TechSpot

Sirefef - 60 second computer reboots

By senapc
Jun 23, 2012
  1. ....Yeah it got me too :(

    Similar to this thread:
    http://www.techspot.com/community/topics/sirefef-y-and-b-only-60sec-to-work.182106/

    I have followed the steps up until the fixlist part - below are the logs that I got from running frst64

    Any help is much appreciated.

    FRST64 log:

    Scan result of Farbar Recovery Scan Tool Version: 23-06-2012
    Ran by SYSTEM at 23-06-2012 13:21:17
    Running from F:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [NPSStartup] [x]
    HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [313768 2012-05-29] (Razer USA Ltd)
    HKLM-x32\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
    HKU\Simon\...\Run: [0i763f66bz] C:\Users\Simon\0i763f66bz.exe [40960 2012-06-23] (SmoothCandle)
    Tcpip\Parameters: [DhcpNameServer] 192.168.65.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
    ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()

    ==================== Services (Whitelisted) ======

    2 EventSystem; C:\Windows\SysWow64\es.dll [271360 2009-07-13] (Microsoft Corporation)
    2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-18] (LogMeIn, Inc.)
    2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-18] (LogMeIn, Inc.)
    2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
    3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    0 7a6ca506207a113; C:\Windows\System32\Drivers\7a6ca506207a113.sys [74184 2012-06-23] ()
    3 dsNcAdpt; C:\Windows\System32\Drivers\dsNcAdpt.sys [32768 2011-04-25] (Juniper Networks)
    2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
    3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
    2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
    3 RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [13416 2012-01-16] ()
    3 rzudd; C:\Windows\System32\Drivers\rzudd.sys [94208 2012-05-14] (Razer USA Ltd)
    2 SSPORT; C:\Windows\System32\Drivers\SSPORT.sys [11576 2011-01-23] (Samsung Electronics)
    4 LMIRfsClientNP; [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-23 11:40 - 2012-06-23 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-23 11:39 - 2012-06-23 11:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-23 11:27 - 2012-06-23 11:27 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-23 11:27 - 2012-06-23 11:27 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Malwarebytes
    2012-06-23 11:27 - 2012-06-23 11:27 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-23 11:27 - 2012-06-23 11:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-23 11:27 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-23 11:25 - 2012-06-23 11:25 - 00074184 ____A C:\Windows\System32\Drivers\7a6ca506207a113.sys
    2012-06-23 00:29 - 2012-06-23 00:29 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-23 00:25 - 2012-06-23 00:25 - 00040960 ____A (SmoothCandle) C:\Users\Simon\0i763f66bz.exe
    2012-06-18 16:53 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 16:53 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 16:53 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 16:53 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 16:53 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 16:53 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 16:53 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 16:53 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 16:53 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-11 17:02 - 2012-06-11 17:02 - 00000000 ____D C:\Users\Simon\AppData\Local\Macromedia
    2012-05-26 23:24 - 2012-05-26 23:24 - 00307936 ____A C:\Users\Simon\Downloads\BEX_VC_10598.htm
    2012-05-26 11:36 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-26 11:36 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-26 11:36 - 2012-02-27 22:56 - 02311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-26 11:36 - 2012-02-27 22:50 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-26 11:36 - 2012-02-27 22:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-26 11:36 - 2012-02-27 22:48 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-26 11:36 - 2012-02-27 22:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-26 11:36 - 2012-02-27 22:47 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-26 11:36 - 2012-02-27 22:45 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-26 11:36 - 2012-02-27 22:43 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-26 11:36 - 2012-02-27 22:43 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-26 11:36 - 2012-02-27 22:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-26 11:36 - 2012-02-27 22:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-26 11:36 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-26 11:36 - 2012-02-27 17:27 - 09705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-26 11:36 - 2012-02-27 17:18 - 01799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-26 11:36 - 2012-02-27 17:12 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-26 11:36 - 2012-02-27 17:11 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-26 11:36 - 2012-02-27 17:11 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-26 11:36 - 2012-02-27 17:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-26 11:36 - 2012-02-27 17:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-26 11:36 - 2012-02-27 17:06 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-26 11:36 - 2012-02-27 17:04 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-26 11:36 - 2012-02-27 17:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-26 11:36 - 2012-02-27 17:03 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-26 11:36 - 2012-02-27 16:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-26 11:30 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-05-26 11:30 - 2012-02-29 22:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-05-26 11:30 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-05-26 11:30 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-05-26 11:30 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-05-26 11:30 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2012-05-26 11:30 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2012-05-26 11:23 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-26 11:23 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-26 11:23 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-26 11:23 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-26 11:23 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-05-26 11:23 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-05-26 11:23 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-05-26 11:23 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-05-26 11:23 - 2012-02-16 22:38 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-05-26 11:23 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
    2012-05-26 11:23 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
    2012-05-26 11:23 - 2012-02-16 20:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-05-26 11:23 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
    2012-05-26 11:23 - 2012-01-24 22:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-05-26 11:23 - 2012-01-24 22:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-05-26 11:23 - 2012-01-24 22:33 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-05-26 11:23 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-05-26 11:23 - 2012-01-04 02:44 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
    2012-05-26 11:23 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-05-26 11:23 - 2012-01-04 00:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2012-05-26 11:23 - 2011-12-29 22:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
    2012-05-26 11:23 - 2011-12-29 21:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2012-05-26 11:23 - 2011-12-27 19:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
    2012-05-26 11:23 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2012-05-26 11:23 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2012-05-26 11:23 - 2011-03-24 19:29 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
    2012-05-26 11:23 - 2011-03-24 19:29 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
    2012-05-26 11:23 - 2011-03-24 19:29 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
    2012-05-26 11:23 - 2011-03-24 19:29 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
    2012-05-26 11:23 - 2011-03-24 19:29 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
    2012-05-26 11:23 - 2011-03-24 19:29 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
    2012-05-26 11:23 - 2011-03-24 19:28 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
    2012-05-26 11:23 - 2011-03-10 22:41 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-05-26 11:23 - 2011-03-10 22:41 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
    2012-05-26 11:23 - 2011-03-10 22:41 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
    2012-05-26 11:23 - 2011-03-10 22:41 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
    2012-05-26 11:23 - 2011-03-10 22:41 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
    2012-05-26 11:23 - 2011-03-10 22:41 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
    2012-05-26 11:23 - 2011-03-10 22:41 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
    2012-05-26 11:23 - 2011-03-10 22:33 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
    2012-05-26 11:23 - 2011-03-10 22:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
    2012-05-26 11:23 - 2011-03-10 21:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2012-05-26 11:23 - 2011-03-10 21:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
    2012-05-26 11:23 - 2011-03-10 20:37 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS


    ============ 3 Months Modified Files and Folders =============

    2012-06-23 12:18 - 2012-02-19 15:04 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-23 12:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-23 12:18 - 2009-07-13 20:51 - 00041124 ____A C:\Windows\setupact.log
    2012-06-23 11:47 - 2012-02-11 19:43 - 01339046 ____A C:\Windows\WindowsUpdate.log
    2012-06-23 11:44 - 2009-07-13 21:13 - 00786274 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-23 11:44 - 2009-07-13 20:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-23 11:44 - 2009-07-13 20:45 - 00021840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-23 11:40 - 2012-06-23 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-23 11:40 - 2012-06-23 11:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-23 11:40 - 2012-02-11 20:33 - 00799932 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-23 11:40 - 2012-02-11 20:33 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-23 11:39 - 2012-04-14 23:08 - 00000000 ____D C:\Users\All Users\WebEx
    2012-06-23 11:37 - 2010-11-20 19:47 - 00011594 ____A C:\Windows\PFRO.log
    2012-06-23 11:32 - 2012-02-11 20:03 - 00000000 ____D C:\Users\Simon\Tracing
    2012-06-23 11:27 - 2012-06-23 11:27 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-23 11:27 - 2012-06-23 11:27 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Malwarebytes
    2012-06-23 11:27 - 2012-06-23 11:27 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-23 11:27 - 2012-06-23 11:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-23 11:25 - 2012-06-23 11:25 - 00074184 ____A C:\Windows\System32\Drivers\7a6ca506207a113.sys
    2012-06-23 00:51 - 2012-03-03 23:11 - 00000000 ____D C:\Users\All Users\LogMeIn
    2012-06-23 00:29 - 2012-06-23 00:29 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-23 00:25 - 2012-06-23 00:25 - 00040960 ____A (SmoothCandle) C:\Users\Simon\0i763f66bz.exe
    2012-06-23 00:25 - 2012-02-11 19:43 - 00000000 ____D C:\users\Simon
    2012-06-23 00:24 - 2012-02-13 19:54 - 00001988 ___AH C:\Users\Simon\Documents\Default.rdp
    2012-06-19 19:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-06-16 11:04 - 2012-04-24 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-15 22:59 - 2012-02-11 20:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-15 19:03 - 2012-02-11 20:14 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-06-11 23:00 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2012-06-11 17:02 - 2012-06-11 17:02 - 00000000 ____D C:\Users\Simon\AppData\Local\Macromedia
    2012-06-11 17:02 - 2012-04-02 16:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-11 17:02 - 2012-02-11 20:37 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-10 20:32 - 2012-04-26 19:23 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
    2012-06-09 16:46 - 2012-02-11 19:51 - 00000000 ____D C:\Program Files (x86)\EVGA Precision
    2012-06-08 22:02 - 2012-02-11 19:55 - 00082056 ____A C:\Windows\DPINST.LOG
    2012-06-07 18:08 - 2012-04-26 19:30 - 00001423 ____A C:\Users\Simon\Desktop\Guild Wars 2.lnk
    2012-06-06 23:18 - 2012-05-17 23:08 - 00000000 ____D C:\Users\Simon\AppData\Local\CutePDF Writer
    2012-06-03 23:49 - 2012-02-20 20:13 - 00007653 ____A C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
    2012-06-02 14:19 - 2012-06-18 16:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 16:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 16:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-18 16:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 16:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 16:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 16:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 16:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-18 16:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-27 10:40 - 2009-07-13 20:45 - 00431280 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-27 10:39 - 2012-02-11 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-26 23:24 - 2012-05-26 23:24 - 00307936 ____A C:\Users\Simon\Downloads\BEX_VC_10598.htm
    2012-05-26 11:42 - 2012-02-11 22:58 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-26 11:38 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-05-26 11:28 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-24 17:03 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-23 20:18 - 2012-05-23 20:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
