Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Restart loop: Windows has encountered a critical problem and will restart in one minute


  • This topic is locked This topic is locked
2 replies to this topic

#1 MrDavidHG

MrDavidHG

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 25 July 2012 - 01:33 PM

I've got a problem. This laptop starts over after reboot, within 2 minutes. Gets the error: Windows has encountered a critical problem and will restart in one minute.

MS Security Essentials thinks it has SIREFIR. But wont clean. I cant get MALWAREBYTES to run.

Would hate to reinstall... Attached is FRST log.

What's my next step?

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 25-07-2012 11:22:11
Running from F:\
Windows 7 Enterprise (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKU\Project 9\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Project 9\...\Run: [AC_RemoteMediaSync] "C:\Program Files\NuVo\Music Port Sync\bin\FX2_0\Autonomic.Synchronization.App.exe" -autorun [65536 2012-01-26] (Autonomic Controls)
HKU\Project 9\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CC79500B-8BE4-4863-BDE6-A87A56FB8F6C}: [NameServer]10.177.0.34 10.180.12.172
Startup: C:\Users\All Users\Start Menu\Programs\Startup\DWACS.lnk
ShortcutTarget: DWACS.lnk -> C:\Program Files\ACS\ACS_Launcher.exe ()

================================ Services (Whitelisted) ==================

3 CATmobile; "C:\Program Files\T-Mobile\webConnect Manager\conappssvc.exe" /n "CATmobile" [118784 2010-12-22] (SmithMicro Inc.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247352 2010-05-11] (HP)
3 TMobileRcAppSvc; "C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe" /n "TMobileRcAppSvc" [114688 2010-12-22] (SmithMicro Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [208896 2010-08-31] (Huawei Technologies Co., Ltd.)
3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)
3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11136 2010-03-20] (Huawei Technologies Co., Ltd.)
3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-12-10] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [73096 2011-03-18] (FTDI Ltd.)
3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [4864 2004-01-18] (FUJITSU LIMITED)
3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-23] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.)
3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [32408 2010-12-22] (Smith Micro Inc.)
3 tmobile_mf691_dc_enum; C:\Windows\System32\DRIVERS\tmobile_mf691_dc_enum.sys [61952 2010-04-09] (T-Mobile)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-25 11:21 - 2012-07-25 11:22 - 00000000 ____D C:\FRST
2012-07-24 13:38 - 2012-07-24 13:38 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\icqyenqf.sys
2012-07-24 06:58 - 2012-07-24 13:13 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-07-23 21:27 - 2012-07-23 21:27 - 00000055 ____A C:\Users\Project 9\AppData\Roaming\mbam.context.scan
2012-07-23 21:19 - 2012-07-23 21:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-23 16:00 - 2012-07-23 16:00 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\csvoztvh.sys
2012-07-23 14:10 - 2012-07-23 14:10 - 00000000 ___AD C:\.Trash-999
2012-07-23 13:15 - 2012-07-23 13:15 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 13:15 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-17 17:26 - 2012-07-17 17:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-17 17:01 - 2012-07-17 17:02 - 00000000 ____D C:\Users\Project 9\AppData\Roaming\PCPro
2012-07-17 17:01 - 2012-07-17 17:01 - 04272440 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-07-17 17:01 - 2012-07-17 17:01 - 00000938 ____A C:\Users\Project 9\Desktop\PC Cleaner Pro.lnk
2012-07-17 17:01 - 2012-07-17 17:01 - 00000000 ____D C:\Users\All Users\PC1Data
2012-07-12 19:08 - 2012-07-12 19:08 - 10288512 ____A (Microsoft Corporation) C:\Users\Project 9\Downloads\mseinstall.exe
2012-07-12 19:02 - 2012-07-12 19:01 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-12 19:02 - 2012-07-12 19:01 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-12 19:02 - 2012-07-12 19:01 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-12 19:02 - 2012-07-12 19:01 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-12 18:50 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 18:50 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 18:50 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 18:50 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 18:50 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 18:50 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 18:50 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 18:50 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 18:50 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 18:50 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 18:50 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 18:50 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 18:50 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 18:50 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 18:47 - 2012-07-12 18:47 - 00000118 ____A C:\Windows\System32\MRT.INI
2012-07-12 18:44 - 2012-07-12 18:44 - 00264310 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 18:44 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 17:52 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 17:52 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 17:52 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-12 17:52 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-12 17:52 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 17:52 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-12 17:52 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 17:52 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-12 17:52 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-12 17:51 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-09 14:37 - 2012-07-09 14:37 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-07 08:27 - 2012-07-07 08:27 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-01 22:49 - 2012-07-01 22:50 - 00008702 ____A C:\Users\Project 9\Desktop\Walden ISY Backup.zip
2012-06-25 16:18 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-25 16:18 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-25 16:18 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-25 16:18 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-25 16:18 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-25 16:18 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-25 16:18 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-25 16:17 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-25 16:17 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll

============ 3 Months Modified Files ========================

2012-07-24 20:32 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-24 20:32 - 2009-07-13 20:39 - 00052876 ____A C:\Windows\setupact.log
2012-07-24 20:21 - 2012-05-31 17:38 - 00000386 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-07-24 20:21 - 2011-05-04 15:28 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-24 13:38 - 2012-07-24 13:38 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\icqyenqf.sys
2012-07-24 13:15 - 2012-05-31 17:36 - 00000276 ____A C:\Windows\Tasks\RGames Updater.job
2012-07-24 13:15 - 2012-04-02 15:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-24 13:15 - 2011-05-04 15:28 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-24 13:13 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-23 21:27 - 2012-07-23 21:27 - 00000055 ____A C:\Users\Project 9\AppData\Roaming\mbam.context.scan
2012-07-23 21:27 - 2012-07-23 21:19 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-23 16:00 - 2012-07-23 16:00 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\csvoztvh.sys
2012-07-23 13:15 - 2012-07-23 13:15 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 13:14 - 2009-07-13 20:34 - 00015168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 13:14 - 2009-07-13 20:34 - 00015168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 13:12 - 2011-04-27 20:35 - 00760216 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 13:11 - 2011-04-27 20:10 - 01956938 ____A C:\Windows\WindowsUpdate.log
2012-07-17 17:27 - 2011-04-28 08:34 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-17 17:01 - 2012-07-17 17:01 - 04272440 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-07-17 17:01 - 2012-07-17 17:01 - 00000938 ____A C:\Users\Project 9\Desktop\PC Cleaner Pro.lnk
2012-07-16 13:11 - 2011-04-28 09:01 - 00000334 ____A C:\Windows\Tasks\NV-I8G and NV-E6G Configurator Updates.job
2012-07-13 13:43 - 2012-01-17 14:14 - 00000322 ____A C:\Windows\Tasks\Regwork.job
2012-07-12 19:08 - 2012-07-12 19:08 - 10288512 ____A (Microsoft Corporation) C:\Users\Project 9\Downloads\mseinstall.exe
2012-07-12 19:01 - 2012-07-12 19:02 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-12 19:01 - 2012-07-12 19:02 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-12 19:01 - 2012-07-12 19:02 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-12 19:01 - 2012-07-12 19:02 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-12 19:01 - 2011-06-18 15:58 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-07-12 18:56 - 2009-07-13 20:33 - 00409784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 18:49 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-07-12 18:47 - 2012-07-12 18:47 - 00000118 ____A C:\Windows\System32\MRT.INI
2012-07-12 18:44 - 2012-07-12 18:44 - 00264310 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 18:44 - 2011-04-28 00:19 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-12 17:46 - 2012-04-02 15:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 17:46 - 2011-06-12 08:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-06 13:36 - 2011-05-03 15:03 - 10024960 ____A C:\Users\Project 9\Desktop\Laing Media 2011.rti
2012-07-03 12:46 - 2012-07-23 13:15 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 22:50 - 2012-07-01 22:49 - 00008702 ____A C:\Users\Project 9\Desktop\Walden ISY Backup.zip
2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-22 11:29 - 2012-06-22 11:29 - 00001437 ____A C:\Users\Public\Desktop\NV-I8G and NV-E6G Configurator.lnk
2012-06-22 11:15 - 2012-06-22 11:15 - 00001895 ____A C:\Users\Public\Desktop\Tux of Math Command.lnk
2012-06-22 11:03 - 2011-04-27 21:16 - 00040488 ____A C:\Windows\PFRO.log
2012-06-19 11:13 - 2012-06-19 11:13 - 00050653 ____A C:\Users\Project 9\Downloads\FSReset_64bit.zip
2012-06-14 22:32 - 2012-06-14 22:32 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-11 18:40 - 2012-07-12 18:44 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 09:43 - 2012-06-09 09:43 - 00002005 ____A C:\Users\Public\Desktop\IC-80 Programmer.lnk
2012-06-09 09:43 - 2011-04-28 07:42 - 00170512 ____A C:\Windows\DPINST.LOG
2012-06-08 20:41 - 2012-07-12 17:51 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-12 17:52 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-12 17:52 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-12 17:52 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-25 16:18 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-25 16:18 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-25 16:18 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-25 16:18 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-25 16:18 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-25 16:17 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-25 16:18 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-25 16:18 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-25 16:17 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-12 18:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-12 18:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-12 18:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-12 18:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-12 18:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 18:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-12 18:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-12 18:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 18:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 18:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-12 18:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-12 18:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 18:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 18:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-12 17:52 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-12 17:52 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-12 17:52 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-12 17:52 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-12 17:52 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 19:50 - 2012-05-31 19:50 - 03159552 ____A C:\Users\Project 9\Downloads\HAPPY MELONS DAY!.pps
2012-05-31 17:37 - 2012-05-31 17:37 - 00001037 ____A C:\Users\Project 9\Desktop\FreeFileViewer.lnk
2012-05-31 14:28 - 2012-05-31 11:00 - 329116048 ____A (Macrovision Corporation) C:\Users\Project 9\Downloads\ID831Setup.exe
2012-05-21 17:18 - 2012-05-21 17:17 - 00007200 ____A C:\Users\Project 9\Desktop\Lotman Melhill New May 21,2012.zip
2012-05-19 18:21 - 2012-05-19 18:21 - 00065560 ____A C:\Users\Project 9\Downloads\NETGEAR_WNR3500L (1).cfg
2012-05-19 18:18 - 2012-05-19 18:18 - 00065560 ____A C:\Users\Project 9\Downloads\NETGEAR_WNR3500L.cfg
2012-05-15 14:39 - 2012-04-04 14:12 - 00013133 ____A C:\Users\Project 9\Desktop\Bryman-Backup.v3.1.17__Wed 2012.04.04 03.11.51 PM.zip
2012-05-15 12:45 - 2011-05-25 09:31 - 06751232 ____A C:\Users\Project 9\Documents\Lacy T3 REvised May 2011.rti
2012-05-09 16:50 - 2012-05-09 16:50 - 00000366 ____A C:\Users\Project 9\Desktop\Panasonic Pro Plasma.rtidriver - Shortcut.lnk
2012-05-09 15:06 - 2010-03-26 16:00 - 00012800 ____A C:\Users\Project 9\Desktop\Panasonic Pro Plasma.rtidriver
2012-05-09 15:05 - 2012-05-09 15:05 - 00004620 ____A C:\Users\Project 9\Desktop\Panasonic_Pro_Plasma.zip
2012-05-05 17:36 - 2012-05-05 17:36 - 02865664 ____A C:\Users\Project 9\Desktop\Leighton Merge 2012.rti
2012-04-30 20:44 - 2012-06-14 14:55 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 20:41 - 2012-06-14 14:55 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:17 - 2012-06-14 14:55 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


