS\SYSTEM32\PROCEXP.EXE"

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
4 IHA_MessageCenter; "C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [335888 2012-06-11] (Verizon)
4 lxcz_device; C:\Windows\system32\lxczcoms.exe -service [537520 2007-04-19] ( )
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 SolutoService; "C:\Program Files\Soluto\SolutoService.exe" [584224 2012-04-24] (Soluto)
4 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe /service /p verizondm [206120 2011-02-01] (SupportSoft, Inc.)
4 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2011-02-01] (SupportSoft, Inc.)
4 IDriverT; "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [x]
4 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
4 RoxMediaDB9; "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [x]
4 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
3 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
3 TipCtrl; "C:\Program Files\uTIPu\TipCtrl.exe" [x]
3 WJA; C:\Users\Bill\AppData\Local\Temp\WJA.exe [x]
3 YOIEB; C:\Users\Bill\AppData\Local\Temp\YOIEB.exe [x]

========================== Drivers (Whitelisted) =============

1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2005-04-07] ()
3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [7808 2009-03-24] (Secunia)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [8944 2008-12-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2008-12-22] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2008-12-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2012-04-24] (Soluto LTD.)
3 U6000ALL; C:\Windows\System32\DRIVERS\U6000ALL.sys [230784 2007-07-13] ()
3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [251904 2006-11-01] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2006-11-01] (Conexant Systems, Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [x]
3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [x]
3 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-17 21:17 - 2012-07-17 21:17 - 00000000 ____D C:\FRST
2012-07-17 19:15 - 2012-07-16 21:11 - 00294216 ____A C:\Users\Bill\Desktop\gmer.zip
2012-07-17 19:15 - 2011-07-16 19:21 - 00302592 ____A C:\Users\Bill\Desktop\gmer.exe
2012-07-17 19:03 - 2012-07-16 20:12 - 00607260 ____R (Swearware) C:\Users\Bill\Desktop\dds.scr
2012-07-16 22:53 - 2012-07-16 22:53 - 00000763 ____A C:\Users\Bill\Desktop\shutdown.exe.lnk
2012-07-16 22:49 - 2012-07-16 22:50 - 00000763 ____A C:\Users\Bill\Desktop\stop shutdown.exe.lnk
2012-07-16 14:45 - 2012-07-16 14:45 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-10 16:01 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 15:56 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 15:56 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 15:56 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 15:56 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 15:56 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 15:56 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 15:56 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 15:56 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 15:56 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 15:56 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 15:56 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 15:56 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 15:56 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 15:56 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 14:32 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 14:31 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 14:31 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 14:18 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 14:18 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 14:18 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-23 14:14 - 2012-06-23 14:14 - 00000000 ____D C:\Users\Bill\Local Settings\Macromedia
2012-06-23 14:14 - 2012-06-23 14:14 - 00000000 ____D C:\Users\Bill\Local Settings\Application Data\Macromedia
2012-06-23 14:14 - 2012-06-23 14:14 - 00000000 ____D C:\Users\Bill\AppData\Local\Macromedia
2012-06-21 11:18 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 11:18 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 11:18 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 11:18 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 11:17 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 11:17 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 11:17 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 11:17 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 11:17 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-17 19:51 - 2010-01-14 21:32 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-17 19:51 - 2008-06-25 21:53 - 00066786 ____A C:\lxcz.log
2012-07-17 19:51 - 2006-11-02 04:58 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-17 19:51 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 19:51 - 2006-11-02 04:45 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-17 19:51 - 2006-11-02 04:45 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 19:27 - 2009-08-04 11:40 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-17 18:58 - 2009-10-22 13:03 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291540634-4171002908-2460146118-1000UA.job
2012-07-17 17:27 - 2007-05-22 18:52 - 01662675 ____A C:\Windows\WindowsUpdate.log
2012-07-16 22:53 - 2012-07-16 22:53 - 00000763 ____A C:\Users\Bill\Desktop\shutdown.exe.lnk
2012-07-16 22:50 - 2012-07-16 22:49 - 00000763 ____A C:\Users\Bill\Desktop\stop shutdown.exe.lnk
2012-07-16 21:11 - 2012-07-17 19:15 - 00294216 ____A C:\Users\Bill\Desktop\gmer.zip
2012-07-16 20:12 - 2012-07-17 19:03 - 00607260 ____R (Swearware) C:\Users\Bill\Desktop\dds.scr
2012-07-16 17:39 - 2012-03-30 13:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-16 17:10 - 2011-01-26 13:58 - 00002086 ____A C:\Windows\epplauncher.mif
2012-07-16 15:29 - 2011-01-26 14:00 - 00021412 ____A C:\Windows\PFRO.log
2012-07-16 14:58 - 2009-10-22 13:03 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1291540634-4171002908-2460146118-1000Core.job
2012-07-16 14:45 - 2006-11-02 02:33 - 00721296 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-16 14:40 - 2010-01-14 21:32 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-16 12:40 - 2012-01-28 09:48 - 00000872 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-16 12:40 - 2012-01-28 09:48 - 00000872 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-16 05:54 - 2007-10-11 09:37 - 00131072 ____A C:\Windows\System32\Ikeext.etl
2012-07-16 05:53 - 2012-03-30 13:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-16 05:53 - 2012-03-07 19:30 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-15 12:59 - 2007-10-02 21:06 - 00035328 ____A C:\Users\Bill\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-15 12:59 - 2007-10-02 21:06 - 00035328 ____A C:\Users\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-15 12:59 - 2007-10-02 21:06 - 00035328 ____A C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-14 08:20 - 2011-04-20 12:45 - 00000224 ____A C:\Users\Bill\Desktop\billstvs.txt
2012-07-10 16:09 - 2006-11-02 04:44 - 00412416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 15:57 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-03 10:46 - 2008-11-01 18:13 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-13 05:40 - 2012-07-10 16:01 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 07:18 - 2012-03-07 20:28 - 00001693 ____A C:\Users\Public\Desktop\AIM.lnk
2012-06-12 07:18 - 2012-03-07 20:28 - 00001693 ____A C:\Users\All Users\Desktop\AIM.lnk
2012-06-12 07:18 - 2010-07-23 15:29 - 00001123 ___AH C:\IPH.PH
2012-06-08 09:47 - 2012-07-10 14:32 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-10 14:31 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-10 14:31 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-10 14:18 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-03 08:13 - 2010-11-19 18:06 - 00000959 ____A C:\Users\Bill\Desktop\Dropbox.lnk
2012-06-02 14:19 - 2012-06-21 11:18 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:18 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:18 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:17 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:17 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 11:18 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 11:17 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 11:17 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-21 11:17 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-10 15:56 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-10 15:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-10 15:56 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-10 15:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-10 15:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 15:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-10 15:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-10 15:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 15:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 15:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-10 15:56 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-10 15:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 15:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-10 14:18 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-10 14:18 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-13 12:20 - 2012-05-13 12:20 - 00221228 ____A C:\Users\Bill\My Documents\Bell5.wav
2012-05-13 12:20 - 2012-05-13 12:20 - 00221228 ____A C:\Users\Bill\Documents\Bell5.wav
2012-05-13 12:19 - 2012-05-13 12:19 - 00262188 ____A C:\Users\Bill\My Documents\Bell4.wav
2012-05-13 12:19 - 2012-05-13 12:19 - 00262188 ____A C:\Users\Bill\Documents\Bell4.wav
2012-05-13 12:16 - 2012-05-13 12:16 - 04030786 ____A C:\Users\Bill\My Documents\Recorded Audio May-13-2012 03-16-11 PM.wav
2012-05-13 12:16 - 2012-05-13 12:16 - 04030786 ____A C:\Users\Bill\Documents\Recorded Audio May-13-2012 03-16-11 PM.wav
2012-05-13 12:07 - 2012-05-13 12:07 - 00014275 ____A C:\Users\Bill\My Documents\Bell5.wma
2012-05-13 12:07 - 2012-05-13 12:07 - 00014275 ____A C:\Users\Bill\Documents\Bell5.wma
2012-05-13 12:05 - 2012-05-13 12:05 - 00018769 ____A C:\Users\Bill\My Documents\Bell4.wma
2012-05-13 12:05 - 2012-05-13 12:05 - 00018769 ____A C:\Users\Bill\Documents\Bell4.wma
2012-05-13 11:57 - 2012-05-13 11:57 - 00157639 ____A C:\Users\Bill\My Documents\Bell3.wma
2012-05-13 11:57 - 2012-05-13 11:57 - 00157639 ____A C:\Users\Bill\Documents\Bell3.wma
2012-05-13 11:57 - 2012-05-13 11:45 - 00014275 ____A C:\Users\Bill\My Documents\Bell2.wma
2012-05-13 11:57 - 2012-05-13 11:45 - 00014275 ____A C:\Users\Bill\Documents\Bell2.wma
2012-05-13 11:37 - 2012-05-13 11:37 - 00094779 ____A C:\Users\Bill\My Documents\bell1.wma
2012-05-13 11:37 - 2012-05-13 11:37 - 00094779 ____A C:\Users\Bill\Documents\bell1.wma
2012-05-01 06:03 - 2012-06-12 13:14 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-30 16:32 - 2012-04-30 16:32 - 00425482 ____A C:\Windows\System32\reg backup 043012.reg
2012-04-27 10:19 - 2012-04-27 10:19 - 00000000 ____A C:\Windows\setuperr.log
2012-04-27 10:19 - 2012-04-27 10:19 - 00000000 ____A C:\Windows\setupact.log
2012-04-24 14:13 - 2011-07-13 06:47 - 00051144 ____A (Soluto LTD.) C:\Windows\System32\Drivers\Soluto.sys
2012-04-23 08:00 - 2012-06-12 13:14 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:00 - 2012-06-12 13:14 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:00 - 2012-06-12 13:14 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-20 11:10 - 2012-04-20 11:10 - 00002056 ____A C:\Users\Bill\Desktop\Kindle.lnk
2012-04-19 09:53 - 2008-04-09 18:07 - 00001862 ____A C:\Users\Bill\Application Data\wklnhst.dat
2012-04-19 09:53 - 2008-04-09 18:07 - 00001862 ____A C:\Users\Bill\AppData\Roaming\wklnhst.dat


