Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Critical Error Restart Loop


  • This topic is locked This topic is locked
15 replies to this topic

#1 jserrata2010

jserrata2010

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 19 July 2012 - 01:04 PM

Hi, I seen some post with similar issues but some of their solutions hasn't work for me. Recently my desktop started getting an error stating: "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."

I tried running safe mode and disconnecting it from the internet, but the errors keeps popping up causing the PC to restart before I could even back up any of my files.

I tried booting an mssstool32 from a disk but when it discovers a virus and tries to cleanse it, it says an error has occurred and stops.

For now my PC just stays off cause if tried turning it on it'll just go through an infinite error-restart loop until I pull the plug. I really don't want to reinstall windows and lose my files so any help would be appreciated.

Edited by hamluis, 19 July 2012 - 05:34 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:25 PM

Posted 19 July 2012 - 02:12 PM

System manufacturer and model?

Louis

#3 jserrata2010

jserrata2010
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 19 July 2012 - 02:52 PM

Dell, Inspiron 530S

I run Windows Vista SP2 32-bit, from what I observed the problem seems to start up when Microsoft Security Essentials starts up, when I login and begins scanning.

Edited by jserrata2010, 20 July 2012 - 01:10 PM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:25 PM

Posted 20 July 2012 - 01:40 PM

:welcome:

Lets give it a try. You will need a USB Flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 jserrata2010

jserrata2010
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 20 July 2012 - 10:41 PM

