TechSpot

I've got the same problem as many here. here is a result for a search of services.exe

By carlosr217
Aug 1, 2012
  1. Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-01 01:24:16
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2011-01-03 10:24] - [2008-01-18 20:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
    [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0
    C:\Windows\System32\services.exe
    [2011-01-03 10:24] - [2012-07-31 19:28] - 0279040 ____A (Microsoft Corporation) 5DC3C54FC22BBB6F66C290C7C0384DF9
    C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2009-06-26 07:48] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2011-01-06 06:22] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    === End Of Search ===
     
  2. carlosr217

    carlosr217 TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 31-07-2012 22:40:17
    Running from F:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [148888 2006-01-10] (Sun Microsystems, Inc.)
    HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [176128 2007-03-28] (CyberLink Corp.)
    HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [849280 2007-02-05] (Microsoft Corporation)
    HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [398728 2008-01-29] (Symantec Corporation)
    HKLM\...\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 [318096 2009-08-03] (Carbonite, Inc.)
    HKLM\...\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [197928 2009-12-18] (Seagate LLC)
    HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)
    HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
    HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1527128 2011-06-14] (Intuit Inc. All rights reserved.)
    HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [90191 2007-02-28] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [7770112 2007-02-28] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-02-28] (NVIDIA Corporation)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-06] (RealNetworks, Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
    HKU\George\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
    HKU\George\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
    HKU\George\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-23] (Google Inc.)
    HKU\George\...\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe [x]
    HKU\George\...\Policies\system: [LogonHoursAction] 2
    HKU\George\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Guest\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
    HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-23] (Google Inc.)
    HKU\Guest 2\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [x]
    HKU\Guest 2\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-23] (Google Inc.)
    HKU\Guest 2\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
    HKU\Guest 2\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
    HKU\Guest 2\...\Policies\system: [LogonHoursAction] 2
    HKU\Guest 2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKLM\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.150.105 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HPZSETUP.LNK
    ShortcutTarget: HPZSETUP.LNK -> (No File)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Vongo Tray.lnk
    ShortcutTarget: Vongo Tray.lnk -> C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe (Macrovision Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    ================================ Services (Whitelisted) ==================
    2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)
    2 CLCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe" [270431 2007-03-28] ()
    2 CLSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe" [118877 2007-03-28] ()
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
    2 FreeAgentGoNext Service; "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" [189736 2009-12-18] (Seagate Technology LLC)
    2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.)
    3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
    2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [537992 2008-04-10] (Symantec Corporation)
    2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc.exe [106496 2011-05-11] (DEVGURU Co., LTD)
    2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [45056 2011-07-06] (Intuit)
    3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2009-07-23] (Intuit Inc.)
    2 QBVSS; "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-06-30] (Intuit Inc.)
    2 Vongo Service; C:\Program Files\Vongo\VongoService.exe [176128 2007-03-29] (Starz Entertainment Group LLC)
    2 VZWConfigService; "C:\Program Files\Novatel Wireless\Verizon\Drivers\VZWMSConfig.exe" [143696 2010-12-10] (Novatel Wireless Inc.)
    3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [x]
    2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
    2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
    ========================== Drivers (Whitelisted) =============
    1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