ZeroAccess:
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}\@
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}\L
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}\U
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}\L\00000004.@
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}\L\1afb2d56
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}\L\201d3dde

ZeroAccess:
C:\Users\Bill\AppData\Local\{19c69135-838a-198a-8710-d73f101cf680}
C:\Users\Bill\AppData\Local\{19c69135-838a-198a-8710-d73f101cf680}\@
C:\Users\Bill\AppData\Local\{19c69135-838a-198a-8710-d73f101cf680}\L
C:\Users\Bill\AppData\Local\{19c69135-838a-198a-8710-d73f101cf680}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe C5488EA6408AD0C3CC3E3CB876CBBED4 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 1917.94 MB
Available physical RAM: 1449.36 MB
Total Pagefile: 1660.86 MB
Available Pagefile: 1515.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.18 MB

======================= Partitions =========================

1 Drive c: (COMPAQ) (Fixed) (Total:140.67 GB) (Free:83.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:8.38 GB) (Free:0.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.81 GB) FAT
9 Drive k: (80gigdrive) (Fixed) (Total:74.53 GB) (Free:2.86 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 1528 KB
Disk 1 Online 149 GB 2000 KB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 1914 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 32 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 K 80gigdrive NTFS Partition 75 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 141 GB 32 KB
Partition 2 Primary 8 GB 141 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C COMPAQ NTFS Partition 141 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 D Recovery NTFS Partition 8 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1910 MB 4032 KB

==================================================================================

Disk: 6
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 J KINGSTON FAT Removable 1910 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-16 14:38

======================= End Of Log ==========================

Thanks,
NETX_guy

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 18 July 2012 - 01:01 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NETX_guy

NETX_guy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 18 July 2012 - 03:19 PM

Thanks for your help.
I started running Fabar Recovery Scan Tool "Search:services.exe" this morning.
It has been running over 6 hours now and hasn't concluded.
Is it normal to take this long?
Should I disconnect the second hard drive and run it again?