This what it said:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by Joel Serrata at 20-07-2012 23:36:40
Running from N:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-18 19:14 - 2012-07-19 06:13 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-18 10:51 - 2012-07-18 10:52 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-18 10:45 - 2012-07-18 10:45 - 10288512 ____A (Microsoft Corporation) C:\Users\Joel Serrata\Desktop\mseinstall.exe
2012-07-18 02:06 - 2012-07-18 02:06 - 00000000 ____D C:\Users\Joel Serrata\Downloads\MasterChef US S03E13 HDTV x264-LOL[ettv]
2012-07-18 02:06 - 2012-07-18 02:06 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Hells Kitchen US - 1013
2012-07-17 23:24 - 2012-07-17 23:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-17 07:01 - 2012-07-17 07:01 - 00000000 ____D C:\Users\Joel Serrata\Desktop\Summer Courses
2012-07-17 06:16 - 2012-07-17 06:16 - 00000000 ____D C:\Users\Joel Serrata\Downloads\MasterChef US S03E12 HDTV x264-LOL[ettv]
2012-07-17 06:15 - 2012-07-17 06:15 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Hells Kitchen US - 1012
2012-07-16 00:53 - 2012-07-16 00:53 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Nathan Archer concrete jungle
2012-07-16 00:53 - 2012-07-16 00:53 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Aliens vs Predator Books 1-3 Complete)
2012-07-16 00:52 - 2012-07-16 00:52 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Predator Gold
2012-07-16 00:51 - 2012-07-16 00:51 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Allison Brennan
2012-07-15 23:31 - 2012-07-15 23:31 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Breaking Bad S05E01 Live Free or Die HDTV x264-FQM[ettv]
2012-07-15 23:31 - 2012-07-15 23:31 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Breaking Bad
2012-07-15 21:55 - 2012-07-15 21:55 - 00000000 ____D C:\Users\Joel Serrata\Downloads\30 Minutes or Less
2012-07-15 11:33 - 2012-07-15 11:33 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Daily Show + The Colbert Report 2012.05.29 - 2012.05.31 [SoS]
2012-07-14 13:43 - 2012-07-14 13:43 - 00181679 ____A C:\Users\Joel Serrata\Desktop\SCHOOL-DAYS-HQ-Walkthrough-by-҂̊-Translated-By--Arekushisu.mht
2012-07-14 13:01 - 2012-07-14 13:01 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Inexplicable Universe?Unsolved Mysteries (Dr. Neil DeGrasse Tyson)
2012-07-14 13:01 - 2012-07-14 13:01 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Greater Good
2012-07-14 11:43 - 2012-07-14 11:43 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Ghost.Adventures.S06E08.Hellfire.Caves.480p.HDTV.x264-mSD
2012-07-14 06:10 - 2012-07-14 06:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Walking Dead 100 (2012) (Digital) (Zone-Empire)
2012-07-14 06:10 - 2012-07-14 06:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Walking Dead 099 (2012) (Digital) (Zone-Empire)
2012-07-14 06:10 - 2012-07-14 06:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Walking Dead 098 (2012) (1440px) (Minutemen-HALO_305)
2012-07-14 04:27 - 2012-07-14 04:27 - 00000000 ____D C:\Users\Joel Serrata\Downloads\WOW306
2012-07-13 23:00 - 2012-07-13 23:00 - 00000000 ____D C:\Users\Joel Serrata\Downloads\swampp322
2012-07-13 23:00 - 2012-07-13 23:00 - 00000000 ____D C:\Users\Joel Serrata\Downloads\e60
2012-07-12 23:09 - 2012-07-12 23:09 - 00000000 ____D C:\Users\Joel Serrata\Downloads\BBC Panorama Britain On The Brink 2012
2012-07-12 23:08 - 2012-07-12 23:08 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Pricele$$ (2012)
2012-07-11 23:24 - 2012-07-11 23:24 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Futurama S07E05 HDTV x264-2HD[ettv]
2012-07-11 11:06 - 2012-06-13 09:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 11:02 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 11:02 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 11:02 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 11:02 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 11:02 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 11:02 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 11:02 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 11:02 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 11:02 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 11:02 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 11:02 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 11:02 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 11:02 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 11:02 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 08:28 - 2012-07-11 08:28 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Tosh.0.S04E17.720p.HDTV.x264-LMAO
2012-07-11 08:28 - 2012-07-11 08:28 - 00000000 ____D C:\Users\Joel Serrata\Downloads\storagewars309
2012-07-11 08:27 - 2012-07-11 08:27 - 00000000 ____D C:\Users\Joel Serrata\Downloads\PBS.Need to Know.2012.07.06.Tax Reform.480p.HDTV.x264-KarMa
2012-07-11 07:54 - 2012-06-08 13:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 07:54 - 2012-06-05 12:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 07:54 - 2012-06-05 12:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 07:54 - 2012-06-04 11:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 07:54 - 2012-06-01 20:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 07:54 - 2012-06-01 20:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 14:33 - 2012-07-10 14:33 - 00000000 ____D C:\Users\Joel Serrata\Desktop\New Folder (3)
2012-07-10 12:10 - 2012-07-10 12:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Batman_-_Strange_Apparitions_TPB_(re-mix)(NEW_SCANS)(NS2010)
2012-07-10 12:09 - 2012-07-10 17:05 - 00000000 ____D C:\Users\Joel Serrata\Desktop\EBooks
2012-07-10 09:05 - 2012-07-10 09:05 - 00000000 ____D C:\Users\Joel Serrata\Downloads\PawnS4102-103
2012-07-10 09:05 - 2012-07-10 09:05 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Hells1011
2012-07-10 01:12 - 2012-07-10 12:09 - 00000000 ____D C:\Users\Joel Serrata\Downloads\178 Tower of Babel
2012-07-10 00:45 - 2012-07-10 12:18 - 00000000 ____D C:\Users\Joel Serrata\Downloads\University Physics 12e Young
2012-07-10 00:45 - 2012-07-10 00:45 - 00000000 ____D C:\Users\Joel Serrata\Downloads\University Physics with Modern Physics 12e with Solutions
2012-07-10 00:43 - 2012-07-10 00:43 - 00000000 ____D C:\Users\Joel Serrata\Downloads\University Physics with Modern Physics - 13th Edition - Young & Freedman
2012-07-09 23:43 - 2012-07-09 23:43 - 00001659 ____A C:\Users\Public\Desktop\SCHOOLDAYS HQ.lnk
2012-07-09 22:46 - 2012-07-09 22:46 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-09 22:46 - 2012-07-09 22:46 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-09 22:46 - 2012-07-09 22:46 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-09 22:46 - 2012-07-09 22:46 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-09 16:49 - 2012-07-10 11:58 - 00000000 ____D C:\Users\Joel Serrata\Downloads\VA - Scarface OST - 1983 [FLAC]
2012-07-06 09:04 - 2012-07-06 09:04 - 00001570 ____A C:\Users\UpdatusUser\Desktop\MagicISO.lnk
2012-07-06 09:04 - 2012-07-06 09:04 - 00001570 ____A C:\Users\Joel Serrata\Desktop\MagicISO.lnk
2012-07-04 20:51 - 2012-07-04 20:51 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Diaz, Junot - The Brief Wondrous Life Of Oscar Wao
2012-07-04 20:50 - 2012-07-04 20:51 - 00189602 ____A C:\Users\Joel Serrata\Desktop\Drown.mobi
2012-07-04 20:00 - 2012-07-04 20:00 - 00000000 ____D C:\Users\Joel Serrata\Documents\Electronic Arts
2012-07-04 18:36 - 2012-07-04 18:36 - 00000000 ____D C:\Program Files\Electronic Arts
2012-07-04 12:34 - 2012-07-09 16:21 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Genki Sudo World Order
2012-07-02 11:05 - 2012-07-02 11:28 - 677877826 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_2_beginners_training_barrao.avi
2012-07-02 11:05 - 2012-07-02 11:19 - 387381248 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_1_fundamentals_barrao.avi
2012-07-02 11:03 - 2012-07-02 12:06 - 687869054 ____A C:\Users\Joel Serrata\Downloads\Senzala - Capoeira 100% Spectaculaire.avi
2012-07-01 12:57 - 2012-07-01 12:57 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Capoeira Do Brasil
2012-07-01 09:27 - 2012-07-01 09:28 - 32091132 ____A C:\Users\Joel Serrata\Desktop\Cognitive-Behavioral Treatment of Borderline Personality Disorder.mobi
2012-06-30 10:54 - 2012-07-01 09:24 - 00000000 ____D C:\Program Files\Kindle Auto eBook Converter
2012-06-24 23:40 - 2012-06-24 23:40 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Deadpool (1991-)
2012-06-24 23:17 - 2012-07-10 12:15 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Cognitive-Behavioral Treatment of Borderline Personality Disorder
2012-06-24 21:48 - 2012-06-27 00:32 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Kick-Ass Volumes 1&2
2012-06-24 21:39 - 2012-06-24 21:40 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Best and or Most Important Comic Books Ever Published (ish)
2012-06-24 21:39 - 2012-06-24 21:39 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Trade PaperBacks
2012-06-23 20:05 - 2012-06-23 20:05 - 00000000 ____D C:\Users\Joel Serrata\AppData\Local\Macromedia
2012-06-21 08:08 - 2012-06-02 18:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 08:08 - 2012-06-02 18:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 08:08 - 2012-06-02 18:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 08:08 - 2012-06-02 18:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 08:08 - 2012-06-02 18:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 08:08 - 2012-06-02 18:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 08:08 - 2012-06-02 18:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 08:08 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 08:08 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


