TechSpot

[A] Windows has encountered a critical problem...

Inactive
By annika87
Sep 30, 2012
Topic Status:
Not open for further replies.
  1. Hi

    I have read some of the other posts in the forum regarding the error:

    Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

    I keep getting this error after updating Microsoft Security Essentials software..... I have run the Faber things and I get the following from the FRST and Search text files...


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2012 01
    Ran by SYSTEM at 30-09-2012 14:12:03
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [156968 2009-01-20] (CyberLink Corp.)
    HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [202024 2009-01-20] (CyberLink)
    HKLM\...\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2008-10-24] (AlcorMicro Co., Ltd.)
    HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [204800 2009-02-23] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [870920 2009-02-23] (Dritek System Inc.)
    HKLM\...\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k [249600 2009-04-11] (NewTech Infosystems, Inc.)
    HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-04-15] (Acer Incorporated)
    HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2008-10-27] (EgisTec Inc.)
    HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [346672 2008-10-27] (EgisTec Inc.)
    HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [173288 2008-12-26] (Acer Corp.)
    HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-07-27] (Google)
    HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-01] (Apple Inc.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-10] (Realtek Semiconductor)
    HKLM\...\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-11-10] (Huawei Technologies Co., Ltd.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2011-03-17] (Adobe Systems Incorporated)
    HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
    HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Bubz\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
    HKU\Bubz\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
    HKU\Bubz\...\Run: [AdobeBridge] [x]
    HKU\Bubz\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Default\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [x]
    HKU\Default\...\RunOnce: [ScrSav] C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-05] (TODO: <Company name>)
    HKU\Default User\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [x]
    HKU\Default User\...\RunOnce: [ScrSav] C:\Windows\Screensavers\Acer\run_Acer.exe [233472 2009-03-05] (TODO: <Company name>)
    HKU\Guest\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [x]
    HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
    HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...LAFIAUgBRAEEALQBIADAASgBUAEEALQBSADgASgBSAFQA"&"inst=NwA2AC0ANgA3ADEANgAxADcAMwAwADEALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEALQBDAEkAQQA5ADAAKwAyAC0ARABEAFQAKwAzADMAMAAxADYALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBQADkAVQArADEALQBVADkANQArADEALQBUAEIAKwAxAC0AUAA5AFIAKwAxAC0ARgBVAEkAKwAyAC0AUAA5ADAAVABCACsAMgA"&"prod=94"&"ver=9.0.894 [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    ==================== Services (Whitelisted) ===================