Thanks,
NETX_guy

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 18 July 2012 - 03:26 PM

disconect the other harddrive and try again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NETX_guy

NETX_guy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 18 July 2012 - 07:28 PM

I disconnected the second hard drive, rebooted, and restarted the Farbar Recovery Scan Tool search.
It has been running 3.5 hours and still no log.
it just says "Search is in progress, please wait..."

NETX_guy

Edited by NETX_guy, 18 July 2012 - 07:28 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 18 July 2012 - 08:44 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 NETX_guy

NETX_guy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 18 July 2012 - 09:50 PM

Thanks for your help.
Here is the report.txt

Wed Jul 18 21:38:22 UTC 2012
Driver report for /mnt/sda3/hp/Apps/APP06918/src/Suport64/SRTSP/SRTSPx64/System32/Drivers /mnt/sda3/hp/Apps/APP06918/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtsp64.sys has NO Company Name! /mnt/sda3/hp/Apps/APP06918/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspl64.sys has NO Company Name! /mnt/sda3/hp/Apps/APP06918/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspx64.sys has NO Company Name!

e0af52a80fa12202bd6e91fd3d03005c /mnt/sda3/hp/Apps/APP06918/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtsp64.sys
Symantec Corporation

f29be5027b6fd3459fc7818d463b3dd8 /mnt/sda3/hp/Apps/APP06918/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspl64.sys
Symantec Corporation

8d8f19162c6191a8829d0bbde659a20b /mnt/sda3/hp/Apps/APP06918/src/Suport64/SRTSP/SRTSPx64/System32/Drivers/srtspx64.sys
Symantec Corporation

Driver report for /mnt/sda3/hp/Apps/APP06918/src/Support/SRTSP/SRTSP/System32/Drivers /mnt/sda3/hp/Apps/APP06918/src/Support/SRTSP/SRTSP/System32/Drivers/srtspl.sys has NO Company Name! /mnt/sda3/hp/Apps/APP06918/src/Support/SRTSP/SRTSP/System32/Drivers/srtsp.sys has NO Company Name! /mnt/sda3/hp/Apps/APP06918/src/Support/SRTSP/SRTSP/System32/Drivers/srtspx.sys has NO Company Name!

c70a2581e35e03c85f29aa1bc723659a /mnt/sda3/hp/Apps/APP06918/src/Support/SRTSP/SRTSP/System32/Drivers/srtspl.sys
Symantec Corporation

ed5e9f3bf11d0bb770f652b22ec26465 /mnt/sda3/hp/Apps/APP06918/src/Support/SRTSP/SRTSP/System32/Drivers/srtsp.sys
Symantec Corporation

05f2db228922e6b8a001ed83ee4d1153 /mnt/sda3/hp/Apps/APP06918/src/Support/SRTSP/SRTSP/System32/Drivers/srtspx.sys
Symantec Corporation

Driver report for /mnt/sda1/Windows/System32/drivers
5d7be7b19e827125e016325334e58ff1 BANTExt.sys has NO Company Name!

