Jump to content

Malware Bytes Keeps finding Rootkits

Jeev

By Jeev
in Resolved Malware Removal Logs

 Share

Recommended Posts

Jeev

Jeev

Posted
Posted

I'm not sure how it happened, but today when attempting to go to websites such as facebook or google, a security error would popup saying, "The sites security certificate is signed using a weak algorithm!" I also started being redirected to ads when trying to use search engines. I attempted to clean it up with multiple AVs but none have successfully gotten rid of it. Every time I start a new search 1 or 2 rootkits or trojans are found by MWB, all originating in the location "C:\\Windows\Installer\{.......}" I would like some assistance in this matter if possible.

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/16/2011 1:30:21 AM

System Uptime: 8/21/2012 8:46:26 PM (0 hours ago)

.

Motherboard: Intel Corporation | | DH67BL

Processor: Intel® Core i5-2500 CPU @ 3.30GHz | LGA1155 | 1584/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 17.297 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 153.614 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP175: 8/21/2012 7:14:59 PM - Installed Sophos Virus Removal Tool.

.

==== Installed Programs ======================

.

.

"Mass Effect 3"

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

Amnesia: The Dark Descent

Apple Application Support

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

Audacity 1.3.14 (Unicode)

Audiosurf

Batman Arkham City

Battlefield 3?

BattlEye for OA Uninstall

Braid

Combined Community Codec Pack 2011-11-11

Counter-Strike: Global Offensive Beta

Counter-Strike: Source

Dark Messiah

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Deus Ex - Game of the Year Edition

Diablo.III.Collectors.Edition

Dota 2

Dragon Age: Origins

ESN Sonar

F.E.A.R. 3

FINAL FANTASY XIV

Fraps (remove only)

Frozen Synapse

Google Chrome

HandBrake 0.9.6

Hi-Rez Studios Authenticate and Update Service

Installer

Java Auto Updater

Java 6 Update 33

Kingdoms of Amalur Reckoning

LAME v3.98.3 for Audacity

League of Legends

Left 4 Dead 2

Legend of Grimrock

LIMBO

Lone Survivor

Magicka

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mumble 1.2.3

Music Manager

Notepad++

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenAL

Orcs Must Die 2

Origin

Pando Media Booster

PAYDAY: The Heist

PDF Settings CS5

PHANTASY STAR UNIVERSE

PHANTASY STAR UNIVERSE Ambition of the Illuminus

Portal 2

PowerISO

Psychonauts

PunkBuster Services

QuickTime

Rage

Rayman Origins

Realtek High Definition Audio Driver

Red Orchestra 2: Heroes of Stalingrad

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Six Updater

Skype Click to Call

Skype? 5.9

Smite Closed Beta

Sophos Virus Removal Tool

Spec Ops The Line

Star Wars: Knights of the Old Republic

StarCraft II

Steam

SugarSync Manager

Super Meat Boy

Super Meat Boy Editor

Superbrothers: Sword & Sworcery EP

SWAT 4

SWAT 4 - The Stetchkov Syndicate

swMSM

System Requirements Lab CYRI

Team Fortress 2

TeamSpeak 3 Client

The Last Remnant

Thief - Deadly Shadows Collective Texture Pack by John P., ver. 1.0.3

Thief: Deadly Shadows

Tribes: Ascend

Trine 2

Ubisoft Game Launcher

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Wied?min 2

Windows Media Player Firefox Plugin

Ys Origin version 1

.

==== Event Viewer Messages From Past Week ========

.

8/21/2012 8:47:20 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/21/2012 8:47:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/21/2012 8:46:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/21/2012 8:46:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/21/2012 8:46:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/21/2012 6:16:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

8/21/2012 6:15:51 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/21/2012 6:15:51 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

8/20/2012 9:48:50 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

8/19/2012 12:34:46 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/14/2012 7:14:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

8/14/2012 7:14:03 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Rajeev at 20:51:23 on 2012-08-21

Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8169.6170 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

D:\Program Files\Steam\Steam.exe

C:\Users\Rajeev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FFXIVWindower.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rajeev\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Rajeev\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "D:\Program Files\Steam\steam.exe" -silent

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Rajeev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FFXIVWindower.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{97D67676-8ADD-4E22-B1E7-74B4EF6717A5} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-10 8704]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-21 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-20 1258856]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S3 EfiVariable;Efi Variable Service;C:\Windows\SysWOW64\drivers\variable64.sys [2011-12-16 18200]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]

.

=============== Created Last 30 ================

.