    2012-05-23 20:18 - 2012-05-23 19:42 - 00000000 ____D C:\Program Files (x86)\Razer
    2012-05-23 20:18 - 2012-02-11 19:52 - 00109664 ____A C:\Users\Simon\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-23 19:42 - 2012-05-23 19:42 - 00000000 ____D C:\Users\Simon\AppData\Local\Razer
    2012-05-23 19:42 - 2012-05-23 19:42 - 00000000 ____D C:\Users\All Users\Razer
    2012-05-20 22:43 - 2012-05-20 22:36 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Samsung
    2012-05-20 22:38 - 2012-05-20 22:38 - 00000000 ____D C:\Users\Simon\Documents\NPS
    2012-05-20 22:38 - 2012-05-20 22:38 - 00000000 ____D C:\Users\Simon\Documents\My Art
    2012-05-20 22:36 - 2012-05-20 22:36 - 00000000 ____D C:\Users\Simon\Documents\Samsung
    2012-05-20 22:36 - 2012-05-20 22:36 - 00000000 ____D C:\Users\Simon\Documents\My NPS Files
    2012-05-20 22:36 - 2012-05-20 22:36 - 00000000 ____D C:\Program Files (x86)\Samsung
    2012-05-20 22:36 - 2012-02-11 19:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-05-20 22:29 - 2012-05-20 22:29 - 00000000 ____D C:\Users\All Users\Samsung
    2012-05-20 22:29 - 2012-05-20 22:29 - 00000000 ____D C:\Program Files\SAMSUNG
    2012-05-17 23:07 - 2012-05-17 23:07 - 00000000 ____D C:\Program Files (x86)\GPLGS
    2012-05-17 23:07 - 2012-05-17 23:07 - 00000000 ____D C:\Program Files (x86)\Acro Software
    2012-05-14 18:50 - 2012-05-14 18:50 - 00094208 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzudd.sys
    2012-05-14 18:36 - 2012-05-14 18:36 - 00354816 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzdevicedll.dll
    2012-05-14 18:36 - 2012-05-14 18:36 - 00165888 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzaudiodll.dll
    2012-05-14 18:36 - 2012-05-14 18:36 - 00142848 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rztouchdll.dll
    2012-04-29 10:12 - 2012-04-29 10:12 - 00000000 ____D C:\Users\Simon\AppData\Roaming\NVIDIA
    2012-04-28 19:48 - 2012-04-26 19:31 - 00000000 ____D C:\Users\Simon\Documents\Guild Wars 2
    2012-04-26 19:32 - 2012-04-26 19:32 - 00000000 ____D C:\Users\Simon\AppData\Local\Chromium
    2012-04-25 16:57 - 2012-02-11 23:20 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
    2012-04-24 22:12 - 2012-04-24 22:12 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-04-23 22:46 - 2012-03-13 20:54 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SystemRequirementsLab
    2012-04-23 22:46 - 2012-03-13 20:54 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
    2012-04-14 23:08 - 2012-04-14 23:08 - 00217400 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
    2012-04-14 23:08 - 2012-04-14 23:08 - 00134456 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    2012-04-14 17:57 - 2012-04-14 17:57 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-14 17:57 - 2012-04-14 17:57 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-14 17:57 - 2012-04-14 17:57 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-14 17:57 - 2012-04-14 17:57 - 00000000 ____D C:\Program Files (x86)\Java
    2012-04-14 17:57 - 2012-02-13 19:52 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-04 14:56 - 2012-06-23 11:27 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-03 18:06 - 2012-04-03 18:06 - 00000000 ___HD C:\Users\All Users\CanonIJScan
    2012-04-03 18:06 - 2012-04-03 18:06 - 00000000 ___HD C:\Users\All Users\CanonBJ
    2012-04-03 18:06 - 2012-04-03 18:06 - 00000000 ____A C:\Users\Simon\Sti_Trace.log
    2012-04-03 18:06 - 2012-04-03 18:05 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Canon
    2012-04-03 18:05 - 2012-04-03 18:05 - 00002095 ____A C:\Users\Simon\Desktop\MP Navigator EX 2.0.lnk
    2012-04-03 18:05 - 2012-04-03 18:05 - 00000000 ____D C:\Program Files (x86)\Canon
    2012-04-03 18:05 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
    2012-03-30 22:05 - 2012-05-26 11:23 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-30 20:39 - 2012-05-26 11:23 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-03-30 20:39 - 2012-05-26 11:23 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-03-30 19:10 - 2012-05-26 11:23 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-03-30 03:35 - 2012-05-26 11:23 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-27 11:25 - 2012-02-11 20:13 - 00000000 ____D C:\Users\Simon\Desktop\Shortcuts