b46aa621e7bd4fe150bcc140daceda1b 1394bus.sys
Microsoft Corporation

82b296ae1892fe3dbee00c9cf92f8ac7 acpi.sys
Microsoft Corporation

2edc5bbac6c651ece337bde8ed97c9fb adp94xx.sys
Adaptec

b84088ca3cdca97da44a984c6ce1ccad adpahci.sys
Adaptec

7880c67bccc27c86fd05aa2afb5ea469 adpu160m.sys
Adaptec

9ae713f8e30efc2abccd84904333df4d adpu320.sys
Adaptec

3911b972b55fea0478476b2e777b29fa afd.sys
Microsoft Corporation

ef23439cdd587f64c2c1b8825cead7d8 AGP440.sys
Microsoft Corporation

90395b64600ebb4552e26e178c94b2e4 aliide.sys
Acer Laboratories

2b13e304c9dfdfa5eb582f6a149fa2c7 AMDAGP.SYS
Microsoft Corporation

0577df1d323fe75a739c787893d300ea amdide.sys
Microsoft Corporation

dc487885bcef9f28eece6fac0e5ddfc5 amdk7.sys
Microsoft Corporation

93ae7f7dd54ab986a6f1a1b37be7442d amdk8.sys
Microsoft Corporation

957f7540b5e7f602e44648c7de5a1c05 arcsas.sys
Adaptec

5f673180268bb1fdb69c99b6619fe379 arc.sys
Adaptec

53b202abee6455406254444303e87be1 asyncmac.sys
Microsoft Corporation

1f05b78ab91c9075565a9d8a4b880bc4 atapi.sys
Microsoft Corporation

64b0052340b8ec28fa8a56b708ae71cc ataport.sys
Microsoft Corporation

5d7be7b19e827125e016325334e58ff1 BANTExt.sys

87d8e49d1615d419efceddefe02161cc battc.sys
Microsoft Corporation

9f5f8f2318dfa3974a6f6a5602733929 bdasup.sys
Microsoft Corporation

67e506b75bd5326a3ec7b70bd014dfb6 beep.sys
Microsoft Corporation

35f376253f687bde63976ccb3f2108ca bowser.sys
Microsoft Corporation

9f9acc7f7ccde8a15c282d3f88b43309 BrFiltLo.sys
Brother Industries

56801ad62213a41f6497f96dee83755a BrFiltUp.sys
Brother Industries

b1564976d98e91fc764d5dc28a0297da bridge.sys
Microsoft Corporation

b304e75cff293029eddf094246747113 BrSerId.sys
Brother Industries

203f0b1e73adadbbb7b7b1fabd901f6b BrSerWdm.sys
Brother Industries

bd456606156ba17e60a04e18016ae54b BrUsbMdm.sys
Brother Industries

af72ed54503f717a43268b3cc5faec2e BrUsbSer.sys
Brother Industries

ad07c1ec6665b8b35741ab91200c6b68 bthmodem.sys
Microsoft Corporation

7add03e75beb9e6dd102c3081d29840a cdfs.sys
Microsoft Corporation

837eef65af62d4e8a37c41d3879f7274 cdr4_xp.sys
Sonic Solutions

579da2f9f5401f55dae2cf8779d61dfc cdralw2k.sys
Sonic Solutions

6b4bffb9becd728097024276430db314 cdrom.sys
Microsoft Corporation

da8e0afc7baa226c538ef53ac2f90897 circlass.sys
Microsoft Corporation

0767b09c74d935a590b4879d14463b64 Classpnp.sys
Microsoft Corporation

45201046c776ffdaf3fc8a0029c581c8 cmdide.sys
CMD Technology

82b8c91d327cfecf76cb58716f7d4997 compbatt.sys
Microsoft Corporation

36975327ef03949cc378ab01e316b574 crashdmp.sys
Microsoft Corporation

2a213ae086bbec5e937553c7d9a2b22c crcdisk.sys
Microsoft Corporation

22a7f883508176489f559ee745b5bf5d crusoe.sys
Microsoft Corporation

699ef0fd9ae72b7f5ad756e382c73e0e dfmirage.sys
H`e@@VS_VERSION_INFOii?"StringFileInfo|B>CompanyNameDemoForge,LLCDFileDescriptionMirageDriver@FileVersion.(build)vInternalNamedfummd.sysLegalCopyright-DemoForge,LLC.Allrightsreserved.>vOriginalFilenamedfummd.sysPrivateBuild<ProductNameMirageDriverDProductVersion.(build)DVarFileInfo$Translation

