Jump to content

White Screen of Death on Desktop (after logging into windows Vista


Recommended Posts

Hello. My computer is showing only only a white screen after I log in to windows Vista - 32 bits. I can't see anything but a cursor, and task manager is not opening up.

I found a link where someone had helped another person solve the problem using FRST 

 

Could you help me?

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-07-2017
Ran by SYSTEM on MINWINPC (27-07-2017 11:14:01)
Running from E:\
Platform: Windows Vista ™ Business Service Pack 2 (X86) Language: Español (España, internacional)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [68592 2009-06-10] (Google Inc.)
HKLM\...\Run: [Nitro PDF Printer Monitor] => C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe [209216 2009-03-04] ()
HKLM\...\Run: [UltraMon] => C:\Program Files\UltraMon\UltraMon.exe [304640 2006-10-12] (Realtime Soft)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2534936 2014-03-12] (Sony Corporation)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
Startup: C:\Users\juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Better call Saul - 1x01.lnk [2015-04-17]
ShortcutTarget: Better call Saul - 1x01.lnk -> C:\ProgramData\{51511e84-f70d-086a-5151-11e84f707a13}\Better call Saul - 1x01.exe (No File)
Startup: C:\Users\juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\serposcope-manager.lnk [2016-01-23]
ShortcutTarget: serposcope-manager.lnk -> C:\Program Files\serposcope\bin\serposcopew.exe (Apache Software Foundation)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
S2 NMSAccess32; C:\Windows\system32\NMSAccess32.exe [71096 2009-01-12] ()
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-15] (NVIDIA Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-03-12] (Sony Corporation)
S2 serposcope; C:\Program Files\serposcope\bin\serposcope-service.exe [87880 2016-01-07] (Apache Software Foundation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [693760 2011-06-01] (Realtek Semiconductor Corporation                           )
S3 SMC2862W; C:\Windows\System32\DRIVERS\2862WICB.sys [349856 2005-06-28] (SMC Networks, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-27 11:13 - 2017-07-27 11:13 - 00000000 ____D C:\FRST
2017-07-26 08:05 - 2017-07-26 08:05 - 00159864 _____ C:\Windows\Minidump\Mini072617-01.dmp
2017-07-26 07:30 - 2017-07-26 07:30 - 02050670 _____ C:\Users\juan\Downloads\invoice2017-07-26_08-30-24.pdf
2017-07-25 12:14 - 2017-07-25 12:14 - 01547501 _____ C:\Users\juan\Downloads\invoice2017-07-25_13-14-23.pdf
2017-07-25 11:21 - 2017-07-25 11:21 - 02002014 _____ C:\Users\juan\Downloads\invoice2017-07-25_12-21-51.pdf
2017-07-25 08:17 - 2017-07-25 08:17 - 02001836 _____ C:\Users\juan\Downloads\invoice2017-07-25_09-17-41.pdf
2017-07-25 07:32 - 2017-07-25 07:32 - 02074731 _____ C:\Users\juan\Downloads\invoice2017-07-25_08-32-42.pdf
2017-07-24 11:14 - 2017-07-24 11:14 - 02001632 _____ C:\Users\juan\Downloads\invoice2017-07-24_12-14-27.pdf
2017-07-24 09:01 - 2017-07-24 09:01 - 02171150 _____ C:\Users\juan\Downloads\invoice2017-07-24_10-01-57.pdf