ZeroAccess:
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\@
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\L
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\U
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\L\00000004.@
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\L\1afb2d56
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\L\201d3dde

ZeroAccess:
C:\Users\Project 9\AppData\Local\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}
C:\Users\Project 9\AppData\Local\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\@
C:\Users\Project 9\AppData\Local\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\L
C:\Users\Project 9\AppData\Local\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-24 13:13] - 0259072 ____A (Microsoft Corporation) 21835BD18857B8BADD3858DE3B74F76C

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2037.87 MB
Available physical RAM: 1640.44 MB
Total Pagefile: 2037.87 MB
Available Pagefile: 1646.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.73 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:54.88 GB) (Free:3.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:1 GB) (Free:0.75 GB) NTFS
3 Drive e: (KRD10) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
4 Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:0.03 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 55 GB 6144 KB
Disk 1 Online 7634 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 54 GB 31 KB
Partition 2 Primary 1027 MB 54 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 54 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 1027 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7634 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 7634 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-01 12:27

======================= End Of Log ==========================

Edited by Orange Blossom, 25 July 2012 - 02:45 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:11 AM

Posted 25 July 2012 - 02:44 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
C:\Windows\Installer\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}
C:\Users\Project 9\AppData\Local\{afa9be9c-6e25-844d-0d21-e6f80b2448ce}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe


    Click Search button and post the log it makes to your reply.



Reboot Normally.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:11 AM

Posted 02 August 2012 - 03:41 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users