Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This application has failed to start because consrv was not found


  • This topic is locked This topic is locked
5 replies to this topic

#1 MajinSkeith

MajinSkeith

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 09 December 2011 - 02:49 AM

My computer just spontaneously restarted itself today but only got as far as a blue screen that said "This application has failed to start because consrv was not found". I can't load safe modes of any kind or last good configurations. I just bought NeoSmart's vista 64 repair disc and it couldn't fix itself. I've been scouring the internet for the past 8 hours and nothing has worked> I eventually came across this http://www.bleepingcomputer.com/forums/topic418997.html and it seemed to be good. I've already downloaded farbar recovery scan tool x64 and mbrfix so now from what I understand from the aforementioned topic I supply you with whatever logs you need and you guys supply a fixlog that farbar will run right? I just need to be able to get my computer actually working long enough to make back ups cause I've had enough problems once the backup is ready I'm probably gonna restore to factory state. Thank you very much in advance.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 PM

Posted 09 December 2011 - 10:39 AM

Hello MajinSkeith,

Welcome to this forum. I'll assist you with the boot issue.

Please copy and paste the content of FRST.txt to your reply.

#3 MajinSkeith

MajinSkeith
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 09 December 2011 - 04:21 PM

Here you go, and thanks for such a prompt reply, when signing up it warned me it might be as many as 5 days.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-09 01:05:23
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [991504 2009-10-20] (Trend Micro Inc.)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [855608 2007-09-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9264456 2011-10-20] (COMODO)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7573024 2009-03-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS)
HKLM-x32\...\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-03-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [1126400 2008-09-30] (ATK)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2008-08-19] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe [33136 2009-06-16] ()
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe" [1286608 2010-01-18] (PC Tools)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2010-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Helms\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Helms\...\Run: [] [x]
HKU\Helms\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Helms\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-08-23] (BitTorrent, Inc.)
HKU\Helms\...\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe" [323392 2011-06-29] (BitTorrent, Inc.)
HKU\Helms\...\Run: [Akamai NetSession Interface] C:\Users\Helms\AppData\Local\Akamai\netsession_win.exe [3303000 2011-11-17] (Akamai Technologies, Inc)
HKU\Helms\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-06-29] ()
HKU\Helms\...\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKU\Helms\...\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1008128 2010-07-07] (W3i, LLC)
HKU\Helms\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Helms\...\Winlogon: [Shell] explorer.exe
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [86016 2010-11-11] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [63488 2010-11-11] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [319488 2010-11-11] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1089536 2010-11-11] ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
AppInit_DLLs: C:\Windows\system32\guard64.dll
Lsa: [Notification Packages] scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
2 Browser Defender Update Service; "C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe" [198608 2010-06-08] (Threat Expert Ltd.)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2663568 2011-10-07] (COMODO)
3 GoogleDesktopManager-022208-143751; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [29744 2008-09-19] (Google)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827520 2011-11-03] (Check Point Software Technologies)
2 sdAuxService; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [365280 2009-12-09] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [1141712 2010-01-18] (PC Tools)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [833944 2010-10-07] (Trend Micro Inc.)
2 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [565512 2009-03-03] (Trend Micro Inc.)
2 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [900360 2009-09-03] (Trend Micro Inc.)
2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]