2017-07-24 08:14 - 2017-07-24 08:14 - 02090119 _____ C:\Users\juan\Downloads\invoice2017-07-24_09-14-13.pdf
2017-07-24 07:49 - 2017-07-24 07:49 - 02034004 _____ C:\Users\juan\Downloads\invoice2017-07-24_08-49-42.pdf
2017-07-21 11:44 - 2017-07-21 11:44 - 02001847 _____ C:\Users\juan\Downloads\invoice2017-07-21_12-44-17.pdf
2017-07-21 07:35 - 2017-07-21 07:35 - 02089822 _____ C:\Users\juan\Downloads\invoice2017-07-21_08-35-03.pdf
2017-07-20 15:29 - 2017-07-20 15:30 - 00040008 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-20 at 15.40.57.jpeg
2017-07-20 14:10 - 2017-07-20 14:10 - 02001753 _____ C:\Users\juan\Downloads\invoice2017-07-20_15-10-08.pdf
2017-07-20 07:24 - 2017-07-20 07:24 - 02076129 _____ C:\Users\juan\Downloads\invoice2017-07-20_08-24-27.pdf
2017-07-19 09:46 - 2017-07-19 09:46 - 02002779 _____ C:\Users\juan\Downloads\invoice2017-07-19_10-46-35.pdf
2017-07-19 09:33 - 2017-07-19 09:33 - 01546538 _____ C:\Users\juan\Downloads\invoice2017-07-19_10-33-02.pdf
2017-07-19 08:39 - 2017-07-19 08:40 - 02001632 _____ C:\Users\juan\Downloads\invoice2017-07-19_09-39-57.pdf
2017-07-19 07:53 - 2017-07-19 07:53 - 02091164 _____ C:\Users\juan\Downloads\invoice2017-07-19_08-53-51.pdf
2017-07-19 07:45 - 2017-07-19 07:45 - 01553424 _____ C:\Users\juan\Downloads\invoice2017-07-19_08-45-39.pdf
2017-07-18 13:45 - 2017-07-18 13:45 - 00000000 ____D C:\Users\juan\AppData\Roaming\seo.spider.ui.SEOSpiderUI
2017-07-18 13:42 - 2017-07-18 13:43 - 182368448 _____ (Screaming Frog Ltd) C:\Users\juan\Downloads\ScreamingFrogSEOSpider-8.0.exe
2017-07-18 09:48 - 2017-07-18 09:48 - 01547516 _____ C:\Users\juan\Downloads\invoice2017-07-18_10-48-31.pdf
2017-07-18 07:36 - 2017-07-18 07:36 - 02158867 _____ C:\Users\juan\Downloads\invoice2017-07-18_08-36-52.pdf
2017-07-17 12:11 - 2017-07-17 12:11 - 02001766 _____ C:\Users\juan\Downloads\invoice2017-07-17_13-11-21.pdf
2017-07-17 10:17 - 2017-07-17 10:17 - 02108882 _____ C:\Users\juan\Downloads\invoice2017-07-17_11-17-01.pdf
2017-07-17 09:14 - 2017-07-17 09:14 - 02083618 _____ C:\Users\juan\Downloads\invoice2017-07-17_10-14-48.pdf
2017-07-17 08:41 - 2017-07-17 08:41 - 02083466 _____ C:\Users\juan\Downloads\invoice2017-07-17_09-41-16.pdf
2017-07-14 15:08 - 2017-07-14 15:08 - 01546619 _____ C:\Users\juan\Downloads\invoice2017-07-14_16-08-13.pdf
2017-07-14 11:13 - 2017-07-14 11:13 - 49375498 _____ C:\Users\juan\Downloads\arka fix G123.zip
2017-07-14 08:29 - 2017-07-14 08:29 - 00013192 _____ C:\Users\juan\Downloads\ES364R77F6917AB (5) (1).pdf
2017-07-14 08:23 - 2017-07-14 08:23 - 02009829 _____ C:\Users\juan\Downloads\invoice2017-07-14_09-23-19.pdf
2017-07-14 07:44 - 2017-07-14 07:44 - 02082410 _____ C:\Users\juan\Downloads\invoice2017-07-14_08-44-25.pdf
2017-07-14 07:28 - 2017-07-14 07:28 - 01547395 _____ C:\Users\juan\Downloads\invoice2017-07-14_08-28-39.pdf
2017-07-13 13:50 - 2017-07-13 13:50 - 02002272 _____ C:\Users\juan\Downloads\invoice2017-07-13_14-50-26.pdf
2017-07-13 13:50 - 2017-07-13 13:50 - 02001636 _____ C:\Users\juan\Downloads\invoice2017-07-13_14-50-41.pdf
2017-07-13 07:25 - 2017-07-13 07:25 - 02138361 _____ C:\Users\juan\Downloads\invoice2017-07-13_08-25-21.pdf
