Inactive Windows has encountered a problem and with shut down in two minutes please save your work

justiceotuya

justiceotuya

Posts: 13   +0
I saw how broni helped someone with same problem,then I followed the method and here is my frst.txt details here. I will be greatful if you help me Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 03-08-2012 17:02:47 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.) HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] () HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS) HKLM-x32\...\Run: [] [x] :\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.) HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [125208 2008-06-05] (Yahoo! Inc.) HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2008-06-26] (Yahoo! Inc) HKLM-x32\...\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x] HKLM-x32\...\Run: [USB Security] C:\Program Files (x86)\USB
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 5-Step removal instructions and post the logs back here for my review.
 
Dmj am using a phone and so cannot copy and paste the log files on this forum because of its size. The only option is for me to upload it. I dont know if you will accept it. I am writing my project now and because of this problem I can no longer access my documents. Pls help
 
Dmj am using a phone and so cannot copy and paste the log files on this forum because of its size. The only option is for me to upload it. I dont know if you will accept it. I am writing my project now and because of this problem I can no longer access my documents. Pls help
 
Dmj am using a phone and so cannot copy and paste the log files on this forum because of its size. The only option is for me to upload it. I dont know if you will accept it. I am writing my project now and because of this problem I can no longer access my documents. Pls help
 
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 03-08-2012 17:02:47
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe [635808 2012-02-16] (Zbshareware Lab)
HKLM-x32\...\Run: [Corel Graphics Suite 1117] C:\Program Files (x86)\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=111810 serial=DR11CED-0160924-QUS [315392 2002-07-02] (Corel Corporation)
HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\Safari\PDVDServ.exe" [30208 2005-12-07] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\Safari\Language\Language.exe" [49152 2006-04-13] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [125208 2008-06-05] (Yahoo! Inc.)
HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2008-06-26] (Yahoo! Inc)
HKLM-x32\...\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM-x32\...\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe [635808 2012-02-16] (Zbshareware Lab)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1890744 2012-07-25] (Bandoo Media, inc)
HKU\USER\...\Run: [] [x]
HKU\USER\...\Run: [Facebook Update] "C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\USER\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3478936 2012-07-23] (Tonec Inc.)
HKU\USER\...\Policies\system: [DisableLockWorkstation] 0
HKU\USER\...\Policies\system: [DisableChangePassword] 0
HKU\USER\...\Winlogon: [Shell] Explorer.exe
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...wBVAEsAOABBAC0AUgBSADcARgA2AC0AMABNADkASwBBAA"&"inst=NwA2AC0AOQA0ADgAMwAwADYAMwAyADcALQBOADEARAArADEALQBTAFQAOQAwAEEAUABQACsAMQAtAFAATAArADkALQBEAEQAVAArADAA"&"prod=94"&"ver=9.0.914 [x]
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\USER\Start Menu\Programs\Startup\Bible Verse.lnk
ShortcutTarget: Bible Verse.lnk -> C:\Program Files (x86)\Bible Verse\verse.exe ()
Startup: C:\Users\USER\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 DCSHost.exe; C:\ProgramData\DatacardService\DCSHost.exe [110592 2009-04-23] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
 