============ 3 Months Modified Files ========================

2012-07-20 23:27 - 2012-01-12 22:45 - 00000338 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2012-07-20 23:27 - 2012-01-12 22:38 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job
2012-07-20 23:27 - 2010-08-01 23:19 - 00000306 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2012-07-20 23:27 - 2010-06-23 08:11 - 00000314 ___AH C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
2012-07-20 23:27 - 2010-06-23 08:11 - 00000306 ___AH C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
2012-07-20 23:26 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-19 13:41 - 2006-11-02 08:47 - 00003792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 13:41 - 2006-11-02 08:47 - 00003792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-19 13:40 - 2006-11-02 08:47 - 00024576 _____ C:\Windows\System32\umstartup.etl
2012-07-19 13:27 - 2009-09-13 19:58 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-19 13:16 - 2006-11-02 09:01 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-19 13:04 - 2012-04-05 12:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 12:22 - 2011-02-25 07:50 - 00002244 ____A C:\Windows\epplauncher.mif
2012-07-18 12:03 - 2006-11-02 08:52 - 02061020 ____A C:\Windows\WindowsUpdate.log
2012-07-18 10:51 - 2006-11-02 06:33 - 00783184 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 10:45 - 2012-07-18 10:45 - 10288512 ____A (Microsoft Corporation) C:\Users\Joel Serrata\Desktop\mseinstall.exe
2012-07-17 23:21 - 2012-04-05 12:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-17 23:21 - 2011-05-18 09:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-15 11:26 - 2009-05-24 19:51 - 00151040 ____A C:\Users\Joel Serrata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-14 13:43 - 2012-07-14 13:43 - 00181679 ____A C:\Users\Joel Serrata\Desktop\SCHOOL-DAYS-HQ-Walkthrough-by-҂̊-Translated-By--Arekushisu.mht
2012-07-11 15:36 - 2006-11-02 08:47 - 01747264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 11:05 - 2006-11-02 06:23 - 00000331 ____A C:\Windows\win.ini
2012-07-11 11:02 - 2006-11-02 06:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-10 12:14 - 2011-08-25 01:29 - 00000803 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-09 23:43 - 2012-07-09 23:43 - 00001659 ____A C:\Users\Public\Desktop\SCHOOLDAYS HQ.lnk
2012-07-09 22:56 - 2009-05-24 17:23 - 00002032 ____A C:\Users\Joel Serrata\AppData\Local\d3d9caps.dat
2012-07-09 22:47 - 2011-07-17 10:22 - 00004655 ____A C:\Windows\IE9_main.log
2012-07-09 22:46 - 2012-07-09 22:46 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-09 22:46 - 2012-07-09 22:46 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-09 22:46 - 2012-07-09 22:46 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-09 22:46 - 2012-07-09 22:46 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-09 22:46 - 2012-07-09 22:46 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-09 22:46 - 2012-07-09 22:46 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-09 22:46 - 2006-11-02 02:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-07-09 22:46 - 2006-11-02 02:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-07-08 21:33 - 2011-04-26 15:05 - 00000280 ____A C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2012-07-08 08:38 - 2009-05-24 17:23 - 00115576 ____A C:\Users\Joel Serrata\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-06 09:04 - 2012-07-06 09:04 - 00001570 ____A C:\Users\UpdatusUser\Desktop\MagicISO.lnk
2012-07-06 09:04 - 2012-07-06 09:04 - 00001570 ____A C:\Users\Joel Serrata\Desktop\MagicISO.lnk
2012-07-04 20:51 - 2012-07-04 20:50 - 00189602 ____A C:\Users\Joel Serrata\Desktop\Drown.mobi
2012-07-04 20:38 - 2012-02-22 23:58 - 03696949 ____A C:\Users\Joel Serrata\Desktop\pinky and the brain the brain.mp4
2012-07-03 12:30 - 2009-05-26 22:03 - 00302074 ____A C:\Windows\PFRO.log
2012-07-02 12:06 - 2012-07-02 11:03 - 687869054 ____A C:\Users\Joel Serrata\Downloads\Senzala - Capoeira 100% Spectaculaire.avi
2012-07-02 11:28 - 2012-07-02 11:05 - 677877826 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_2_beginners_training_barrao.avi
2012-07-02 11:19 - 2012-07-02 11:05 - 387381248 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_1_fundamentals_barrao.avi
2012-07-01 09:28 - 2012-07-01 09:27 - 32091132 ____A C:\Users\Joel Serrata\Desktop\Cognitive-Behavioral Treatment of Borderline Personality Disorder.mobi
2012-06-16 08:58 - 2012-06-16 08:58 - 00011204 ____A C:\Users\Joel Serrata\Desktop\Neuroscience.rar
2012-06-13 09:40 - 2012-07-11 11:06 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 17:29 - 2012-05-18 23:08 - 00000736 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-06-08 13:47 - 2012-07-11 07:54 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 12:47 - 2012-07-11 07:54 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 12:47 - 2012-07-11 07:54 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 11:26 - 2012-07-11 07:54 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 18:19 - 2012-06-21 08:08 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-21 08:08 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 18:19 - 2012-06-21 08:08 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-21 08:08 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:19 - 2012-06-21 08:08 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 18:12 - 2012-06-21 08:08 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 18:12 - 2012-06-21 08:08 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 08:08 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:12 - 2012-06-21 08:08 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 05:07 - 2012-07-11 11:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:43 - 2012-07-11 11:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:33 - 2012-07-11 11:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:26 - 2012-07-11 11:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:25 - 2012-07-11 11:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:25 - 2012-07-11 11:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:23 - 2012-07-11 11:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:21 - 2012-07-11 11:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:20 - 2012-07-11 11:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:19 - 2012-07-11 11:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 04:19 - 2012-07-11 11:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 04:17 - 2012-07-11 11:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 04:16 - 2012-07-11 11:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 04:14 - 2012-07-11 11:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:04 - 2012-07-11 07:54 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:03 - 2012-07-11 07:54 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-25 22:15 - 2012-05-25 22:15 - 00000874 ____A C:\Users\Joel Serrata\Desktop\Katawa Shoujo.lnk
2012-05-24 22:03 - 2012-05-24 22:03 - 00000864 ____A C:\Users\Joel Serrata\Desktop\President.lnk
2012-05-24 12:21 - 2012-03-15 10:20 - 00001428 ____A C:\Windows\setupact.log
2012-05-18 23:20 - 2012-05-18 23:12 - 50378595 ____A C:\Users\Joel Serrata\Desktop\youtube.com.Sad songs of Naruto Shippuden - YouTube.webm
2012-05-07 21:55 - 2012-05-07 21:55 - 00000847 ____A C:\Users\Joel Serrata\Desktop\ja2 - Shortcut.lnk
2012-05-01 10:03 - 2012-06-13 10:32 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-23 23:03 - 2012-04-23 23:03 - 00001665 ____A C:\Users\Public\Desktop\CHAOS;HEAD.lnk
2012-04-23 12:00 - 2012-06-13 10:32 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 12:00 - 2012-06-13 10:32 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 12:00 - 2012-06-13 10:32 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll


ZeroAccess:
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\@
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\L
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\n
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\U

ZeroAccess:
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}\@
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}\L
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}\U

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3069.45 MB
Available physical RAM: 2515.73 MB
Total Pagefile: 6041.72 MB
Available Pagefile: 5698.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.26 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:201.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:10 GB) (Free:8.42 GB) NTFS
8 Drive n: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
9 Drive o: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.