2017-07-12 14:49 - 2017-07-12 14:49 - 01546584 _____ C:\Users\juan\Downloads\invoice2017-07-12_15-49-31.pdf
2017-07-12 11:42 - 2017-07-12 11:42 - 00000000 ____D C:\Users\juan\Desktop\Oxsi
2017-07-12 11:36 - 2017-07-12 11:36 - 01546623 _____ C:\Users\juan\Downloads\invoice2017-07-12_12-36-10.pdf
2017-07-12 08:46 - 2017-07-12 08:46 - 02009579 _____ C:\Users\juan\Downloads\invoice2017-07-12_09-46-34.pdf
2017-07-12 07:45 - 2017-07-12 07:45 - 02164557 _____ C:\Users\juan\Downloads\invoice2017-07-12_08-45-49.pdf
2017-07-11 14:52 - 2017-07-11 14:52 - 02001676 _____ C:\Users\juan\Downloads\invoice2017-07-11_15-52-12.pdf
2017-07-11 12:25 - 2017-07-11 12:25 - 01546680 _____ C:\Users\juan\Downloads\invoice2017-07-11_13-25-27.pdf
2017-07-11 11:26 - 2017-07-11 11:26 - 02001800 _____ C:\Users\juan\Downloads\invoice2017-07-11_12-26-23.pdf
2017-07-11 10:13 - 2017-07-11 10:13 - 00062131 _____ C:\Users\juan\Downloads\ES2017CMCF0000108421.pdf
2017-07-11 10:13 - 2017-07-11 10:13 - 00013192 _____ C:\Users\juan\Downloads\ES364R77F6917AB (5).pdf
2017-07-11 10:12 - 2017-07-11 10:12 - 00013192 _____ C:\Users\juan\Downloads\ES364R77F6917AB (4).pdf
2017-07-11 10:11 - 2017-07-11 10:11 - 00013192 _____ C:\Users\juan\Downloads\ES364R77F6917AB (3).pdf
2017-07-11 10:11 - 2017-07-11 10:11 - 00013192 _____ C:\Users\juan\Downloads\ES364R77F6917AB (2).pdf
2017-07-11 10:10 - 2017-07-11 10:10 - 00013192 _____ C:\Users\juan\Downloads\ES364R77F6917AB.pdf
2017-07-11 10:10 - 2017-07-11 10:10 - 00013192 _____ C:\Users\juan\Downloads\ES364R77F6917AB (1).pdf
2017-07-11 08:13 - 2017-07-11 08:13 - 02187885 _____ C:\Users\juan\Downloads\invoice2017-07-11_09-13-03.pdf
2017-07-10 15:12 - 2017-07-10 15:12 - 00571555 _____ C:\Users\juan\Downloads\BabyBrandsDirect-BBD-S192-20170710-151209.zip
2017-07-10 14:12 - 2017-07-10 14:12 - 02001736 _____ C:\Users\juan\Downloads\invoice2017-07-10_15-12-48.pdf
2017-07-10 13:57 - 2017-07-10 13:57 - 00398737 _____ C:\Users\juan\Downloads\TA5LY1771533_factura.pdf
2017-07-10 13:57 - 2017-07-10 13:57 - 00362661 _____ C:\Users\juan\Downloads\TA5LX1918436_factura (1).pdf
2017-07-10 13:57 - 2017-07-10 13:57 - 00282227 _____ C:\Users\juan\Downloads\TA5LX1817142_factura (1).pdf
2017-07-10 13:57 - 2017-07-10 13:57 - 00254970 _____ C:\Users\juan\Downloads\TA5LY1890268_factura.pdf
2017-07-10 13:56 - 2017-07-10 13:56 - 00362667 _____ C:\Users\juan\Downloads\TA5LX1918436_factura.pdf
2017-07-10 13:56 - 2017-07-10 13:56 - 00282227 _____ C:\Users\juan\Downloads\TA5LX1817142_factura.pdf
2017-07-10 13:55 - 2017-07-10 13:55 - 00936979 _____ C:\Users\juan\Downloads\TA5LW1838858_factura.pdf
2017-07-10 13:55 - 2017-07-10 13:55 - 00844956 _____ C:\Users\juan\Downloads\TA5LW1961474_factura.pdf
2017-07-10 12:48 - 2017-07-10 12:48 - 01546671 _____ C:\Users\juan\Downloads\invoice2017-07-10_13-48-28.pdf
2017-07-10 12:12 - 2017-07-10 12:12 - 01546638 _____ C:\Users\juan\Downloads\invoice2017-07-10_13-12-31.pdf
2017-07-10 11:19 - 2017-07-10 11:19 - 01547643 _____ C:\Users\juan\Downloads\invoice2017-07-10_12-19-26.pdf
2017-07-10 10:29 - 2017-07-10 10:29 - 01554825 _____ C:\Users\juan\Downloads\invoice2017-07-10_11-29-14.pdf