2012-08-21 23:15:56 -------- d-----w- C:\ProgramData\Sophos

2012-08-21 23:15:53 73728 ----a-r- C:\Users\Rajeev\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-21 23:15:53 73728 ----a-r- C:\Users\Rajeev\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-08-21 23:15:53 73728 ----a-r- C:\Users\Rajeev\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-08-21 23:15:47 -------- d-----w- C:\Program Files (x86)\Sophos

2012-08-21 22:49:13 -------- d-----w- C:\Users\Rajeev\AppData\Roaming\Malwarebytes

2012-08-21 22:49:06 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-21 22:49:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-21 22:49:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-20 23:21:32 -------- d-----w- C:\Program Files (x86)\Final Fantasy VII

2012-08-20 21:22:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-20 21:17:41 444928 ----a-w- C:\Users\Rajeev\AppData\Roaming\cfoent.dll

2012-08-20 21:16:44 157696 ----a-w- C:\Users\Rajeev\AppData\Roaming\rnckr.dll

2012-08-19 21:35:30 -------- d-----w- C:\Users\Rajeev\AppData\Local\SugarSync

2012-08-19 21:35:24 -------- d-----w- C:\Program Files (x86)\SugarSync

2012-08-15 19:16:57 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 19:16:57 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 19:16:56 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 19:16:56 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 19:16:56 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 19:16:56 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 19:16:49 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 19:16:49 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 19:16:49 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 19:16:48 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 19:16:48 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-10 22:11:31 -------- d-----w- C:\ProgramData\Nexon

2012-08-10 22:11:29 -------- d-----w- C:\ProgramData\NexonUS

2012-08-09 00:17:38 -------- d-----w- C:\Users\Rajeev\AppData\Local\Ubisoft

2012-08-06 20:33:51 -------- d-----w- C:\Users\Rajeev\AppData\Roaming\Synthesia

2012-08-06 02:45:21 -------- d-----w- C:\Users\Rajeev\.explorer.local

2012-08-06 02:45:21 -------- d-----w- C:\Users\Rajeev\.explorer.cache

2012-08-01 04:37:25 -------- d-----w- C:\Users\Rajeev\AppData\Local\FLT

2012-08-01 04:29:03 -------- d-----w- C:\Program Files (x86)\Orcs Must Die 2

2012-07-28 02:11:22 -------- d-----w- C:\Users\Rajeev\AppData\Roaming\TS3Client

2012-07-28 02:11:09 -------- d-----w- C:\Users\Rajeev\AppData\Local\TeamSpeak 3 Client

2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-15 03:33:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 03:33:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-09 00:19:14 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-09 00:19:14 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-08 01:54:40 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-05 20:35:12 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-07-03 18:23:38 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-28 23:56:15 2667062 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-06-28 23:55:57 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-06-28 23:55:46 6193000 ----a-w- C:\Windows\System32\nvcpl.dll

2012-06-28 23:55:40 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-06-28 23:55:39 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-06-28 23:55:39 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-06-28 21:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-06-21 08:37:14 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe

2012-06-20 21:28:03 4145600 ----a-w- C:\Windows\SysWow64\GameMon.des

2012-06-17 21:19:18 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-17 21:19:18 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-06 12:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 20:52:32.38 ===============

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
Jeev

Jeev

Posted
  • Author
Posted

<p> </p>

<div>RogueKiller V7.6.6 [08/10/2012]  by Tigzy</div>

<div>mail: tigzyRK<at>gmail<dot>com</div>

<div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Blog: http://tigzyrk.blogspot.com</div>

<div> </div>

<div>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div>

<div>Started in : Normal mode</div>

<div>User: Rajeev [Admin rights]</div>

<div>Mode: Scan -- Date: 08/21/2012 21:15:50</div>

<div> </div>

<div>¤¤¤ Bad processes: 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries: 6 ¤¤¤</div>

<div>[bLACKLIST DLL] HKLM\[...]\Run : rnckr (rundll32.exe "C:\Users\Rajeev\AppData\Roaming\rnckr.dll",BrowseForFolderW) -> FOUND</div>

<div>[bLACKLIST DLL] HKLM\[...]\Run : cfoent ("C:\Windows\System32\rundll32.exe" "C:\Users\Rajeev\AppData\Roaming\cfoent.dll",access_version_number) -> FOUND</div>

<div>[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND</div>

<div>[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND</div>

<div>[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</div>

<div>[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div>[ZeroAccess][FILE] @ : c:\windows\installer\{c39d5914-4339-6a5e-f513-e34417346385}\@ --> FOUND</div>

<div>[ZeroAccess][FOLDER] U : c:\windows\installer\{c39d5914-4339-6a5e-f513-e34417346385}\U --> FOUND</div>

<div>[ZeroAccess][FOLDER] L : c:\windows\installer\{c39d5914-4339-6a5e-f513-e34417346385}\L --> FOUND</div>

<div>[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND</div>

<div>[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND</div>

<div>[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND</div>

<div>[ZeroAccess][sig found] services.exe : c:\windows\system32\services.exe --> FOUND</div>

<div> </div>

<div>¤¤¤ Driver: [NOT LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ Infection : ZeroAccess ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 ATA Device +++++</div>

<div>--- User ---</div>

<div>[MBR] cb8bd2a0f3fa925fde95a094287870ef</div>

<div>[bSP] d6bb88b9df8a4ffa2cd3058fdb573d49 : MBR Code unknown</div>

<div>Partition table:</div>

<div>0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>+++++ PhysicalDrive1: ST3250824AS ATA Device +++++</div>

<div>--- User ---</div>

<div>[MBR] 62e31131c2356941cd07a9b989220635</div>

<div>[bSP] ebb992e9b71ff4b410814e720b81a8c2 : Windows 7 MBR Code</div>

<div>Partition table:</div>

<div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo</div>

<div>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[1].txt >></div>

<div>RKreport[1].txt</div>

<div> </div>

<div> </div>

<div> </div>

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.