==========================================================

Last Boot: 2012-07-18 10:38

======================= End Of Log ==========================


#6 jserrata2010

jserrata2010
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 22 July 2012 - 10:35 AM

Sorry about that, I just noticed the mistake I did. My pc didn't have the recovery option so I had to construct a recovery disk and do it from there: This is the actual log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 22-07-2012 11:27:27
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKU\UpdatusUser\...\Run: [Sidebar] "%ProgramFiles%\Windows Sidebar\Sidebar.exe" /detectMem [1233920 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

================================ Services (Whitelisted) ==================

2 .1243210482SsTR; C:\ProgramData\Webroot\Joel Serrata462120.exe [343435 2009-06-01] ()
2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe [87968 2011-05-04] (Andrea Electronics Corporation)
2 Capture Device Service; "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe" [198168 2007-03-06] (InterVideo Inc.)
2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464 2011-08-03] (NVIDIA Corporation)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [379496 2011-08-02] (NVIDIA Corporation)
2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)
3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
3 DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2012-03-12] (Phoenix Technologies)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKsl412d4bfc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5F6E725-429A-45B8-BAAE-D2E19623409B}\MpKsl412d4bfc.sys [29904 2012-07-19] ()
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-06-23] (VSO Software)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-20] (Duplex Secure Ltd.)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [251904 2006-11-01] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2006-11-01] (Conexant Systems, Inc.)
3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2007-06-08] (Jungo)
3 wrssweep; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [21832 2007-11-26] (Webroot Software Inc (www.webroot.com))
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 OMCI; [x]
2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 15:14 - 2012-07-19 02:13 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-07-18 06:51 - 2012-07-18 06:52 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-18 06:45 - 2012-07-18 06:45 - 10288512 ____A (Microsoft Corporation) C:\Users\Joel Serrata\Desktop\mseinstall.exe
2012-07-17 22:06 - 2012-07-17 22:06 - 00000000 ____D C:\Users\Joel Serrata\Downloads\MasterChef US S03E13 HDTV x264-LOL[ettv]
2012-07-17 22:06 - 2012-07-17 22:06 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Hells Kitchen US - 1013
2012-07-17 19:24 - 2012-07-17 19:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-17 03:01 - 2012-07-17 03:01 - 00000000 ____D C:\Users\Joel Serrata\Desktop\Summer Courses
2012-07-17 02:16 - 2012-07-17 02:16 - 00000000 ____D C:\Users\Joel Serrata\Downloads\MasterChef US S03E12 HDTV x264-LOL[ettv]
2012-07-17 02:15 - 2012-07-17 02:15 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Hells Kitchen US - 1012
2012-07-15 20:53 - 2012-07-15 20:53 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Nathan Archer concrete jungle
2012-07-15 20:53 - 2012-07-15 20:53 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Aliens vs Predator Books 1-3 Complete)
2012-07-15 20:52 - 2012-07-15 20:52 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Predator Gold
2012-07-15 20:51 - 2012-07-15 20:51 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Allison Brennan
2012-07-15 19:31 - 2012-07-15 19:31 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Breaking Bad S05E01 Live Free or Die HDTV x264-FQM[ettv]
2012-07-15 19:31 - 2012-07-15 19:31 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Breaking Bad
2012-07-15 17:55 - 2012-07-15 17:55 - 00000000 ____D C:\Users\Joel Serrata\Downloads\30 Minutes or Less
2012-07-15 07:33 - 2012-07-15 07:33 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Daily Show + The Colbert Report 2012.05.29 - 2012.05.31 [SoS]
2012-07-14 09:43 - 2012-07-14 09:43 - 00181679 ____A C:\Users\Joel Serrata\Desktop\SCHOOL-DAYS-HQ-Walkthrough-by-????-Translated-By--Arekushisu.mht
2012-07-14 09:01 - 2012-07-14 09:01 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Inexplicable UniverseUnsolved Mysteries (Dr. Neil DeGrasse Tyson)
2012-07-14 09:01 - 2012-07-14 09:01 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Greater Good
2012-07-14 07:43 - 2012-07-14 07:43 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Ghost.Adventures.S06E08.Hellfire.Caves.480p.HDTV.x264-mSD
2012-07-14 02:10 - 2012-07-14 02:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Walking Dead 100 (2012) (Digital) (Zone-Empire)
2012-07-14 02:10 - 2012-07-14 02:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Walking Dead 099 (2012) (Digital) (Zone-Empire)
2012-07-14 02:10 - 2012-07-14 02:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Walking Dead 098 (2012) (1440px) (Minutemen-HALO_305)
2012-07-14 00:27 - 2012-07-14 00:27 - 00000000 ____D C:\Users\Joel Serrata\Downloads\WOW306
2012-07-13 19:00 - 2012-07-13 19:00 - 00000000 ____D C:\Users\Joel Serrata\Downloads\swampp322
2012-07-13 19:00 - 2012-07-13 19:00 - 00000000 ____D C:\Users\Joel Serrata\Downloads\e60
2012-07-12 19:09 - 2012-07-12 19:09 - 00000000 ____D C:\Users\Joel Serrata\Downloads\BBC Panorama Britain On The Brink 2012