622c41a07ca7e6dd91770f50d532cb6c dfsc.sys
Microsoft Corporation

494075282e23d838f43a4c9fb7143959 Diskdump.sys
Microsoft Corporation

5d4aefc3386920236a548271f8f1af6a disk.sys
Microsoft Corporation

ae1fdf7bf7bb6c6a70f67699d880592a djsvs.sys
Adaptec

97fef831ab90bee128c9af390e243f80 drmkaud.sys
Microsoft Corporation

7be5a3c671a2cb56e94403bfc2020a0d drmk.sys
Microsoft Corporation

c67ebf9c05531c406e1e079ff669a2e6 Dumpata.sys
Microsoft Corporation

eaaafef04fbb45665c9576e525d45a12 dxapi.sys
Microsoft Corporation

c68ac676b0ef30cfbb1080adce49eb1f dxgkrnl.sys
Microsoft Corporation

c8d5369bfe193b5fb53337dce77ce314 dxg.sys
Microsoft Corporation

f88fb26547fd2ce6d0a5af2985892c48 E1G60I32.sys
Intel Corporation

7f64ea048dcfac7acf8b4d7b4e6fe371 ecache.sys
Microsoft Corporation

e8f3f21a71720c84bcf423b80028359f elxstor.sys
Emulex

22b408651f9123527bcee54b4f6c5cae exfat.sys
Microsoft Corporation

1e9b9a70d332103c52995e957dc09ef8 fastfat.sys
Microsoft Corporation

63bdada84951b9c03e641800e176898a fdc.sys
Microsoft Corporation

a8c0139a884861e3aae9cfe73b208a9f fileinfo.sys
Microsoft Corporation

0ae429a696aecbc5970e3cf2c62635ae filetrace.sys
Microsoft Corporation

6603957eff5ec62d25075ea8ac27de68 flpydisk.sys
Microsoft Corporation

01334f9ea68e6877c4ef05d3ea8abb05 fltMgr.sys
Microsoft Corporation

b972a66758577e0bfd1de0f91aaa27b5 fs_rec.sys
Microsoft Corporation

b0082808a6856a252f7cdd939892ce50 fssfltr.sys
Microsoft Corporation

73594dbc99e22958150192ee99bc48ce FWPKCLNT.SYS
Microsoft Corporation

4e1cd0a45c50a8882616cae5bf82f3c5 GAGP30KX.SYS
Microsoft Corporation

062452b7ffd68c8c042a6261fe8dff4a hdaudbus.sys
Microsoft Corporation

cb04c744be0a61b1d648faed182c3b59 HdAudio.sys
Microsoft Corporation

1338520e78d90154ed6be8f84de5fceb hidbth.sys
Microsoft Corporation

5961cadb7cad938368d2028725ef771d hidclass.sys
Microsoft Corporation

ff3160c3a2445128c5a6d9b076da519e hidir.sys
Microsoft Corporation

175444d3a01ca45d0e1c5dc5f48df7cd hidparse.sys
Microsoft Corporation

cca4b519b17e23a00b826c55716809cc hidusb.sys
Microsoft Corporation

df353b401001246853763c4b7aaa6f50 HpCISSs.sys
Hewlett-Packard

72cc6a8ca7891031d6380db5025c773c HSX_CNXT.sys
Conexant

88749fbf8beb18c90e7d6626c8c1910b HSX_DP.sys
Conexant

fe440536bd98af772130dc3a6fe1915f HSXHWBS2.sys
Conexant

0eeeca26c8d4bde2a4664db058a81937 http.sys
Microsoft Corporation

8420bf9ad8ae0b4a96f30bd7c8fb9adf i2omgmt.sys
Microsoft Corporation

324c2152ff2c61abae92d09f3cca4d63 i2omp.sys
Microsoft Corporation

22d56c8184586b7a1f6fa60be5f5a2bd i8042prt.sys
Microsoft Corporation

c957bf4b5d80b46c5017bf0101e6c906 iaStorV.sys
Intel Corporation

2d077bf86e843f901d8db709c95b49a5 iirsp.sys
Intel Corp

97469037714070e45194ed318d636401 intelide.sys
Microsoft Corporation

ce44cc04262f28216dd4341e9e36a16f intelppm.sys
Microsoft Corporation

62c265c38769b864cb25b4bcf62df6c3 ipfltdrv.sys
Microsoft Corporation

40f34f8aba2a015d780e4b09138b6c17 IPMIDrv.sys
Microsoft Corporation

8793643a67b42cec66490b2a0cf92d68 ipnat.sys
Microsoft Corporation

e50a95179211b12946f7e035d60af560 irda.sys
Microsoft Corporation

109c0dfb82c3632fbd11949b73aeeac9 irenum.sys
Microsoft Corporation

350fca7e73cf65bcef43fae1e4e91293 isapnp.sys
Microsoft Corporation

bced60d16156e428f8df8cf27b0df150 iteatapi.sys
Integrated Technology Express

06fa654504a498c30adca8bec4e87e7e iteraid.sys
Integrated Technology Express

37605e0a8cf00cbba538e753e4344c6e kbdclass.sys
Microsoft Corporation

d2600cb17b7408b4a83f231dc9a11ac3 kbdhid.sys
Microsoft Corporation

566c5fd480fdbce3ba5cf9fbcffaea9a KMWDFILTER.sys
?baJStringFileInfo&Bv+CompanyNameWindows®CodenameLonghornDDKprovidern#FileDescriptionKMWDFilterDriverfromUASSOFT.COM`FileVersion...builtby:WinDDKBInternalNameKMWDFilter.sys:.LegalCopyrightMicrosoftCorporation.Allrightsreserved.JOriginalFilenameKMWDFilter.sys:r)ProductNameWindows®CodenameLonghornDDKdriverBProductVersion...DVarFileInfo$Translationt*