2017-07-10 08:36 - 2017-07-10 08:36 - 02082412 _____ C:\Users\juan\Downloads\invoice2017-07-10_09-36-45.pdf
2017-07-10 07:38 - 2017-07-10 07:38 - 02069617 _____ C:\Users\juan\Downloads\invoice2017-07-10_08-38-57.pdf
2017-07-10 07:36 - 2017-07-10 07:36 - 01545935 _____ C:\Users\juan\Downloads\invoice2017-07-10_08-36-01.pdf
2017-07-08 09:09 - 2017-07-08 09:09 - 00180061 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-08 at 10.08.52.jpeg
2017-07-08 09:09 - 2017-07-08 09:09 - 00115856 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-04 at 10.56.28.jpeg
2017-07-08 08:38 - 2017-07-08 08:38 - 01586945 _____ C:\Users\juan\Downloads\invoice2017-07-08_09-38-24.pdf
2017-07-07 15:12 - 2017-07-07 15:12 - 02002101 _____ C:\Users\juan\Downloads\invoice2017-07-07_16-12-34.pdf
2017-07-07 14:00 - 2017-07-07 14:00 - 02033901 _____ C:\Users\juan\Downloads\invoice2017-07-07_15-00-52.pdf
2017-07-07 10:40 - 2017-07-07 10:40 - 00056418 _____ C:\Users\juan\Downloads\821768858930-31.pdf
2017-07-07 10:40 - 2017-07-07 10:40 - 00056407 _____ C:\Users\juan\Downloads\821768858930-32.pdf
2017-07-07 10:40 - 2017-07-07 10:40 - 00056365 _____ C:\Users\juan\Downloads\821768858930-30 (1).pdf
2017-07-07 10:39 - 2017-07-07 10:39 - 00056365 _____ C:\Users\juan\Downloads\821768858930-30.pdf
2017-07-07 10:04 - 2017-07-07 10:04 - 02001823 _____ C:\Users\juan\Downloads\invoice2017-07-07_11-04-48.pdf
2017-07-07 09:28 - 2017-07-07 09:28 - 01546019 _____ C:\Users\juan\Downloads\invoice2017-07-07_10-28-48.pdf
2017-07-07 09:07 - 2017-07-07 09:07 - 00108815 _____ C:\Users\juan\Downloads\ES363B50T8617AB (2).pdf
2017-07-07 09:07 - 2017-07-07 09:07 - 00108815 _____ C:\Users\juan\Downloads\ES363B50T8617AB (1).pdf
2017-07-07 09:07 - 2017-07-07 09:07 - 00042537 _____ C:\Users\juan\Downloads\ES363B50T8617AB.pdf
2017-07-07 07:58 - 2017-07-07 07:58 - 02137783 _____ C:\Users\juan\Downloads\invoice2017-07-07_08-58-38.pdf
2017-07-06 15:10 - 2017-07-06 15:10 - 02001836 _____ C:\Users\juan\Downloads\invoice2017-07-06_16-10-06.pdf
2017-07-06 14:46 - 2017-07-06 14:46 - 00123277 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-06 at 15.44.59 (1).jpeg
2017-07-06 14:45 - 2017-07-06 14:45 - 00157740 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-06 at 15.44.58.jpeg
2017-07-06 14:45 - 2017-07-06 14:45 - 00135244 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-06 at 15.44.59.jpeg
2017-07-06 07:30 - 2017-07-06 07:30 - 02079455 _____ C:\Users\juan\Downloads\invoice2017-07-06_08-30-36.pdf
2017-07-05 14:59 - 2017-07-05 14:59 - 00141909 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.15 (3).jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00312548 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.13 (1).jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00238281 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.14.jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00186844 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.14 (1).jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00182798 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.15 (1).jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00166142 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.15.jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00141909 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.15 (2).jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00141909 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.13.jpeg