    ZeroAccess:
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\@
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\L
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\n
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\U
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\U\00000001.@
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\U\80000000.@
    C:\Windows\Installer\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\U\800000cb.@

    ZeroAccess:
    C:\Users\Simon\AppData\Local\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}
    C:\Users\Simon\AppData\Local\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\@
    C:\Users\Simon\AppData\Local\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\L
    C:\Users\Simon\AppData\Local\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\n
    C:\Users\Simon\AppData\Local\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\U
    C:\Users\Simon\AppData\Local\{fa1f52c3-22ce-01b0-a726-61a8e287afcd}\U\800000cb.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 6%
    Total physical RAM: 16360.86 MB
    Available physical RAM: 15245.08 MB
    Total Pagefile: 16359.06 MB
    Available Pagefile: 15240.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:149.05 GB) (Free:45.72 GB) NTFS
    2 Drive d: (Caviar Green) (Fixed) (Total:931.51 GB) (Free:495.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: () (Removable) (Total:3.72 GB) (Free:2.34 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 3822 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 149 GB 1024 KB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 149 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Caviar Gree NTFS Partition 931 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3821 MB 64 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 3821 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-19 19:46

    ======================= End Of Log ==========================

    FRST - services.exe:
    Farbar Recovery Scan Tool Version: 23-06-2012
    Ran by SYSTEM at 2012-06-23 13:30:04
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======

    Thanks for the assistance in advance!
     
  2. senapc

    senapc TS Rookie Topic Starter

    started in repair mode, removed all the files after a long google search.

    topic can be marked as solved.

    thanks!

    [lines removed by Broni]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...