4a1445efa932a3baf5bdb02d7131ee20 ksecdd.sys
Microsoft Corporation

ef73c1e29fbe7b0fd0274bf4394e346a ks.sys
Microsoft Corporation

d1c5883087a0c3f1344d9d55a44901f6 lltdio.sys
Microsoft Corporation

a2262fb9f28935e862b4db46438c80d2 lsi_fc.sys
LSI Logic

30d73327d390f72a62f32c103daf1d6d lsi_sas.sys
LSI Logic

e1e36fefd45849a95f1ab81de0159fe3 lsi_scsi.sys
LSI Logic

8f5c7426567798e62a3b3614965d62cc luafv.sys
Microsoft Corporation

6dfe7f2e8e8a337263aa5c92a215f161 mbam.sys
Malwarebytes Corporation

b271ec02e71271a2da28b3b7bc4e4f15 mcd.sys
Microsoft Corporation

0cea2d0d3fa284b85ed5b68365114f76 mdmxsdk.sys
Conexant

d153b14fc6598eae8422a2037553adce megasas.sys
LSI Logic

e13b5ea0f51ba5b1512ec671393d09ba modem.sys
Microsoft Corporation

0a9bb33b56e294f686abb7c1e4e2d8a8 monitor.sys
Microsoft Corporation

5bf6a1326a335c5298477754a506d263 mouclass.sys
Microsoft Corporation

93b8d4869e12cfbe663915502900876f mouhid.sys
Microsoft Corporation

bdafc88aa6b92f7842416ea6a48e1600 mountmgr.sys
Microsoft Corporation

d993bea500e7382dc4e760bf4f35efcb MpFilter.sys
Microsoft Corporation

583a41f26278d9e0ea548163d6139397 mpio.sys
Microsoft Corporation

22241feba9b2defa669c8cb0a8dd7d2e mpsdrv.sys
Microsoft Corporation

4fbbb70d30fd20ec51f80061703b001e Mraid35x.sys
LSI Logic

82cea0395524aacfeb58ba1448e8325c mrxdav.sys
Microsoft Corporation

4fccb34d793b116423209c0f8b7a3b03 mrxsmb10.sys
Microsoft Corporation

c3cb1b40ad4a0124d617a1199b0b9d7c mrxsmb20.sys
Microsoft Corporation

1e94971c4b446ab2290deb71d01cf0c2 mrxsmb.sys
Microsoft Corporation

742aed7939e734c36b7e8d6228ce26b7 msahci.sys
Microsoft Corporation

3fc82a2ae4cc149165a94699183d3028 msdsm.sys
Microsoft Corporation

a9927f4a46b816c92f461acb90cf8515 msfs.sys
Microsoft Corporation

0f400e306f385c56317357d6dea56f62 msisadrv.sys
Microsoft Corporation

232fa340531d940aac623b121a595034 msiscsi.sys
Microsoft Corporation

d8c63d34d9c9e56c059e24ec7185cc07 mskssrv.sys
Microsoft Corporation

1d373c90d62ddb641d50e55b9e78d65e mspclock.sys
Microsoft Corporation

b572da05bf4e098d4bba3a4734fb505b mspqm.sys
Microsoft Corporation

b49456d70555de905c311bcda6ec6adb msrpc.sys
Microsoft Corporation

e384487cb84be41d09711c30ca79646c mssmbios.sys
Microsoft Corporation

7199c1eec1e4993caf96b8c0a26bd58a mstee.sys
Microsoft Corporation

6a57b5733d4cb702c8ea4542e836b96c mup.sys
Microsoft Corporation

1357274d1883f68300aeadd15d7bbb42 ndis.sys
Microsoft Corporation

0e186e90404980569fb449ba7519ae61 ndistapi.sys
Microsoft Corporation

d6973aa34c4d5d76c0430b181c3cd389 ndisuio.sys
Microsoft Corporation

818f648618ae34f729fdb47ec68345c3 ndiswan.sys
Microsoft Corporation

71dab552b41936358f3b541ae5997fb3 ndproxy.sys
Microsoft Corporation

bcd093a5a6777cf626434568dc7dba78 netbios.sys
Microsoft Corporation

ecd64230a59cbd93c85f1cd1cab9f3f6 netbt.sys
Microsoft Corporation

3546c0b6f2d808d4e6294a9d6b25151b netio.sys
Microsoft Corporation

2e7fb731d4790a1bc6270accefacb36e nfrd960.sys
IBM Corp

b52f26bade7d7e4a79706e3fd91834cd NisDrvWFP.sys
Microsoft Corporation

d36f239d7cce1931598e8fb90a0dbc26 npfs.sys
Microsoft Corporation

b48dc6abcd3aeff8618350ccbdc6b09a npf.sys
tH`fVS_VERSION_INFOaa?a@StringFileInfobPCompanyNameCACETechnologies,Inc.l"FileDescriptionnpf.sys(NT/x)KernelDrivervFileVersion...nInternalNameNPF+TME`LegalCopyrightCopyright-CACETechnologies.Copyright-NetGroup,PolitecnicodiTorino.(LegalTrademarksbOriginalFilenamenpf.sysbProductNameWinPcap:vProductVersion...,BuildDescriptionDVarFileInfo$Translation

609773e344a97410ce4ebf74a8914fcf nsiproxy.sys
Microsoft Corporation

6a4a98cee84cf9e99564510dda4baa47 ntfs.sys
Microsoft Corporation

e875c093aec0c978a90f30c9e0dfbb72 ntrigdigi.sys
N-trig Innovative Technologies

c5dbbcda07d780bda9b685df333bb41e null.sys
Microsoft Corporation

07c186427eb8fcc3d8d7927187f260f7 NV_AGP.SYS
Microsoft Corporation

fbba09782f2fac5a57619df378ba9372 nvlddmkm.sys
NVIDIA Corporation

1657f3fbd9061526c14ff37e79306f98 nvm60x32.sys
NVIDIA Corporation

d958a2b5f6ad5c3b8ccdc4d7da62466c nvmfdx32.sys
NVIDIA Corporation

e69e946f80c1c31c53003bfbf50cbb7c nvraid.sys
NVIDIA Corporation

63b7838e9c272baaa7b33a0ca4ebb748 nvstor32.sys
NVIDIA Corporation

9e0ba19a28c498a6d323d065db76dffc nvstor.sys
NVIDIA Corporation

85c44fdff9cf7e72a40dcb7ec06a4416 nwifi.sys
Microsoft Corporation

be32da025a0be1878f0ee8d6d9386cd5 ohci1394.sys
Microsoft Corporation

99514faa8df93d34b5589187db3aa0ba pacer.sys
Microsoft Corporation

0fa9b5055484649d63c303fe404e5f4d parport.sys
Microsoft Corporation

b9c2b89f08670e159f7181891e449cd9 partmgr.sys
Microsoft Corporation

4f9a6a8a31413180d0fcb279ad5d8112 parvdm.sys
Microsoft Corporation

1636d43f10416aeb483bc6001097b26c pciide.sys
Microsoft Corporation

6429d10c5d149ac9eb2d95052a390cff pciidex.sys
Microsoft Corporation

941dc1d19e7e8620f40bbc206981efdb pci.sys
Microsoft Corporation

e6f3fb1b86aa519e7698ad05e58b04e5 pcmcia.sys
Microsoft Corporation

6349f6ed9c623b44b52ea3c63c831a92 PEAuth.sys
Microsoft Corporation

218286724ec530ff252648369e05b090 portcls.sys
Microsoft Corporation

0e3cef5d28b40cf273281d620c50700a processr.sys
Microsoft Corporation

db2e4fc8afb22525d90818a30f53ec11 psi_mf.sys
tHVS_VERSION_INFO?baLStringFileInfo(ebCompanyNameSecuniaNFileDescriptionSecuniaPSIDriverbFileVersion...vInternalNamepsi_mf.sysZLegalCopyrightCopyright©SecuniaOriginalFilenamePSIh$ProductNameSecuniaPersonalSoftwareInspectorbProductVersion...DVarFileInfo$Translationt*