    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
    2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [133912 2012-08-21] (AVAST Software)
    2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
    2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated)
    3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-07-27] (Google)
    4 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [884360 2008-09-12] (McAfee, Inc.)
    2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [306736 2008-10-27] (EgisTec Inc.)
    2 NitroDriverReadSpool2; "C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe" [184840 2012-08-28] (Nitro PDF Software)
    2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
    2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
    2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x]
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software)
    1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [113776 2012-08-21] (AVAST Software)
    1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software)
    2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-08-21] (AVAST Software)
    0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-07-13] (ALWIL Software)
    0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [202928 2012-08-21] (AVAST Software)
    1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-08-21] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-08-21] (AVAST Software)
    3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [101120 2009-10-12] (Huawei Technologies Co., Ltd.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
    1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2008-08-26] (McAfee, Inc.)
    2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-10-09] (Egis Incorporated.)
    2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-10-09] (Egis Incorporated.)
    2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-10-09] (Egis Incorporated.)
    1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-09] ()
    1 ayjxvlfc; \??\C:\Windows\system32\drivers\ayjxvlfc.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2012-09-30 14:08 - 2012-09-30 14:08 - 00000000 ____D C:\FRST
    2012-09-30 04:42 - 2012-09-30 04:43 - 00000174 ____A C:\Users\Bubz\Desktop\New Shortcut.lnk
    2012-09-30 04:03 - 2012-09-30 04:03 - 00000000 ____D C:\362f749e780762b7b44bc47e75d9d4
    2012-09-30 03:13 - 2012-09-30 03:14 - 11088872 ____A (Microsoft Corporation) C:\Users\Bubz\Downloads\mseinstall.exe
    2012-09-30 02:50 - 2012-09-30 02:51 - 00723913 ____A C:\Users\Bubz\Downloads\Avast 7.0.1466 Crack expire on 2050.zip
    2012-09-30 02:50 - 2012-09-30 02:50 - 00002316 ____A C:\Users\Bubz\Downloads\0BA4F105358353608C7C8CACC4B6FE5FDF06B1C4.torrent
    2012-09-29 15:02 - 2012-09-30 03:10 - 00000000 ____D C:\Users\Bubz\Downloads\Snow White and the Huntsman 2012 EXTENDED 720p BluRay x264-MgB
    2012-09-29 14:44 - 2012-09-29 15:04 - 00000000 ____D C:\Users\Bubz\Downloads\21.Jump.Street.2012.BRRip.XviD-AsA
    2012-09-29 14:41 - 2012-09-29 14:41 - 00019453 ____A C:\Users\Bubz\Downloads\4ABC42D59A5C1F436EC75B3C853C771990BAB409.torrent
    2012-09-29 14:39 - 2012-09-29 14:39 - 00014895 ____A C:\Users\Bubz\Downloads\2486F6B4285F3A29DA40651B0ED9EF21D3F21CED.torrent
    2012-09-29 14:36 - 2012-09-29 14:36 - 00017148 ____A C:\Users\Bubz\Downloads\52D2EE1425729AA0A64261A68DB76B780DC6F299.torrent
    2012-09-29 14:28 - 2012-09-30 03:17 - 00000000 ____D C:\Users\Bubz\Downloads\The Five-Year Engagement 2012 UNRATED BDRip x264 AAC - RLRG
    2012-09-29 14:24 - 2012-09-30 03:12 - 00000000 ____D C:\Users\Bubz\Downloads\The Avengers (2012) BRRip 480p KrazyKarvs TMRG
    2012-09-29 14:24 - 2012-09-29 14:24 - 00011984 ____A C:\Users\Bubz\Downloads\F280D7EFF95C2BC56045F1DFD1EA0A30E1E377E3.torrent
    2012-09-29 14:23 - 2012-09-29 14:23 - 00015400 ____A C:\Users\Bubz\Downloads\AE5B9DB6B73708685D6BB3600133A8F8FDF37E2D.torrent
    2012-09-29 02:37 - 2012-09-29 02:37 - 00023492 ____A C:\Users\Bubz\Downloads\Greys Anatomy_9x01_HDTV.x264-LOL.en.zip
    2012-09-28 14:09 - 2012-09-28 14:09 - 00020728 ____A C:\Users\Bubz\Downloads\CC28C6AAE2955C9AC6C9AE020EAB4206C4B83749.torrent
    2012-09-11 11:24 - 2012-09-11 11:24 - 00554304 ____A C:\Users\Bubz\Downloads\noname.eml
    2012-09-05 11:46 - 2012-09-05 11:46 - 00000000 ____D C:\Program Files\Common Files\Java
    2012-09-05 11:45 - 2012-09-05 11:45 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-09-05 11:45 - 2012-09-05 11:45 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-09-05 11:45 - 2012-09-05 11:45 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-09-05 11:45 - 2012-09-05 11:45 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-09-04 12:35 - 2012-09-04 12:35 - 00031452 ____A C:\Users\Bubz\Downloads\7C175441FD70247E03A63131825913963955E53D.torrent
    2012-09-03 14:54 - 2012-09-03 15:35 - 00000000 ____D C:\Users\Bubz\Downloads\Quantum Of Solace 2008 BluRay 720p DTS x264-3Li
    2012-09-03 14:43 - 2012-09-03 14:43 - 00127597 ____A C:\Users\Bubz\Downloads\CF4B0571F0D4DF1F6054CF8896CC6221C5941018.torrent
    2012-09-03 14:43 - 2012-09-03 14:43 - 00038831 ____A C:\Users\Bubz\Downloads\2952A13F1E2DB9933525DE16720F39ADE8146659.torrent
    2012-09-03 12:12 - 2008-11-10 03:48 - 00076294 ____A C:\Users\Bubz\Downloads\casino.royale.dvd9.720p.bluray.x264.srt
    2012-09-03 12:11 - 2012-09-03 12:11 - 00030351 ____A C:\Users\Bubz\Downloads\e1349c549a859c9174c94523f4c07cd3f3e0dc23.zip
    2012-09-02 14:04 - 2012-09-02 14:04 - 00019328 ____A C:\Users\Bubz\Downloads\emailtable.php
    2012-09-01 13:29 - 2012-09-01 13:29 - 00016159 ____A C:\Users\Bubz\Downloads\E3F03BAE7BA0F416C7B14368E42E2FB82B93D460.torrent
    2012-09-01 12:40 - 2012-09-01 12:40 - 00056796 ____A C:\Users\Bubz\Downloads\1A63134AF15E6133DE3E08FBDB721DDC9559CD64.torrent