2012-07-12 19:08 - 2012-07-12 19:08 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Pricele$$ (2012)
2012-07-11 19:24 - 2012-07-11 19:24 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Futurama S07E05 HDTV x264-2HD[ettv]
2012-07-11 07:06 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 07:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 07:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 07:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 07:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 07:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 07:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 07:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 07:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 07:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 07:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 07:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 07:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 07:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 07:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 04:28 - 2012-07-11 04:28 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Tosh.0.S04E17.720p.HDTV.x264-LMAO
2012-07-11 04:28 - 2012-07-11 04:28 - 00000000 ____D C:\Users\Joel Serrata\Downloads\storagewars309
2012-07-11 04:27 - 2012-07-11 04:27 - 00000000 ____D C:\Users\Joel Serrata\Downloads\PBS.Need to Know.2012.07.06.Tax Reform.480p.HDTV.x264-KarMa
2012-07-11 03:54 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:54 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:54 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:54 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:54 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:54 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 10:33 - 2012-07-10 10:33 - 00000000 ____D C:\Users\Joel Serrata\Desktop\New Folder (3)
2012-07-10 08:10 - 2012-07-10 08:10 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Batman_-_Strange_Apparitions_TPB_(re-mix)(NEW_SCANS)(NS2010)
2012-07-10 08:09 - 2012-07-10 13:05 - 00000000 ____D C:\Users\Joel Serrata\Desktop\EBooks
2012-07-10 05:05 - 2012-07-10 05:05 - 00000000 ____D C:\Users\Joel Serrata\Downloads\PawnS4102-103
2012-07-10 05:05 - 2012-07-10 05:05 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Hells1011
2012-07-09 21:12 - 2012-07-10 08:09 - 00000000 ____D C:\Users\Joel Serrata\Downloads\178 Tower of Babel
2012-07-09 20:45 - 2012-07-10 08:18 - 00000000 ____D C:\Users\Joel Serrata\Downloads\University Physics 12e Young
2012-07-09 20:45 - 2012-07-09 20:45 - 00000000 ____D C:\Users\Joel Serrata\Downloads\University Physics with Modern Physics 12e with Solutions
2012-07-09 20:43 - 2012-07-09 20:43 - 00000000 ____D C:\Users\Joel Serrata\Downloads\University Physics with Modern Physics - 13th Edition - Young & Freedman
2012-07-09 19:43 - 2012-07-09 19:43 - 00001659 ____A C:\Users\Public\Desktop\SCHOOLDAYS HQ.lnk
2012-07-09 18:46 - 2012-07-09 18:46 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-09 18:46 - 2012-07-09 18:46 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-09 18:46 - 2012-07-09 18:46 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-09 18:46 - 2012-07-09 18:46 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-09 12:49 - 2012-07-10 07:58 - 00000000 ____D C:\Users\Joel Serrata\Downloads\VA - Scarface OST - 1983 [FLAC]
2012-07-06 05:04 - 2012-07-06 05:04 - 00001570 ____A C:\Users\UpdatusUser\Desktop\MagicISO.lnk
2012-07-06 05:04 - 2012-07-06 05:04 - 00001570 ____A C:\Users\Joel Serrata\Desktop\MagicISO.lnk
2012-07-04 16:51 - 2012-07-04 16:51 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Diaz, Junot - The Brief Wondrous Life Of Oscar Wao
2012-07-04 16:50 - 2012-07-04 16:51 - 00189602 ____A C:\Users\Joel Serrata\Desktop\Drown.mobi
2012-07-04 16:00 - 2012-07-04 16:00 - 00000000 ____D C:\Users\Joel Serrata\Documents\Electronic Arts
2012-07-04 14:36 - 2012-07-04 14:36 - 00000000 ____D C:\Program Files\Electronic Arts
2012-07-04 08:34 - 2012-07-09 12:21 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Genki Sudo World Order
2012-07-02 07:05 - 2012-07-02 07:28 - 677877826 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_2_beginners_training_barrao.avi
2012-07-02 07:05 - 2012-07-02 07:19 - 387381248 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_1_fundamentals_barrao.avi
2012-07-02 07:03 - 2012-07-02 08:06 - 687869054 ____A C:\Users\Joel Serrata\Downloads\Senzala - Capoeira 100% Spectaculaire.avi
2012-07-01 08:57 - 2012-07-01 08:57 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Capoeira Do Brasil
2012-07-01 05:27 - 2012-07-01 05:28 - 32091132 ____A C:\Users\Joel Serrata\Desktop\Cognitive-Behavioral Treatment of Borderline Personality Disorder.mobi
2012-06-30 06:54 - 2012-07-01 05:24 - 00000000 ____D C:\Program Files\Kindle Auto eBook Converter
2012-06-24 19:40 - 2012-06-24 19:40 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Deadpool (1991-)
2012-06-24 19:17 - 2012-07-10 08:15 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Cognitive-Behavioral Treatment of Borderline Personality Disorder
2012-06-24 17:48 - 2012-06-26 20:32 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Kick-Ass Volumes 1&2
2012-06-24 17:39 - 2012-06-24 17:40 - 00000000 ____D C:\Users\Joel Serrata\Downloads\The Best and or Most Important Comic Books Ever Published (ish)
2012-06-24 17:39 - 2012-06-24 17:39 - 00000000 ____D C:\Users\Joel Serrata\Downloads\Trade PaperBacks
2012-06-23 16:05 - 2012-06-23 16:05 - 00000000 ____D C:\Users\Joel Serrata\AppData\Local\Macromedia