2017-07-05 14:58 - 2017-07-05 14:58 - 00130394 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-05 at 15.58.14 (2).jpeg
2017-07-05 14:33 - 2017-07-05 14:33 - 02009690 _____ C:\Users\juan\Downloads\invoice2017-07-05_15-33-23.pdf
2017-07-05 10:19 - 2017-07-05 10:19 - 00053503 _____ C:\Users\juan\Downloads\JUSTIFICANTE TRANSFERENCIA BANCARIA.pdf
2017-07-05 09:49 - 2017-07-05 09:49 - 02001618 _____ C:\Users\juan\Downloads\invoice2017-07-05_10-49-26.pdf
2017-07-05 09:13 - 2017-07-05 09:13 - 02002836 _____ C:\Users\juan\Downloads\invoice2017-07-05_10-13-41.pdf
2017-07-05 08:54 - 2017-07-05 08:54 - 02001708 _____ C:\Users\juan\Downloads\invoice2017-07-05_09-54-42.pdf
2017-07-05 08:13 - 2017-07-05 08:13 - 02146654 _____ C:\Users\juan\Downloads\invoice2017-07-05_09-13-01.pdf
2017-07-04 10:17 - 2017-07-04 10:18 - 01546580 _____ C:\Users\juan\Downloads\invoice2017-07-04_11-17-57.pdf
2017-07-04 09:55 - 2017-07-04 09:55 - 00239099 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-04 at 10.29.02.jpeg
2017-07-04 09:55 - 2017-07-04 09:55 - 00115856 _____ C:\Users\juan\Downloads\WhatsApp Image 2017-07-04 at 10.29.04.jpeg
2017-07-04 09:17 - 2017-07-04 09:17 - 01546662 _____ C:\Users\juan\Downloads\invoice2017-07-04_10-17-02.pdf
2017-07-04 07:18 - 2017-07-04 07:18 - 02122340 _____ C:\Users\juan\Downloads\invoice2017-07-04_08-18-44.pdf
2017-07-03 15:11 - 2017-07-03 15:11 - 01546611 _____ C:\Users\juan\Downloads\invoice2017-07-03_16-11-03.pdf
2017-07-03 14:39 - 2017-07-03 14:39 - 02010018 _____ C:\Users\juan\Downloads\invoice2017-07-03_15-39-05.pdf
2017-07-03 12:25 - 2017-07-03 12:25 - 02002207 _____ C:\Users\juan\Downloads\invoice2017-07-03_13-25-49.pdf
2017-07-03 11:07 - 2017-07-03 11:07 - 02017801 _____ C:\Users\juan\Downloads\invoice2017-07-03_12-07-36.pdf
2017-07-03 09:23 - 2017-07-03 09:23 - 02134376 _____ C:\Users\juan\Downloads\invoice2017-07-03_10-23-23.pdf
2017-07-03 08:22 - 2017-07-03 08:22 - 02135043 _____ C:\Users\juan\Downloads\invoice2017-07-03_09-22-02.pdf
2017-07-01 10:07 - 2017-07-01 10:07 - 02108597 _____ C:\Users\juan\Downloads\invoice2017-07-01_11-07-47.pdf
2017-06-30 10:37 - 2017-06-30 10:37 - 02002005 _____ C:\Users\juan\Downloads\invoice2017-06-30_11-37-01.pdf
2017-06-30 10:11 - 2017-06-30 10:11 - 02001940 _____ C:\Users\juan\Downloads\invoice2017-06-30_11-11-35.pdf
2017-06-30 09:44 - 2017-06-30 09:44 - 02001850 _____ C:\Users\juan\Downloads\invoice2017-06-30_10-44-44.pdf
2017-06-30 09:28 - 2017-06-30 09:28 - 02001832 _____ C:\Users\juan\Downloads\invoice2017-06-30_10-28-19.pdf
2017-06-30 09:06 - 2017-06-30 09:06 - 01546513 _____ C:\Users\juan\Downloads\invoice2017-06-30_10-06-43.pdf
2017-06-30 09:02 - 2017-06-30 09:02 - 02002644 _____ C:\Users\juan\Downloads\invoice2017-06-30_10-02-44.pdf