d86b4a68565e444d76457f14172c875a pxhelp20.sys
Sonic Solutions

ccdac889326317792480c0a67156a1ec ql2300.sys
QLogic Corporation

81a7e5c076e59995d54bc1ed3a16e60b ql40xx.sys
QLogic Corporation

9f5e0e1926014d17486901c88eca2db7 qwavedrv.sys
Microsoft Corporation

147d7f9c556d259924351feb0de606c3 rasacd.sys
Microsoft Corporation

a214adbaf4cb47dd2728859ef31f26b0 rasl2tp.sys
Microsoft Corporation

509a98dd18af4375e1fc40bc175f1def raspppoe.sys
Microsoft Corporation

ecfffaec0c1ecd8dbc77f39070ea1db1 raspptp.sys
Microsoft Corporation

2005f4a1e05fa09389ac85840f0a9e4d rassstp.sys
Microsoft Corporation

b14c9d5b9add2f84f70570bbbfaa7935 rdbss.sys
Microsoft Corporation

89e59be9a564262a3fb6c4f4f1cd9899 RDPCDD.sys
Microsoft Corporation

e8bd98d46f2ed77132ba927fccb47d8b rdpdr.sys
Microsoft Corporation

9d91fe5286f748862ecffa05f8a0710c RDPENCDD.sys
Microsoft Corporation

c127ebd5afab31524662c48dfceb773a rdpwd.sys
Microsoft Corporation

eec7ee5675294b03e88aa868540007c1 rmcast.sys
Microsoft Corporation

d9225d107e40d0fa5c5069446759c8e9 RNDISMP.sys
Microsoft Corporation

75e8a6bfa7374aba833ae92bf41ae4e6 rootmdm.sys
Microsoft Corporation

9c508f4074a39e8b4b31d27198146fad rspndr.sys
Microsoft Corporation

84ed2154239f9d013bbd3220755ada8b RTKVHDA.sys
Realtek Semiconductor

3ce8f073a557e172b330109436984e30 sbp2port.sys
Microsoft Corporation

6f5ca34ae885645acf8a20d564db976c scsiport.sys
Microsoft Corporation

90a3935d05b494a5a39d37e71f09a677 secdrv.sys
Macrovision Corporation

68e44e331d46f0fb38f0863a84cd1a31 serenum.sys
Microsoft Corporation

c70d69a918b178d3c3b06339b40c2e1b serial.sys
Microsoft Corporation

8af3d28a879bf75db53a0ee7a4289624 sermouse.sys
Microsoft Corporation

103b79418da647736ee95645f305f68a sffdisk.sys
Microsoft Corporation

8fd08a310645fe872eeec6e08c6bf3ee sffp_mmc.sys
Microsoft Corporation

9cfa05fcfcb7124e69cfc812b72f9614 sffp_sd.sys
Microsoft Corporation

46ed8e91793b2e6f848015445a0ac188 sfloppy.sys
Microsoft Corporation

d2a595d6eebeeaf4334f8e50efbc9931 SISAGP.SYS
Microsoft Corporation

cedd6f4e7d84e9f98b34b3fe988373aa sisraid2.sys
Silicon Integrated Systems

df843c528c4f69d12ce41ce462e973a7 sisraid4.sys
Silicon Integrated Systems

7b75299a4d201d6a6533603d6914ab04 smb.sys
Microsoft Corporation

a7d7ea1771d2ed6f39a8063e79b6c3e8 smclib.sys
Microsoft Corporation

ff35c2d01ac36b446a1b997f305f0fc2 Soluto.sys
?aStringFileInfob*vAuthorSolutoR&DbCompanyNameSolutoLTD.`FileDescriptionSolutoPCGenomeCoreDriver:rFileVersion...vInternalNameSoluto.sys^LegalCopyrightCopyrightSolutoLTD.aOriginalFilenameSoluto@ProductNameSolutoPCGenome>rProductVersion...DWebsitehttp://www.soluto.comDVarFileInfo$Translation

7aebdeef071fe28b0eef2cdd69102bff spldr.sys
Microsoft Corporation

a7f8bad9590addc425b4003e94780dfa spsys.sys
Microsoft Corporation

ff33aff99564b1aa534f58868cbe41ef srv2.sys
Microsoft Corporation

7605c0e1d01a08f3ecd743f38b834a44 srvnet.sys
Microsoft Corporation

41987f9fc0e61adf54f581e15029ad91 srv.sys
Microsoft Corporation

47e55afe1ed1d5aff09690db226f4a7a Storport.sys
Microsoft Corporation

70a92e46a2f459cdede3ca558cb26b6a stream.sys
Microsoft Corporation

7ba58ecf0c0a9a69d44b3dca62becf56 swenum.sys
Microsoft Corporation

192aa3ac01df071b541094f251deed10 symc8xx.sys
LSI Logic

8c8eb8c76736ebaf3b13b633b2e64125 sym_hi.sys
LSI Logic

8072af52b5fd103bbba387a1e49f62cb sym_u3.sys
LSI Logic

1239fd18895040d97b7cdbc19bc2075e tape.sys
Microsoft Corporation

2c2d4cff5e09c73908f9b5af49a51365 tcpipreg.sys
Microsoft Corporation

ee7e10bed85c312c1d5d30c435bdda9f tcpip.sys
Microsoft Corporation

77937eff009ac696b90e09f671f9d0a4 tdi.sys
Microsoft Corporation

5dcf5e267be67a1ae926f2df77fbcc56 tdpipe.sys
Microsoft Corporation

389c63e32b3cefed425b61ed92d3f021 tdtcp.sys
Microsoft Corporation

76b06eb8a01fc8624d699e7045303e54 tdx.sys
Microsoft Corporation

3cad38910468eab9a6479e2f01db43c7 termdd.sys
Microsoft Corporation

dcf0f056a2e4f52287264f5ab29cf206 tssecsrv.sys
Microsoft Corporation

caecc0120ac49e3d2f758b9169872d38 TUNMP.SYS
Microsoft Corporation

300db877ac094feab0be7688c3454a9c tunnel.sys
Microsoft Corporation

8d05125fe197ce6e2440e82e433da4cc U6000ALL.sys
?StringFileInfobCommentsCompanyNameJFileDescriptionVideoUSBDriver<FileVersion,,,nInternalNameU.sysLLegalCopyrightCopyright©(LegalTrademarks<nOriginalFilenameU.sysPrivateBuild:rProductNameUUSBTV@ProductVersion,,,<SpecialBuild,,,DVarFileInfo$Translationt*