============ 3 Months Modified Files ========================

2012-07-22 07:16 - 2012-01-12 18:45 - 00000338 ____A C:\Windows\Tasks\SpeedUpMyPC.job
2012-07-22 07:16 - 2012-01-12 18:38 - 00000346 ____A C:\Windows\Tasks\RegistryBooster.job
2012-07-22 07:16 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-22 07:16 - 2006-11-02 04:47 - 00003792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 07:16 - 2006-11-02 04:47 - 00003792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-20 19:37 - 2009-09-13 15:58 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-20 19:27 - 2010-08-01 19:19 - 00000306 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2012-07-20 19:27 - 2010-06-23 04:11 - 00000314 ___AH C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
2012-07-20 19:27 - 2010-06-23 04:11 - 00000306 ___AH C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
2012-07-19 09:40 - 2006-11-02 04:47 - 00024576 _____ C:\Windows\System32\umstartup.etl
2012-07-19 09:16 - 2006-11-02 05:01 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-19 09:04 - 2012-04-05 08:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 08:22 - 2011-02-25 03:50 - 00002244 ____A C:\Windows\epplauncher.mif
2012-07-18 08:03 - 2006-11-02 04:52 - 02061020 ____A C:\Windows\WindowsUpdate.log
2012-07-18 06:51 - 2006-11-02 02:33 - 00783184 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 06:45 - 2012-07-18 06:45 - 10288512 ____A (Microsoft Corporation) C:\Users\Joel Serrata\Desktop\mseinstall.exe
2012-07-17 19:21 - 2012-04-05 08:59 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-17 19:21 - 2011-05-18 05:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-15 07:26 - 2009-05-24 15:51 - 00151040 ____A C:\Users\Joel Serrata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-14 09:43 - 2012-07-14 09:43 - 00181679 ____A C:\Users\Joel Serrata\Desktop\SCHOOL-DAYS-HQ-Walkthrough-by-????-Translated-By--Arekushisu.mht
2012-07-11 11:36 - 2006-11-02 04:47 - 01747264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 07:05 - 2006-11-02 02:23 - 00000331 ____A C:\Windows\win.ini
2012-07-11 07:02 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-10 08:14 - 2011-08-24 21:29 - 00000803 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-09 19:43 - 2012-07-09 19:43 - 00001659 ____A C:\Users\Public\Desktop\SCHOOLDAYS HQ.lnk
2012-07-09 18:56 - 2009-05-24 13:23 - 00002032 ____A C:\Users\Joel Serrata\AppData\Local\d3d9caps.dat
2012-07-09 18:47 - 2011-07-17 06:22 - 00004655 ____A C:\Windows\IE9_main.log
2012-07-09 18:46 - 2012-07-09 18:46 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-09 18:46 - 2012-07-09 18:46 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-09 18:46 - 2012-07-09 18:46 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-09 18:46 - 2012-07-09 18:46 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-09 18:46 - 2012-07-09 18:46 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-09 18:46 - 2012-07-09 18:46 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-09 18:46 - 2006-11-01 22:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-07-09 18:46 - 2006-11-01 22:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-07-08 17:33 - 2011-04-26 11:05 - 00000280 ____A C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2012-07-08 04:38 - 2009-05-24 13:23 - 00115576 ____A C:\Users\Joel Serrata\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-06 05:04 - 2012-07-06 05:04 - 00001570 ____A C:\Users\UpdatusUser\Desktop\MagicISO.lnk
2012-07-06 05:04 - 2012-07-06 05:04 - 00001570 ____A C:\Users\Joel Serrata\Desktop\MagicISO.lnk
2012-07-04 16:51 - 2012-07-04 16:50 - 00189602 ____A C:\Users\Joel Serrata\Desktop\Drown.mobi
2012-07-04 16:38 - 2012-02-22 19:58 - 03696949 ____A C:\Users\Joel Serrata\Desktop\pinky and the brain the brain.mp4
2012-07-03 08:30 - 2009-05-26 18:03 - 00302074 ____A C:\Windows\PFRO.log
2012-07-02 08:06 - 2012-07-02 07:03 - 687869054 ____A C:\Users\Joel Serrata\Downloads\Senzala - Capoeira 100% Spectaculaire.avi
2012-07-02 07:28 - 2012-07-02 07:05 - 677877826 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_2_beginners_training_barrao.avi
2012-07-02 07:19 - 2012-07-02 07:05 - 387381248 ____A C:\Users\Joel Serrata\Downloads\axe_capoeira_1_fundamentals_barrao.avi
2012-07-01 05:28 - 2012-07-01 05:27 - 32091132 ____A C:\Users\Joel Serrata\Desktop\Cognitive-Behavioral Treatment of Borderline Personality Disorder.mobi
2012-06-16 04:58 - 2012-06-16 04:58 - 00011204 ____A C:\Users\Joel Serrata\Desktop\Neuroscience.rar
2012-06-13 05:40 - 2012-07-11 07:06 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 13:29 - 2012-05-18 19:08 - 00000736 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-06-08 09:47 - 2012-07-11 03:54 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-11 03:54 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-11 03:54 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-11 03:54 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-21 04:08 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 04:08 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 04:08 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 04:08 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 04:08 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 04:08 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 04:08 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 04:08 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-21 04:08 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 07:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 07:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 07:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 07:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 07:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 07:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 07:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 07:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 07:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 07:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 07:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 07:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 07:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 07:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-11 03:54 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-11 03:54 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-25 18:15 - 2012-05-25 18:15 - 00000874 ____A C:\Users\Joel Serrata\Desktop\Katawa Shoujo.lnk
2012-05-24 18:03 - 2012-05-24 18:03 - 00000864 ____A C:\Users\Joel Serrata\Desktop\President.lnk
2012-05-24 08:21 - 2012-03-15 06:20 - 00001428 ____A C:\Windows\setupact.log
2012-05-18 19:20 - 2012-05-18 19:12 - 50378595 ____A C:\Users\Joel Serrata\Desktop\youtube.com.Sad songs of Naruto Shippuden - YouTube.webm
2012-05-07 17:55 - 2012-05-07 17:55 - 00000847 ____A C:\Users\Joel Serrata\Desktop\ja2 - Shortcut.lnk
2012-05-01 06:03 - 2012-06-13 06:32 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


ZeroAccess:
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\@
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\L
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\n
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c}\U

ZeroAccess:
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}\@
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}\L
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3069.56 MB
Available physical RAM: 2620.9 MB
Total Pagefile: 2852.8 MB
Available Pagefile: 2695.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.35 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:201.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:10 GB) (Free:8.42 GB) NTFS
3 Drive e: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 981 KB
Disk 1 Online 1908 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 10 GB 48 MB
Partition 3 Primary 456 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 47 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 10 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C OS NTFS Partition 456 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 1908 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 06:38

======================= End Of Log ==========================


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:25 PM

Posted 22 July 2012 - 11:43 AM

Run FRST as you did before.