    3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [9472 2006-06-28] (Hewlett-Packard Development Company, L.P.)
    3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [159232 2007-02-22] (Conexant Systems Inc.)
    3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-31] (Malwarebytes Corporation)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [12032 2007-02-16] (NVIDIA Corporation)
    3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [231424 2010-12-10] (Novatel Wireless Inc)
    3 NWRmNet_001; C:\Windows\System32\DRIVERS\NWRmNet_001.sys [243712 2010-12-10] (Novatel Wireless Inc.)
    3 NWUSBModem_001; C:\Windows\System32\DRIVERS\nwusbmdm_001.sys [176384 2010-12-10] (Novatel Wireless Inc.)
    3 NWUSBPort2_001; C:\Windows\System32\DRIVERS\nwusbser2_001.sys [176384 2010-12-10] (Novatel Wireless Inc.)
    3 NWUSBPort_001; C:\Windows\System32\DRIVERS\nwusbser_001.sys [176384 2010-12-10] (Novatel Wireless Inc.)
    3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [33024 2008-08-10] (DEVGURU Co,LTD.)
    3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [41344 2008-08-10] (DEVGURU Co,LTD.)
    3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [39936 2008-08-10] (DEVGURU Co,LTD.)
    3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [59904 2008-08-10] (DEVGURU Co,LTD.)
    3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59792 2011-05-11] (DEVGURU Co., LTD.)
    3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-05-11] (DEVGURU Co., LTD.)
    3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [60432 2011-05-11] (DEVGURU Co., LTD.)
    3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2008-01-18] (Microsoft Corporation)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    3 cpuz132; \??\C:\Users\George\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-07-31 22:40 - 2012-07-31 22:40 - 00000000 ____D C:\FRST
    2012-07-31 18:28 - 2012-07-31 18:28 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2012-07-31 18:27 - 2012-07-31 18:28 - 00000726 ____A C:\Users\George\Desktop\stop shutdown.lnk
    2012-07-31 18:19 - 2012-07-31 18:19 - 00000490 ____A C:\Users\George\Desktop\yorkyt.exe.log
    2012-07-31 18:15 - 2012-07-31 18:11 - 01415784 ____A C:\Users\George\Desktop\yorkyt.exe
    2012-07-31 17:21 - 2012-05-31 08:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-07-31 17:20 - 2012-07-31 17:20 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-31 17:20 - 2012-07-31 17:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-31 16:57 - 2012-07-31 16:57 - 00002950 ____A C:\Users\All Users\LUUnInstall.LiveUpdate
    2012-07-31 16:57 - 2012-07-31 16:57 - 00002950 ____A C:\Users\All Users\Application Data\LUUnInstall.LiveUpdate
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000000 ____D C:\Users\George\Application Data\Malwarebytes
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000000 ____D C:\Users\George\AppData\Roaming\Malwarebytes
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-07-30 16:55 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-27 05:22 - 2008-07-30 13:42 - 00023888 ____A (Symantec Corporation) C:\Windows\System32\Drivers\COH_Mon.sys
    2012-07-27 05:22 - 2008-07-30 13:28 - 00010537 ____A C:\Windows\System32\Drivers\COH_Mon.cat
    2012-07-27 04:24 - 2012-07-27 04:24 - 00000922 ____A C:\Users\George\Desktop\Live Security Platinum Order.lnk
    2012-07-27 03:38 - 2012-07-27 03:38 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-27 03:33 - 2012-07-27 04:24 - 00000000 ____D C:\Users\All Users\Application Data\036E192602A74619CCA9ED996C44B161
    2012-07-27 03:33 - 2012-07-27 04:24 - 00000000 ____D C:\Users\All Users\036E192602A74619CCA9ED996C44B161
    2012-07-15 12:59 - 2012-07-15 12:59 - 22728630 ____A C:\Users\George\Desktop\sc0002.bmp
    2012-07-01 04:09 - 2012-07-01 04:11 - 00155136 ____A C:\Users\George\Desktop\OfficialMonthlyActivityReport06012012.xls
    ============ 3 Months Modified Files ========================
    2012-07-31 18:28 - 2012-07-31 18:28 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2012-07-31 18:28 - 2012-07-31 18:27 - 00000726 ____A C:\Users\George\Desktop\stop shutdown.lnk
    2012-07-31 18:23 - 2006-11-02 05:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-31 18:23 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-31 18:23 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-31 18:23 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-31 18:20 - 2007-07-18 21:07 - 00035416 ____A C:\Users\George\Application Data\nvModes.001
    2012-07-31 18:20 - 2007-07-18 21:07 - 00035416 ____A C:\Users\George\AppData\Roaming\nvModes.001
    2012-07-31 18:20 - 2007-04-18 09:03 - 00000146 ____A C:\Users\Public\Documents\hpqp.ini
    2012-07-31 18:20 - 2007-04-18 09:03 - 00000146 ____A C:\Users\All Users\Documents\hpqp.ini
    2012-07-31 18:19 - 2012-07-31 18:19 - 00000490 ____A C:\Users\George\Desktop\yorkyt.exe.log
    2012-07-31 18:19 - 2010-02-03 07:19 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-31 18:19 - 2009-06-29 11:10 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5D0AC38F-6C6C-4922-861B-A8F255610EAB}.job