    ==================== 3 Months Modified Files ==================

    2012-09-30 05:04 - 2009-10-26 15:31 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-09-30 04:55 - 2009-06-27 04:22 - 01464861 ____A C:\Windows\WindowsUpdate.log
    2012-09-30 04:55 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-30 04:55 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-30 04:55 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-30 04:53 - 2012-08-24 03:36 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-30 04:43 - 2012-09-30 04:42 - 00000174 ____A C:\Users\Bubz\Desktop\New Shortcut.lnk
    2012-09-30 03:31 - 2009-10-11 11:01 - 00007052 ____A C:\Users\Bubz\AppData\Local\d3d9caps.dat
    2012-09-30 03:17 - 2011-02-05 13:24 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-30 03:14 - 2012-09-30 03:13 - 11088872 ____A (Microsoft Corporation) C:\Users\Bubz\Downloads\mseinstall.exe
    2012-09-30 03:14 - 2009-10-19 15:14 - 00212992 ____A C:\Users\Bubz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-30 03:13 - 2012-08-11 16:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-30 03:07 - 2012-08-24 03:36 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-30 03:00 - 2006-11-02 05:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-30 02:51 - 2012-09-30 02:50 - 00723913 ____A C:\Users\Bubz\Downloads\Avast 7.0.1466 Crack expire on 2050.zip
    2012-09-30 02:50 - 2012-09-30 02:50 - 00002316 ____A C:\Users\Bubz\Downloads\0BA4F105358353608C7C8CACC4B6FE5FDF06B1C4.torrent
    2012-09-29 19:20 - 2009-12-18 13:09 - 00000354 ____A C:\Windows\Tasks\Driver Robot.job
    2012-09-29 14:41 - 2012-09-29 14:41 - 00019453 ____A C:\Users\Bubz\Downloads\4ABC42D59A5C1F436EC75B3C853C771990BAB409.torrent
    2012-09-29 14:39 - 2012-09-29 14:39 - 00014895 ____A C:\Users\Bubz\Downloads\2486F6B4285F3A29DA40651B0ED9EF21D3F21CED.torrent
    2012-09-29 14:36 - 2012-09-29 14:36 - 00017148 ____A C:\Users\Bubz\Downloads\52D2EE1425729AA0A64261A68DB76B780DC6F299.torrent
    2012-09-29 14:24 - 2012-09-29 14:24 - 00011984 ____A C:\Users\Bubz\Downloads\F280D7EFF95C2BC56045F1DFD1EA0A30E1E377E3.torrent
    2012-09-29 14:23 - 2012-09-29 14:23 - 00015400 ____A C:\Users\Bubz\Downloads\AE5B9DB6B73708685D6BB3600133A8F8FDF37E2D.torrent
    2012-09-29 02:37 - 2012-09-29 02:37 - 00023492 ____A C:\Users\Bubz\Downloads\Greys Anatomy_9x01_HDTV.x264-LOL.en.zip
    2012-09-28 14:09 - 2012-09-28 14:09 - 00020728 ____A C:\Users\Bubz\Downloads\CC28C6AAE2955C9AC6C9AE020EAB4206C4B83749.torrent
    2012-09-26 13:48 - 2010-02-28 18:30 - 00021504 ____A C:\Users\Bubz\Documents\Family Oweage.xls
    2012-09-26 13:18 - 2012-08-24 03:40 - 00001975 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-09-20 12:13 - 2012-08-11 16:14 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-09-20 12:13 - 2012-08-11 16:14 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-09-11 11:24 - 2012-09-11 11:24 - 00554304 ____A C:\Users\Bubz\Downloads\noname.eml
    2012-09-05 11:45 - 2012-09-05 11:45 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-09-05 11:45 - 2012-09-05 11:45 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-09-05 11:45 - 2012-09-05 11:45 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-09-05 11:45 - 2012-09-05 11:45 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-09-05 11:45 - 2010-05-09 13:31 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
    2012-09-04 12:35 - 2012-09-04 12:35 - 00031452 ____A C:\Users\Bubz\Downloads\7C175441FD70247E03A63131825913963955E53D.torrent
    2012-09-03 14:43 - 2012-09-03 14:43 - 00127597 ____A C:\Users\Bubz\Downloads\CF4B0571F0D4DF1F6054CF8896CC6221C5941018.torrent
    2012-09-03 14:43 - 2012-09-03 14:43 - 00038831 ____A C:\Users\Bubz\Downloads\2952A13F1E2DB9933525DE16720F39ADE8146659.torrent
    2012-09-03 12:11 - 2012-09-03 12:11 - 00030351 ____A C:\Users\Bubz\Downloads\e1349c549a859c9174c94523f4c07cd3f3e0dc23.zip
    2012-09-02 14:04 - 2012-09-02 14:04 - 00019328 ____A C:\Users\Bubz\Downloads\emailtable.php
    2012-09-01 13:29 - 2012-09-01 13:29 - 00016159 ____A C:\Users\Bubz\Downloads\E3F03BAE7BA0F416C7B14368E42E2FB82B93D460.torrent
    2012-09-01 12:40 - 2012-09-01 12:40 - 00056796 ____A C:\Users\Bubz\Downloads\1A63134AF15E6133DE3E08FBDB721DDC9559CD64.torrent
    2012-08-30 13:03 - 2012-08-30 13:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 13:03 - 2010-10-24 13:25 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-30 06:00 - 2012-08-30 06:00 - 00001928 ____A C:\Users\Public\Desktop\Nitro Pro 7.lnk
    2012-08-30 05:54 - 2012-08-30 05:53 - 51594232 ____A (Nitro PDF Software) C:\Users\Bubz\Downloads\nitro_pdf_professional7.exe