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 03-08-2012 17:02:47
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe [635808 2012-02-16] (Zbshareware Lab)
HKLM-x32\...\Run: [Corel Graphics Suite 1117] C:\Program Files (x86)\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=111810 serial=DR11CED-0160924-QUS [315392 2002-07-02] (Corel Corporation)
HKLM-x32\...\Run: [RemoteControl] "C:\Program Files (x86)\Safari\PDVDServ.exe" [30208 2005-12-07] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] "C:\Program Files (x86)\Safari\Language\Language.exe" [49152 2006-04-13] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [125208 2008-06-05] (Yahoo! Inc.)
HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2008-06-26] (Yahoo! Inc)
HKLM-x32\...\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM-x32\...\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe [635808 2012-02-16] (Zbshareware Lab)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1890744 2012-07-25] (Bandoo Media, inc)
HKU\USER\...\Run: [] [x]
HKU\USER\...\Run: [Facebook Update] "C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\USER\...\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3478936 2012-07-23] (Tonec Inc.)
HKU\USER\...\Policies\system: [DisableLockWorkstation] 0
HKU\USER\...\Policies\system: [DisableChangePassword] 0
HKU\USER\...\Winlogon: [Shell] Explorer.exe
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...wBVAEsAOABBAC0AUgBSADcARgA2AC0AMABNADkASwBBAA"&"inst=NwA2AC0AOQA0ADgAMwAwADYAMwAyADcALQBOADEARAArADEALQBTAFQAOQAwAEEAUABQACsAMQAtAFAATAArADkALQBEAEQAVAArADAA"&"prod=94"&"ver=9.0.914 [x]
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\USER\Start Menu\Programs\Startup\Bible Verse.lnk
ShortcutTarget: Bible Verse.lnk -> C:\Program Files (x86)\Bible Verse\verse.exe ()
Startup: C:\Users\USER\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 DCSHost.exe; C:\ProgramData\DatacardService\DCSHost.exe [110592 2009-04-23] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
 
C:\Windows\System32\icardie.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00078848____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-07-23 05:51 - 2012-07-23 05:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-07-23 05:51 - 2012-07-23 05:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-07-23 05:51 - 2012-07-23 05:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-07-23 05:51 - 2012-07-23 05:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-07-23 05:51 - 2012-07-23 05:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-07-23 05:51 - 2012-07-23 05:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-07-23 05:51 - 2012-07-23 05:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-07-23 05:51 - 2012-07-23 05:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-07-23 05:49 - 2012-07-23 05:51 - 00003841 ____A C:\Windows\IE9_main.log
2012-07-23 04:47 - 2012-07-23 04:47 - 00000000 ____D C:\Users\USER\AppData\Local\HP Drivers Update Utility
2012-07-23 04:47 - 2012-07-23 04:47 - 00000000 ____D C:\Program Files (x86)\HP Drivers Update Utility
2012-07-23 04:02 - 2012-07-23 04:02 - 00000973 ____A C:\Users\Public\Desktop\Quick 3D Cover.lnk
2012-07-23 04:02 - 2012-07-23 04:02 - 00000000 ____D C:\Program Files (x86)\Quick 3D Cover
2012-07-23 02:27 - 2012-07-23 02:27 - 00000000 ____D C:\Users\USER\AppData\Local\Macromedia
2012-07-23 02:25 - 2012-08-02 16:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 02:25 - 2012-08-01 02:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 02:25 - 2012-08-01 02:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 02:25 - 2012-07-23 02:25 - 00000000 ____D C:\Windows\System32\Macromed
2012-07-23 02:18 - 2012-07-23 02:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-23 02:18 - 2012-07-23 02:18 - 00004728 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-23 02:18 - 2012-07-23 02:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-23 02:17 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-07-23 02:16 - 2012-07-23 02:16 - 00000000 ____D C:\Users\All Users\Mozilla
2012-07-23 02:16 - 2012-07-23 02:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-23 02:12 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-07-23 02:12 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-07-23 02:12 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-07-23 02:12 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-23 02:12 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-23 02:12 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-23 02:12 - 2012-04-23 20:47 - 01156608 ____A (Microsoft
 