    2012-07-31 18:16 - 2006-11-02 02:33 - 00723078 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-31 18:15 - 2011-01-03 10:24 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-31 18:11 - 2012-07-31 18:15 - 01415784 ____A C:\Users\George\Desktop\yorkyt.exe
    2012-07-31 17:21 - 2007-06-12 13:19 - 01844032 ____A C:\Windows\WindowsUpdate.log
    2012-07-31 17:20 - 2012-07-31 17:20 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-31 17:16 - 2007-07-18 12:49 - 00035416 ____A C:\Users\George\Application Data\nvModes.dat
    2012-07-31 17:16 - 2007-07-18 12:49 - 00035416 ____A C:\Users\George\AppData\Roaming\nvModes.dat
    2012-07-31 17:05 - 2007-04-18 08:52 - 00156898 ____A C:\Windows\PFRO.log
    2012-07-31 16:57 - 2012-07-31 16:57 - 00002950 ____A C:\Users\All Users\LUUnInstall.LiveUpdate
    2012-07-31 16:57 - 2012-07-31 16:57 - 00002950 ____A C:\Users\All Users\Application Data\LUUnInstall.LiveUpdate
    2012-07-31 16:45 - 2010-02-03 07:19 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-30 16:55 - 2012-07-30 16:55 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-27 04:24 - 2012-07-27 04:24 - 00000922 ____A C:\Users\George\Desktop\Live Security Platinum Order.lnk
    2012-07-15 12:59 - 2012-07-15 12:59 - 22728630 ____A C:\Users\George\Desktop\sc0002.bmp
    2012-07-12 04:00 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-11 18:24 - 2011-09-03 12:39 - 00000326 ____A C:\Windows\Tasks\HPCeeScheduleForGeorge.job
    2012-07-11 14:49 - 2011-12-07 15:13 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-07-11 14:49 - 2011-12-07 15:13 - 00001971 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
    2012-07-03 09:46 - 2012-07-30 16:55 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 04:11 - 2012-07-01 04:09 - 00155136 ____A C:\Users\George\Desktop\OfficialMonthlyActivityReport06012012.xls
    2012-06-06 13:44 - 2012-06-06 13:44 - 00001069 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2012-06-06 13:44 - 2012-06-06 13:44 - 00001069 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
    2012-06-06 13:43 - 2012-06-06 13:43 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
    2012-06-06 13:43 - 2012-06-06 13:43 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
    2012-06-06 13:43 - 2012-06-06 13:43 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
    2012-06-06 13:43 - 2012-06-06 13:43 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
    2012-06-06 13:42 - 2012-06-06 13:42 - 00090624 ____A C:\Users\Public\AlexaNSISPlugin.6028.dll
    2012-06-05 10:45 - 2012-06-05 10:39 - 00152576 ____A C:\Users\George\My Documents\OfficialMonthlyActivityReport2012BlankFormCancio(1).xls
    2012-06-05 10:45 - 2012-06-05 10:39 - 00152576 ____A C:\Users\George\Documents\OfficialMonthlyActivityReport2012BlankFormCancio(1).xls
    2012-06-02 05:02 - 2012-06-02 04:55 - 00154624 ____A C:\Users\George\Desktop\OfficialMonthlyActivityReport052012.xls
    2012-06-01 16:52 - 2008-01-03 21:00 - 00013312 ____A C:\Users\George\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-01 16:52 - 2008-01-03 21:00 - 00013312 ____A C:\Users\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-01 16:52 - 2008-01-03 21:00 - 00013312 ____A C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-31 08:25 - 2012-07-31 17:21 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

    ZeroAccess:
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
    ZeroAccess:
    C:\Users\George\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Users\George\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    C:\Users\George\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
    C:\Users\George\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 5DC3C54FC22BBB6F66C290C7C0384DF9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 45%
    Total physical RAM: 958 MB
    Available physical RAM: 525.18 MB
    Total Pagefile: 725.14 MB
    Available Pagefile: 589.75 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1983.51 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:103.58 GB) (Free:61.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.2 GB) (Free:1.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (USB DISK) (Fixed) (Total:1.87 GB) (Free:0.56 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 112 GB 1528 KB
    Disk 1 Online 1912 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 104 GB 32 KB
    Partition 2 Primary 8 GB 104 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 C NTFS Partition 104 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D HP_RECOVERY NTFS Partition 8 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1912 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F USB DISK FAT Partition 1912 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-07-31 17:21
    ======================= End Of Log ==========================
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  4. carlosr217

    carlosr217 TS Rookie Topic Starter

    Worked great....thanks.
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Excellent. Need the log from that, and then run this in Normal Mode please:

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...