    2012-08-30 02:25 - 2009-11-12 06:13 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-08-30 02:22 - 2012-08-30 02:22 - 00001668 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-08-30 02:09 - 2012-08-30 02:09 - 00001730 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-08-29 12:22 - 2012-08-29 12:22 - 00028915 ____A C:\Users\Bubz\Downloads\AE18ADEFCDEB78A109CB65142FE0E100EDD5A4AE.torrent
    2012-08-29 12:22 - 2012-08-29 12:22 - 00028755 ____A C:\Users\Bubz\Downloads\FE7A813CDFCCA361A7BA4B499749933D50550744.torrent
    2012-08-29 12:21 - 2012-08-29 12:21 - 00028995 ____A C:\Users\Bubz\Downloads\1E2C25B251A69C6CE89D4C69E6D138A6789455B1.torrent
    2012-08-29 12:21 - 2012-08-29 12:21 - 00028915 ____A C:\Users\Bubz\Downloads\2E1E365647D4F32CCB20DDBDF35747FC700560E4.torrent
    2012-08-29 12:20 - 2012-08-29 12:20 - 00031412 ____A C:\Users\Bubz\Downloads\C4157E54B8FC835BE7FFB1809CC8FC241CB58F87.torrent
    2012-08-29 12:19 - 2012-08-29 12:19 - 00029142 ____A C:\Users\Bubz\Downloads\8378B94E5E14D2B39CA69E281EB5712455D87053.torrent
    2012-08-29 12:19 - 2012-08-29 12:19 - 00028920 ____A C:\Users\Bubz\Downloads\CDD594DCD25FC310660D958B6B52A652F4E72495.torrent
    2012-08-28 12:13 - 2012-08-28 12:13 - 00024141 ____A C:\Users\Bubz\Downloads\True Blood_5x12_HDTV.x264-EVOLVE.en.zip
    2012-08-28 09:44 - 2012-08-28 09:44 - 00069640 ____A (Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
    2012-08-28 09:43 - 2012-08-30 06:01 - 00027144 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalmon2.dll
    2012-08-28 09:43 - 2012-08-30 06:01 - 00018440 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalui2.dll
    2012-08-28 09:25 - 2012-08-28 09:25 - 00018914 ____A C:\Users\Bubz\Downloads\CA7AA470290F6BBFF31D228616F61A8A4E29D614.torrent
    2012-08-26 15:04 - 2012-08-28 12:13 - 00061033 ____N C:\Users\Bubz\Downloads\True Blood - 5x12 - Save Yourself.HDTV.x264-EVOLVE.en.srt
    2012-08-25 04:04 - 2012-08-25 04:04 - 02397192 ____A (Conduit) C:\Users\Bubz\Downloads\WiseConvert.exe
    2012-08-24 07:25 - 2010-03-15 21:05 - 00000016 ____A C:\Users\Bubz\persistent_state
    2012-08-24 03:48 - 2012-08-24 03:48 - 04024320 ____A C:\Program Files\GUT86B.tmp
    2012-08-24 03:40 - 2012-08-24 03:40 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-24 03:40 - 2012-08-24 03:40 - 00000000 ____A C:\Windows\setupact.log
    2012-08-24 03:35 - 2012-08-24 03:35 - 00001833 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
    2012-08-24 03:26 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
    2012-08-24 03:12 - 2012-08-24 03:06 - 123534648 ____A C:\Users\Bubz\Downloads\avast_internet_security_setup.exe
    2012-08-24 02:14 - 2006-11-02 02:33 - 00706586 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-21 01:13 - 2012-08-24 03:35 - 00355632 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-21 01:13 - 2012-08-24 03:35 - 00113776 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
    2012-08-21 01:13 - 2012-08-24 03:35 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-21 01:13 - 2012-08-24 03:26 - 00729752 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-21 01:13 - 2012-08-24 03:26 - 00202928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
    2012-08-21 01:13 - 2012-08-24 03:26 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-21 01:13 - 2012-08-24 03:26 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-21 01:13 - 2012-08-24 03:26 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-08-21 01:13 - 2012-08-24 03:26 - 00018544 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
    2012-08-21 01:12 - 2012-08-24 03:18 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-21 01:12 - 2012-08-24 03:18 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-12 07:02 - 2012-07-13 11:27 - 00002160 ____A C:\Windows\PFRO.log
    2012-08-06 12:00 - 2012-08-06 12:00 - 00000009 ____A C:\END
    2012-08-06 11:59 - 2012-07-19 13:34 - 09250272 ____A (Vuze Inc.) C:\Users\Bubz\Downloads\Vuze_Installer.exe
    2012-07-29 11:52 - 2012-07-29 11:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
    2012-07-16 07:01 - 2011-07-02 06:49 - 00005120 ____A C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-13 11:31 - 2006-11-02 04:47 - 03737904 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-13 11:06 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-13 11:03 - 2006-11-02 02:23 - 00000270 ____A C:\Windows\win.ini
    2012-07-13 02:47 - 2012-08-24 03:19 - 00012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys


    ZeroAccess:
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\@
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\L
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\L\00000004.@
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\L\201d3dde
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\00000008.@
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz10B4.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz3275.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz3A52.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz3A63.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz408B.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz70CB.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz710B.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz732E.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trz7580.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trzDDD3.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trzEA0.tmp
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U\trzECF.tmp

    ZeroAccess:
    C:\Users\Bubz\AppData\Local\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}
    C:\Users\Bubz\AppData\Local\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\@
    C:\Users\Bubz\AppData\Local\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\L
    C:\Users\Bubz\AppData\Local\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0}\U

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-01 15:44:59
    Restore point made on: 2012-09-03 22:01:14
    Restore point made on: 2012-09-05 11:43:13
    Restore point made on: 2012-09-07 00:05:41
    Restore point made on: 2012-09-11 12:27:58
    Restore point made on: 2012-09-12 10:54:30
    Restore point made on: 2012-09-22 03:32:50
    Restore point made on: 2012-09-29 17:10:36

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 4023.89 MB
    Available physical RAM: 3321.54 MB
    Total Pagefile: 3648.28 MB
    Available Pagefile: 3457.21 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1974.31 MB

    ==================== Partitions =============================

    1 Drive c: (ACER) (Fixed) (Total:288.32 GB) (Free:17.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (24SEASON2_DISC1) (CDROM) (Total:7.51 GB) (Free:0 GB) UDF
    3 Drive e: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:1.83 GB) FAT32
    4 Drive f: () (Removable) (Total:7.46 GB) (Free:2.32 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7660 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 10 GB 1024 KB
    Partition 2 Primary 288 GB 10 GB

    =========================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E PQSERVICE FAT32 Partition 10 GB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C ACER NTFS Partition 288 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7656 MB 4032 KB

    =========================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 F FAT32 Removable 7656 MB Healthy

    =========================================================

    Last Boot: 2012-09-30 03:07

    ==================== End Of Log ============================


    and from the Search file:


    Farbar Recovery Scan Tool (x86) Version: 30-09-2012 01
    Ran by SYSTEM at 2012-09-30 14:34:09
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-10-26 15:31] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\System32\services.exe
    [2009-10-26 15:31] - [2012-09-30 05:04] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

    === End Of Search ===



    I am really not sure what I am supposed to do after this..... and the problem is still there on my laptop. please can anyone help me???
     
  2. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  3. annika87

    annika87 TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-09-2012 01
    Ran by SYSTEM at 2012-09-30 20:39:08 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    ayjxvlfc service deleted successfully.
    C:\Windows\system32\drivers\ayjxvlfc.sys not found.
    C:\Windows\Installer\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0} moved successfully.
    C:\Users\Bubz\AppData\Local\{0f2b2ee4-32c3-c889-20a1-b48ed48cbdc0} moved successfully.
    C:\Windows\assembly\GAC\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Go on...
     
  5. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.