2017-06-29 13:42 - 2017-06-29 13:42 - 00032870 _____ C:\Users\juan\Downloads\BabyBrandsDirect-BBD-S192-Invoice-51976.pdf
2017-06-29 10:45 - 2017-06-29 10:45 - 02001777 _____ C:\Users\juan\Downloads\invoice2017-06-29_11-45-43.pdf
2017-06-29 07:39 - 2017-06-29 07:39 - 02067102 _____ C:\Users\juan\Downloads\invoice2017-06-29_08-39-38.pdf
2017-06-28 11:57 - 2017-06-28 11:57 - 01546593 _____ C:\Users\juan\Downloads\invoice2017-06-28_12-57-05.pdf
2017-06-28 07:24 - 2017-06-28 07:24 - 02082263 _____ C:\Users\juan\Downloads\invoice2017-06-28_08-24-33.pdf
2017-06-27 12:06 - 2017-06-27 12:06 - 00013481 _____ C:\Users\juan\Documents\RE Paquete en estado lamentable y como realizo un cambio.htm
2017-06-27 10:34 - 2017-06-27 10:34 - 02002673 _____ C:\Users\juan\Downloads\invoice2017-06-27_11-34-32.pdf
2017-06-27 10:04 - 2017-06-27 10:04 - 02003683 _____ C:\Users\juan\Downloads\invoice2017-06-27_11-04-09.pdf
2017-06-27 07:45 - 2017-06-27 07:45 - 02140382 _____ C:\Users\juan\Downloads\invoice2017-06-27_08-45-28.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-27 07:36 - 2016-01-23 08:57 - 00000000 ____D C:\ProgramData\serposcope
2017-07-26 17:08 - 2012-11-15 10:47 - 06573150 _____ C:\Windows\ntbtlog.txt
2017-07-26 08:31 - 2006-11-02 13:47 - 00004336 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-26 08:31 - 2006-11-02 13:47 - 00004336 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-26 08:24 - 2009-03-25 12:06 - 00000000 ____D C:\Users\juan\AppData\Roaming\Skype
2017-07-26 08:13 - 2011-05-18 10:03 - 03969024 _____ C:\Users\juan\Documents\VentasShopMami.xls
2017-07-26 08:11 - 2009-03-25 10:57 - 00002627 _____ C:\Users\juan\Desktop\Microsoft Office Excel 2003.lnk
2017-07-26 08:05 - 2009-09-17 06:06 - 00000000 ____D C:\Windows\Minidump
2017-07-26 08:04 - 2014-04-27 18:49 - 316767493 _____ C:\Windows\MEMORY.DMP
2017-07-26 07:40 - 2009-03-25 10:57 - 00002649 _____ C:\Users\juan\Desktop\Microsoft Office Word 2003.lnk
2017-07-24 15:33 - 2013-10-05 08:10 - 00000000 ___HD C:\Users\juan\.ScreamingFrogSEOSpider
2017-07-24 15:31 - 2017-06-21 07:50 - 00025278 _____ C:\Users\juan\crawl.seospider
2017-07-24 15:22 - 2017-06-19 11:05 - 28279593 _____ C:\Users\juan\shopmami.seospider
2017-07-20 08:28 - 2015-01-21 10:57 - 00019456 _____ C:\Users\juan\Documents\TAL.xls
2017-07-19 07:19 - 2014-03-28 08:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-07-18 14:07 - 2017-05-13 12:20 - 00000000 ____D C:\Users\juan\AppData\LocalLow\Mozilla
2017-07-18 13:53 - 2017-05-13 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-18 13:44 - 2015-12-17 18:37 - 00000000 ____D C:\Program Files\Screaming Frog SEO Spider
2017-07-17 11:54 - 2009-04-03 14:19 - 00000000 ____D C:\graficos
2017-07-11 07:14 - 2009-03-25 10:30 - 00002032 _____ C:\Users\juan\AppData\Local\d3d9caps.dat
2017-07-03 10:16 - 2009-04-21 15:00 - 00000000 ____D C:\Users\juan\AppData\Roaming\FileZilla
 
Files to move or delete:
====================
C:\Users\juan\Renta2015_windows_1_32.exe
 
 
Some files in TEMP:
====================
2015-11-17 17:49 - 2015-11-17 17:49 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\juan\AppData\Local\Temp\BingSvc.exe