p.INI
2012-08-03 04:35 - 2012-08-03 04:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5F701EB6DE2F5B3
2012-08-03 04:27 - 2012-08-03 04:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.17718B1FB599CAAA
2012-08-03 04:20 - 2012-08-03 04:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BDC9B2DFBF82F2C
2012-08-03 04:17 - 2012-08-01 02:46 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-03 04:12 - 2012-08-03 04:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E2339A123D53B54
2012-08-02 16:44 - 2012-07-23 02:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-02 16:18 - 2012-08-01 02:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-02 16:15 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-08-02 16:08 - 2012-04-17 11:04 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2342668357-1074823843-759307325-1000UA.job
2012-08-02 08:33 - 2012-08-02 08:31 - 00278976 ____A C:\Windows\Minidump\080212-158325-01.dmp
2012-08-02 08:31 - 2010-10-30 05:40 - 474795464 ____A C:\Windows\MEMORY.DMP
2012-08-01 07:08 - 2012-04-17 11:04 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2342668357-1074823843-759307325-1000Core.job
2012-08-01 03:14 - 2010-10-11 03:36 - 00133824 ____A C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-01 03:11 - 2009-07-13 20:45 - 00482992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-01 03:06 - 2012-08-01 02:49 - 00000985 ____A C:\Users\Public\Desktop\iLivid.lnk
2012-08-01 03:05 - 2012-08-01 03:05 - 00001176 ____A C:\Users\Public\Desktop\Play Games.lnk
2012-08-01 03:05 - 2012-08-01 03:05 - 00001144 ____A C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk
2012-08-01 02:56 - 2012-08-01 02:56 - 00004515 ____A C:\Users\USER\Downloads\st_7.htm
2012-08-01 02:56 - 2012-08-01 02:56 - 00004512 ____A C:\Users\USER\Downloads\st_6.htm
2012-08-01 02:56 - 2012-07-23 02:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-01 02:56 - 2012-07-23 02:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-01 02:53 - 2012-08-01 02:53 - 00004515 ____A C:\Users\USER\Downloads\st_5.htm
2012-08-01 02:53 - 2012-08-01 02:53 - 00004509 ____A C:\Users\USER\Downloads\st_4.htm
2012-08-01 02:52 - 2012-08-01 02:52 - 00004515 ____A C:\Users\USER\Downloads\st
2012-08-01 02:51 - 2012-08-01 02:51 - 00004515 ____A C:\Users\USER\Downloads\st_3.htm
2012-08-01 02:46 - 2012-08-01 02:46 - 03993600 ____A C:\Program Files (x86)\GUT824A.tmp
2012-08-01 02:46 - 2012-08-01 02:46 - 00004515 ____A C:\Users\USER\Downloads\st_2.htm
2012-08-01 02:44 - 2012-08-01 02:44 - 00004515 ____A C:\Users\USER\Downloads\st.htm
2012-08-01 02:10 - 2012-07-25 01:47 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForUSER.job
2012-08-01 00:27 - 2012-08-01 00:27 - 00002236 ____A C:\Users\Public\Desktop\Student and Home Edition.lnk
2012-07-30 13:34 - 2010-12-26 21:55 - 00050688 ____A C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-23 05:51 - 2012-07-23 05:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-07-23 05:51 - 2012-07-23 05:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-07-23 05:51 - 2012-07-23 05:51 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-23 05:51 - 2012-07-23 05:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-07-23 05:51 - 2012-07-23 05:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-07-23 05:51 - 2012-07-23 05:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-07-23 05:51 - 2012-07-23 05
 
:\Users\USER\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\@
C:\Users\USER\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\L
C:\Users\USER\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\n
C:\Users\USER\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4092.2 MB
Available physical RAM: 3370.22 MB
Total Pagefile: 4090.35 MB
Available Pagefile: 3365.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:451.89 GB) (Free:230.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.57 GB) (Free:2.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (Ajidon) (Removable) (Total:0.93 GB) (Free:0.02 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 954 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 451 GB 200 MB
Partition 3 Primary 13 GB 452 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 451 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- --------
 
I meant search.txt not services.txt Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-03 17:10:18
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart the computer, and post a new FRST log as well.
 
Here is the fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by SYSTEM at 2012-08-08 16:16:06 Run:1 Running from H:\ ============================================== Could not find C:\Windows\System32\services.exe. Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe. ==== End of Fixlog ====
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back