c3ade15414120033a36c0f293d4a4121 UAGP35.SYS
Microsoft Corporation

d9728af68c4c7693cb100b8441cbdec6 udfs.sys
Microsoft Corporation

75e6890ebfce0841d3291b02e7a8bdb0 ULIAGPKX.SYS
Microsoft Corporation

3cd4ea35a6221b85dcc25daa46313f8d uliahci.sys
ULi Electronics

38c3c6e62b157a6bc46594fada45c62b ulsata2.sys
Promise Technology

8514d0e5cd0534467c5fc61be94a569f ulsata.sys
Promise Technology

32cff9f809ae9aed85464492bf3e32d2 umbus.sys
Microsoft Corporation

88bd96a1baeed33ee8bdf9499c07a841 umpass.sys
Microsoft Corporation

830d5d8456b822c1247c1e59b4c464fa usb8023.sys
Microsoft Corporation

eae017d3aa298374a1967b96c379c5ab USBCAMD2.sys
Microsoft Corporation

d06f193f3e9cc3b356df97f6a43c054a USBCAMD.sys
Microsoft Corporation

8bd3ae150d97ba4e633c6c5c51b41ae1 usbccgp.sys
Microsoft Corporation

e9476e6c486e76bc4898074768fb7131 usbcir.sys
Microsoft Corporation

790fdac6d0c762df9047c3c625a6ff6c usbd.sys
Microsoft Corporation

79e96c23a97ce7b8f14d310da2db0c9b usbehci.sys
Microsoft Corporation

4673bbcb006af60e7abddbe7a130ba42 usbhub.sys
Microsoft Corporation

ce697fee0d479290d89bec80dfe793b7 usbohci.sys
Microsoft Corporation

a1c100a87d981ad0774fbc0b4b82e913 usbport.sys
Microsoft Corporation

e75c4b5269091d15a2e7dc0b6d35f2f5 usbprint.sys
Microsoft Corporation

a508c9bd8724980512136b039bba65e9 usbscan.sys
Microsoft Corporation

be3da31c191bc222d9ad503c5224f2ad USBSTOR.SYS
Microsoft Corporation

325dbbacb8a36af9988ccf40eac228cc usbuhci.sys
Microsoft Corporation

7d92be0028ecdedec74617009084b5ef vgapnp.sys
Microsoft Corporation

2e93ac0a1d8c79d019db6c51f036636c vga.sys
Microsoft Corporation

045d9961e591cf0674a920b6ba3ba5cb VIAAGP.SYS
Microsoft Corporation

56a4de5f02f2e88182b0981119b4dd98 viac7.sys
Microsoft Corporation

fd2e3175fcada350c7ab4521dca187ec viaide.sys
VIA Technologies

c048d2c33d27441a0cdcaae2651eb03d videoprt.sys
Microsoft Corporation

69503668ac66c77c6cd7af86fbdf8c43 volmgr.sys
Microsoft Corporation

23e41b834759917bfd6b9a0d625d0c28 volmgrx.sys
Microsoft Corporation

147281c01fcb1df9252de2a10d5e7093 volsnap.sys
Microsoft Corporation

d984439746d42b30fc65a4c3546c6829 vsmraid.sys
VIA Technologies

c466021d31ff6c0a6069d12299d80c0b VSTBS23.SYS
Conexant

5c7bdcf5864db00323fe2d90fa26a8a2 VSTCNXT3.SYS
Conexant

ec36f1d542ed4252390d446bf6d4dfd0 VSTDPV3.SYS
Conexant

48dfee8f1af7c8235d4e626f0c4fe031 wacompen.sys
Microsoft Corporation

55201897378cca7af8b5efd874374a26 wanarp.sys
Microsoft Corporation

4a5c31e2c1646034e6a60eba4c747ff6 watchdog.sys
Microsoft Corporation

b6f0a7ad6d4bd325fbcd8bac96cd8d96 Wdf01000.sys
Microsoft Corporation

b4fc6dd9167b058e6dbe6cb14acfa2cb WdfLdr.sys
Microsoft Corporation

afc5ad65b991c1e205cf25cfdbf7a6f4 wd.sys
Microsoft Corporation

676f4b665bdd8053eaa53ac1695b8074 winusb.sys
Microsoft Corporation

701a9f884a294327e9141d73746ee279 wmiacpi.sys
Microsoft Corporation

c546864eed786304762d030febf6b411 wmilib.sys
Microsoft Corporation

de9d36f91a4df3d911626643debf11ea WpdUsb.sys
Microsoft Corporation

e3a3cb253c0ec2494d4a61f5e43a389c ws2ifsl.sys
Microsoft Corporation

13b5f255e90624a5ba0441d39cfb6be2 WUDFPf.sys
Microsoft Corporation

ac13cb789d93412106b0fb6c7eb2bcb6 WUDFRd.sys
Microsoft Corporation

dab33cfa9dd24251aaa389ff36b64d4b XAudio.sys
Conexant

NETX_guy

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 18 July 2012 - 09:54 PM

  • Boot the computer with the USB drive again.
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    services.exe

  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt

Please note - all text entries are case sensitive

Copy and paste the filefind.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 NETX_guy

NETX_guy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 18 July 2012 - 10:14 PM

Here is the filefind.txt

Search results for services.exe

c5488ea6408ad0c3cc3e3cb876cbbed4 /mnt/sda1/Windows/System32/services.exe
273.0K Jul 18 03:27

329cf3c97ce4c19375c8abcabae258b0 /mnt/sda1/Windows/winsxs/x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036/services.exe
273.0K Nov 2 2006

2b336ab6286d6c81fa02cbab914e3c6c /mnt/sda1/Windows/winsxs/x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a/services.exe
272.5K Jan 19 2008

d4e6d91c1349b7bfb3599a6ada56851b /mnt/sda1/Windows/winsxs/x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56/services.exe
273.0K Apr 11 2009

fyi Esc brings up the boot menu on my computer and the USB drive showed up as sdf1

Thanks,
NETX_guy

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 18 July 2012 - 10:34 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows/winsxs/x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036/services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680}
C:\Users\Bill\AppData\Local\{19c69135-838a-198a-8710-d73f101cf680}



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 NETX_guy

NETX_guy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 18 July 2012 - 11:00 PM

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-18 22:57:49 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows/winsxs/x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036/services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{19c69135-838a-198a-8710-d73f101cf680} moved successfully.
C:\Users\Bill\AppData\Local\{19c69135-838a-198a-8710-d73f101cf680} moved successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 18 July 2012 - 11:24 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NETX_guy

NETX_guy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 19 July 2012 - 07:51 AM

Good morning and thanks for your continued help.

I started Combofix last night and let it run overnight (about 8 hours).
It seems to be stuck on step 4.

The good news is it no longer shuts down and reboots.

Thanks,
NETX_guy

#14 NETX_guy

NETX_guy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 19 July 2012 - 05:23 PM

I rebooted the computer and started Combofix again and let it run awhile.
It says Completed Stage_3 and goes no further.

NETX_guy

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 19 July 2012 - 05:32 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users