2015-11-17 17:48 - 2015-11-17 17:49 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\juan\AppData\Local\Temp\BSvcProcessor.exe
2015-11-17 17:48 - 2015-11-17 17:49 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\juan\AppData\Local\Temp\BSvcUpdater.exe
2015-01-30 08:23 - 2015-01-30 08:23 - 0043008 _____ () C:\Users\juan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnhqvbe.dll
2014-07-11 22:12 - 2014-07-11 22:12 - 0918952 _____ (Oracle Corporation) C:\Users\juan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 06:15 - 2014-07-28 06:15 - 0918440 _____ (Oracle Corporation) C:\Users\juan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2016-08-05 17:15 - 2016-08-05 17:15 - 0741440 _____ (Oracle Corporation) C:\Users\juan\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-11-11 08:28 - 2016-11-11 08:28 - 0737856 _____ (Oracle Corporation) C:\Users\juan\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-06-14 16:23 - 2017-06-14 16:23 - 0739904 _____ (Oracle Corporation) C:\Users\juan\AppData\Local\Temp\jre-8u131-windows-au.exe
2014-12-18 18:29 - 2014-12-18 18:29 - 0641448 _____ (Oracle Corporation) C:\Users\juan\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-03-09 17:25 - 2015-03-09 17:25 - 0561576 _____ (Oracle Corporation) C:\Users\juan\AppData\Local\Temp\jre-8u40-windows-au.exe
2011-10-14 23:54 - 2011-10-14 23:54 - 0381248 _____ (NVIDIA Corporation) C:\Users\juan\AppData\Local\Temp\nvSCPAPISvr.exe
2014-08-28 17:57 - 2011-10-14 23:54 - 0497472 _____ (NVIDIA Corporation) C:\Users\juan\AppData\Local\Temp\nvStInst.exe
2015-09-21 07:32 - 2015-08-17 07:19 - 2097040 _____ (AVG Technologies) C:\Users\juan\AppData\Local\Temp\UNINSTALL.EXE
2006-05-24 18:10 - 2006-05-24 18:10 - 0455600 ____R (Macrovision Corporation) C:\Users\juan\AppData\Local\Temp\_isCE0D.exe
2014-11-15 10:59 - 2014-11-15 10:59 - 0098304 _____ (BCL Technologies, Inc.) C:\Users\TEMP\AppData\Local\Temp\NitroPDFpdrv6.dll
2014-11-15 10:59 - 2014-11-15 10:59 - 0904704 _____ (BCL Technologies, Inc.) C:\Users\TEMP\AppData\Local\Temp\NitroPDFpdui6.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2011-04-15 11:33] - [2011-03-02 16:44] - 0168448 _____ (Microsoft Corporation) 85E861D0B88DB2B54ACB0839654C09F7
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 2045.94 MB
Available physical RAM: 1606.37 MB
Total Virtual: 1863.53 MB
Available Virtual: 1699.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:351.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (LRMCFRE_ES_DVD) (CDROM) (Total:2.44 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:14.75 GB) (Free:14.65 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CD8B19CA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: 245B12A3)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)
 
LastRegBack: 2017-07-27 08:22
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

  • 4 weeks later...

Hi juanrdosil:)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Do you still need assistance with your issue?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.