Type the following in the edit box after "Search:":

services.exe

Click Search button and wait a few minutes.

Post the log (Search.txt) it will produce in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 jserrata2010

jserrata2010
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 22 July 2012 - 12:23 PM

Farbar Recovery Scan Tool Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-22 13:14:11
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-13 15:58] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009-06-01 15:31] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-13 15:58] - [2012-07-20 19:37] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:25 PM

Posted 22 July 2012 - 12:54 PM

Download the enclosed file. [attachment=126964:fixlist.txt]

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it in your reply.

Attempt to boot in Normal mode. If successful run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 jserrata2010

jserrata2010
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 22 July 2012 - 01:54 PM

The Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-22 14:14:40 Run:1
Running from F:\

==============================================

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\SpeedUpMyPC.job moved successfully.
C:\Windows\Tasks\RegistryBooster.job moved successfully.
C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job moved successfully.
C:\Windows\Installer\{f365ab2a-ace2-207f-029e-974a7295fe0c} moved successfully.
C:\Users\Joel Serrata\AppData\Local\{f365ab2a-ace2-207f-029e-974a7295fe0c} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====


The Combo log:

ComboFix 12-07-21.01 - Joel Serrata 2/2012 Sun 14:21:59.1.2 - x86
Running from: c:\users\Joel Serrata\Desktop\New Folder\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joel Serrata\AppData\Roaming\AdobeDLM.log
c:\users\Joel Serrata\AppData\Roaming\BDL+D
c:\users\Joel Serrata\AppData\Roaming\BDL+D\MANGAGAMER.COM\B12AEB7E-B6E4-46CF-B5D6-B6B01AA4AC65\____.hld
c:\users\Joel Serrata\AppData\Roaming\BDL+D\MANGAGAMER.COM\B12AEB7E-B6E4-46CF-B5D6-B6B01AA4AC65\____.sys
c:\windows\IsUn0411.exe
c:\windows\system32\41.exe
c:\windows\system32\xa24183009.exe
c:\windows\system32\xa24183212.exe
c:\windows\system32\xa24310213.exe
c:\windows\system32\xa24310415.exe
c:\windows\system32\xa24334361.exe
c:\windows\system32\xa24334564.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 18:40 . 2012-07-22 18:44 -------- d-----w- c:\users\Joel Serrata\AppData\Local\temp
2012-07-22 18:40 . 2012-07-22 18:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-22 18:40 . 2012-07-22 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 17:34 . 2012-07-21 03:36 -------- d-----w- C:\FRST
2012-07-18 23:14 . 2012-07-19 10:13 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-18 14:54 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5A7134-489C-434F-ADF7-FE356B3EC367}\gapaengine.dll
2012-07-18 14:53 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5F6E725-429A-45B8-BAAE-D2E19623409B}\mpengine.dll
2012-07-18 14:51 . 2012-07-18 14:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-18 03:24 . 2012-07-18 03:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-11 15:06 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:54 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:54 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 11:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-06 12:53 . 2012-07-06 12:53 -------- d-----w- C:\Overflow
2012-07-04 22:36 . 2012-07-04 22:36 -------- d-----w- c:\program files\Electronic Arts
2012-06-30 14:54 . 2012-07-01 13:24 -------- d-----w- c:\program files\Kindle Auto eBook Converter
2012-06-24 00:05 . 2012-06-24 00:05 -------- d-----w- c:\users\Joel Serrata\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 03:21 . 2012-04-05 16:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 03:21 . 2011-05-18 13:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 12:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:08 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:08 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 12:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-13 14:32 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-20 02:32 . 2011-07-25 04:49 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Joel Serrata^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 00:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 00:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-11-01 20:35 67448 ----a-w- c:\progra~1\Uniblue\PowerSuite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-05-04 22:22 9398888 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 19:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 .1243210482SsTR;1243210482SsTR;c:\programdata\Webroot\Joel Serrata462120.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL194C09B8
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: sankakucomplex.com\www
Trusted Zone: systemrequirementlab.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joel Serrata\AppData\Roaming\Mozilla\Firefox\Profiles\nmd1scd0.default\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-82769057-3468868150-303219983-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"?"=hex:0d,ad,b6,6b,85,52,f8,51,32,9f,dc,73,70,25,38,7c,83,93,85,cd,a0,13,cd,
8a,e0,00,ad,ac,88,e9,7c,38,0f,80,05,e2,cd,83,11,0f,29,64,0f,e1,8c,c8,c0,8b,\
"?"=hex:04,bf,b4,53,32,d5,da,f3,5e,68,1a,85,f3,08,59,a9
.
[HKEY_USERS\S-1-5-21-82769057-3468868150-303219983-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,08,e5,e3,ee,e4,a2,69,a3,fc,dc,ba,9f,91,09,29,cc,b9,ff,eb,25,
70,41,e6,75,93,ff,9c,fb,7f,14,f6,53,77,84,25,86,aa,ff,55,c5,38,ff,8a,4d,10,\
"rkeysecu"=hex:b0,d6,e4,28,42,b2,dd,da,98,a9,48,e5,d1,32,53,10
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1748)
c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe
c:\program files\Uniblue\RegistryBooster\rbmonitor.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Webroot\Washer\WasherSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\NVIDIA Corporation\Installer2\NVIDIA.Update.2\ComUpdatus.exe
.
**************************************************************************
.
Completion time: 2012-07-22 14:50:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 18:50
.
Pre-Run: 215,807,102,976 bytes free
Post-Run: 219,365,134,336 bytes free
.
- - End Of File - - 0140B240B71B21F8455826FC9F5C064F


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:25 PM

Posted 22 July 2012 - 03:16 PM

Lets check for remnants:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 jserrata2010

jserrata2010
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 23 July 2012 - 01:31 AM

Sorry for the Delay the ESET scan took 9 hours!

Eset Logs:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2deccc309f812d439a868393b844ca9c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-23 06:14:51
# local_time=2012-07-23 02:14:51 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 15084461 179599119 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=946564
# found=17
# cleaned=0
# scan_time=32499
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Webroot\Joel Serrata462120.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Webroot\Joel Serrata462120.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Joel Serrata\AppData\Local\VirtualStore\Windows\System32\net.net a variant of Win32/Packed.MoleboxUltra application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Joel Serrata\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\55499050-3f80ca6f a variant of Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Joel Serrata\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Joel Serrata\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I




Malwarebyte log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Joel Serrata :: JOELSERRATA-PC [administrator]

7/22/2012 4:52:06 PM
mbam-log-2012-07-22 (16-52-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234582
Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\INCG9WP8HQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:25 PM

Posted 23 July 2012 - 06:52 AM

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly can have disastrous effects on your operating system such as preventing it from ever starting again. For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

I would suggest that Uniblue Registry Booster and SpeedUpMyPC are removed from the computer.

Download the enclosed file. [attachment=127015:CFScript.txt]

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Download and run Security Check by screen317 and post its report.

How is the computer doing so far?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 jserrata2010

jserrata2010
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 23 July 2012 - 02:33 PM

Combofix:

ComboFix 12-07-24.01 - Joel Serrata 3/2012 Mon 14:13:08.2.2 - x86
Running from: c:\users\Joel Serrata\Desktop\ComboFix.exe
Command switches used :: c:\users\Joel Serrata\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Webroot\Joel Serrata462120.exe"
"c:\users\All Users\Webroot\Joel Serrata462120.exe"
"c:\users\Joel Serrata\AppData\Local\VirtualStore\Windows\System32\net.net"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Webroot\Joel Serrata462120.exe
c:\users\All Users\Webroot\Joel Serrata462120.exe
c:\users\Joel Serrata\AppData\Local\VirtualStore\Windows\System32\net.net
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.1243210482SsTR
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 18:29 . 2012-07-23 18:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-23 18:29 . 2012-07-23 18:29 -------- d-----w- c:\users\joel\AppData\Local\temp
2012-07-23 18:29 . 2012-07-23 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 21:09 . 2012-07-22 21:09 -------- d-----w- c:\program files\ESET
2012-07-22 20:51 . 2012-07-22 20:51 -------- d-----w- c:\users\Joel Serrata\AppData\Roaming\Malwarebytes
2012-07-22 20:50 . 2012-07-22 20:50 -------- d-----w- c:\programdata\Malwarebytes
2012-07-22 20:50 . 2012-07-22 20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-22 20:50 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 17:34 . 2012-07-21 03:36 -------- d-----w- C:\FRST
2012-07-18 23:14 . 2012-07-19 10:13 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-18 14:54 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5A7134-489C-434F-ADF7-FE356B3EC367}\gapaengine.dll
2012-07-18 14:53 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5F6E725-429A-45B8-BAAE-D2E19623409B}\mpengine.dll
2012-07-18 14:51 . 2012-07-18 14:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-18 03:24 . 2012-07-18 03:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-11 15:06 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:54 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:54 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 11:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-06 12:53 . 2012-07-06 12:53 -------- d-----w- C:\Overflow
2012-07-04 22:36 . 2012-07-04 22:36 -------- d-----w- c:\program files\Electronic Arts
2012-06-30 14:54 . 2012-07-01 13:24 -------- d-----w- c:\program files\Kindle Auto eBook Converter
2012-06-24 00:05 . 2012-06-24 00:05 -------- d-----w- c:\users\Joel Serrata\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 03:21 . 2012-04-05 16:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 03:21 . 2011-05-18 13:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 12:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:08 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:08 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:08 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:08 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 12:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-13 14:32 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-20 02:32 . 2011-07-25 04:49 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Joel Serrata^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 00:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 00:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-11-01 20:35 67448 ----a-w- c:\progra~1\Uniblue\PowerSuite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-05-04 22:22 9398888 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 19:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: sankakucomplex.com\www
Trusted Zone: systemrequirementlab.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joel Serrata\AppData\Roaming\Mozilla\Firefox\Profiles\nmd1scd0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-23 14:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-82769057-3468868150-303219983-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"?慴"=hex:0d,ad,b6,6b,85,52,f8,51,32,9f,dc,73,70,25,38,7c,83,93,85,cd,a0,13,cd,
8a,e0,00,ad,ac,88,e9,7c,38,0f,80,05,e2,cd,83,11,0f,29,64,0f,e1,8c,c8,c0,8b,\
"?祥"=hex:04,bf,b4,53,32,d5,da,f3,5e,68,1a,85,f3,08,59,a9
.
[HKEY_USERS\S-1-5-21-82769057-3468868150-303219983-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,08,e5,e3,ee,e4,a2,69,a3,fc,dc,ba,9f,91,09,29,cc,b9,ff,eb,25,
70,41,e6,75,93,ff,9c,fb,7f,14,f6,53,77,84,25,86,aa,ff,55,c5,38,ff,8a,4d,10,\
"rkeysecu"=hex:b0,d6,e4,28,42,b2,dd,da,98,a9,48,e5,d1,32,53,10
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3612)
c:\users\Joel Serrata\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe
c:\program files\Uniblue\RegistryBooster\rbmonitor.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Webroot\Washer\WasherSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-07-23 14:37:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 18:37
ComboFix2.txt 2012-07-22 18:50
.
Pre-Run: 219,931,852,800 bytes free
Post-Run: 219,609,128,960 bytes free
.
- - End Of File - - 4AF2241107EE1A3371204A98E839CC27



Security Check:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


My computer has been doing fine since the fix, so truly thank you for that.

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:25 PM

Posted 23 July 2012 - 10:53 PM

Congratulations.

I would recommend that the applications above in red are upgraded.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

The following will implement some cleanup procedures as well as reset System Restore points:


  • Press the Windows key + R. At the Run command type or copy and paste the following:

    Combofix /uninstall



    That should launch and uninstall the application.

Remove the C:\FRST folder

Manually remove any tool left.

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users