========================== Drivers (Whitelisted) =============

0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [34872 2007-08-10] (Windows ® Codename Longhorn DDK provider)
2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [574216 2011-10-07] (COMODO)
1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [42224 2011-10-07] (COMODO)
1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [93200 2011-10-07] (COMODO)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-11-03] (Check Point Software Technologies)
3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [67104 2010-03-08] (ITE Tech. Inc. )
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [17464 2008-06-03] ( )
3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2006-10-28] ()
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [218056 2009-09-23] (PC Tools)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [318568 2010-06-23] (Realtek )
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1821952 2008-10-08] ()
2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [96784 2009-03-03] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
3 dump_wmimmc; \??\C:\WeMade Entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 lvupdtio; \??\C:\Program Files (x86)\ASUS\ASUS Live Update\SYS64\lvupdtio.sys [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
3 npggsvc; C:\Windows\system32\GameMon.des -service [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-09 01:03 - 2011-12-09 01:03 - 0000000 ____D C:\FRST
2011-12-06 18:16 - 2011-12-06 18:16 - 0000000 ____D C:\Program Files (x86)\ConvertHelper
2011-12-06 18:15 - 2011-12-06 18:16 - 3782822 ____A (DownloadHelper ) C:\Users\Helms\Downloads\ConvertHelperSetup.exe
2011-12-06 16:02 - 2011-12-06 16:02 - 0048571 ____A C:\Users\Helms\Downloads\381872_2795242364190_1352378911_32992821_181072164_n.jpg
2011-12-01 18:31 - 2011-12-01 18:31 - 0001099 ____A C:\Users\Helms\Desktop\Freelancer - Shortcut.lnk
2011-12-01 18:31 - 2011-12-01 18:31 - 0000000 ____D C:\Users\Helms\AppData\Local\Freelancer
2011-12-01 18:24 - 2011-12-01 18:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2011-12-01 16:31 - 2011-12-01 16:46 - 0000000 ____D C:\Users\Helms\Downloads\FreeLancer
2011-11-28 23:48 - 2011-11-28 23:48 - 0000000 ____D C:\Users\Helms\Documents\HeroBlade Logs
2011-11-28 23:48 - 2011-11-28 23:48 - 0000000 ____D C:\Users\Helms\AppData\Local\SWTOR
2011-11-25 16:50 - 2011-10-07 09:47 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2011-11-24 19:20 - 2011-11-24 19:20 - 0000000 ____D C:\Windows\pss
2011-11-23 15:01 - 2011-11-25 16:44 - 0000000 ____D C:\Users\Helms\Downloads\PN
2011-11-22 23:14 - 2011-11-22 23:14 - 0001247 ____A C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2011-11-22 23:12 - 2011-11-22 23:12 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2011-11-22 22:57 - 2011-11-22 23:15 - 0021914 ____A C:\Users\Helms\Documents\Install STAR WARS The Old Republic.log
2011-11-22 22:51 - 2011-11-22 22:53 - 25599928 ____A C:\Users\Helms\Downloads\SWTOR_setup.exe
2011-11-20 17:14 - 2011-11-20 17:14 - 0000000 ____D C:\Users\Helms\Documents\ForceField Shared Files
2011-11-20 17:13 - 2011-11-20 17:13 - 0000000 ____D C:\Users\Helms\AppData\Roaming\CheckPoint
2011-11-20 17:12 - 2011-11-20 17:12 - 0000000 ____D C:\Program Files\CheckPoint
2011-11-20 17:11 - 2010-04-06 00:34 - 0345984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2011-11-20 17:10 - 2011-11-20 17:10 - 0001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2011-11-20 17:09 - 2011-11-20 17:09 - 0000000 ____D C:\Program Files\COMODO
2011-11-20 17:04 - 2011-11-22 17:08 - 0000000 ____D C:\Users\All Users\Comodo
2011-11-20 17:04 - 2011-11-22 17:08 - 0000000 ____D C:\ProgramData\Comodo
2011-11-20 17:03 - 2011-11-20 17:05 - 0000000 ____D C:\Users\All Users\Comodo Downloader
2011-11-20 17:03 - 2011-11-20 17:05 - 0000000 ____D C:\ProgramData\Comodo Downloader
2011-11-20 16:56 - 2011-12-08 16:29 - 0000000 ____D C:\Program Files\PeerBlock
2011-11-20 16:56 - 2011-11-20 16:56 - 0001691 ____A C:\Users\Helms\Desktop\PeerBlock.lnk
2011-11-20 16:55 - 2011-11-20 16:55 - 2105040 ____A (PeerBlock, LLC ) C:\Users\Helms\Downloads\PeerBlock-Setup_v1.1_r518.exe
2011-11-20 16:54 - 2011-11-20 16:54 - 10569376 ____A (ashampoo GmbH & Co. KG ) C:\Users\Helms\Downloads\ashampoo_firewall_sm.exe
2011-11-20 16:51 - 2011-11-20 16:51 - 0000000 ____D C:\Program Files (x86)\CheckPoint
2011-11-20 16:50 - 2011-11-20 17:00 - 62677136 ____A (COMODO) C:\Users\Helms\Downloads\cfw_installer.exe
2011-11-20 16:49 - 2011-11-20 16:49 - 0463080 ____A (CNET Download.com) C:\Users\Helms\Downloads\cnet2_PeerBlock-Setup_v1_1_r518_exe.exe
2011-11-20 16:48 - 2011-11-20 16:48 - 0463080 ____A (CNET Download.com) C:\Users\Helms\Downloads\cnet2_ashampoo_firewall_sm_exe.exe
2011-11-20 16:30 - 2011-11-20 17:00 - 0000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2011-11-20 16:30 - 2011-11-20 16:30 - 0000945 ____A C:\Users\Public\Desktop\Trojan Killer.lnk
2011-11-20 16:25 - 2011-11-20 16:29 - 22011960 ____A (GridinSoft, Inc. ) C:\Users\Helms\Downloads\trojankiller2112-setup.exe
2011-11-20 16:19 - 2011-12-05 16:29 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2011-11-20 15:24 - 2011-11-20 15:24 - 0000000 ____D C:\Users\Helms\Documents\OneNote Notebooks
2011-11-20 15:22 - 2011-11-20 15:26 - 0102400 ____A C:\Windows\RegBootClean.exe
2011-11-19 10:36 - 2011-11-19 10:36 - 0000000 ____A C:\Users\All Users\2mMA0JG.dat
2011-11-19 10:36 - 2011-11-19 10:36 - 0000000 ____A C:\ProgramData\2mMA0JG.dat
2011-11-18 21:06 - 2011-11-18 21:06 - 0000000 ____D C:\Windows\system64
2011-11-11 13:53 - 2011-09-20 13:06 - 1423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-11 13:53 - 2011-09-20 06:04 - 0040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

============ 3 Months Modified Files and Folders =============

2011-12-09 01:03 - 2011-12-09 01:03 - 0000000 ____D C:\FRST
2011-12-08 22:59 - 2006-11-02 07:21 - 0266208 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-08 17:03 - 2010-08-15 19:27 - 193982816 ____A C:\Windows\ntbtlog.txt
2011-12-08 16:30 - 2006-11-02 07:42 - 0032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-08 16:30 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-08 16:30 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-08 16:30 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-08 16:29 - 2011-11-20 16:56 - 0000000 ____D C:\Program Files\PeerBlock
2011-12-08 16:29 - 2011-06-29 18:14 - 0000000 ____D C:\Users\Helms\AppData\Roaming\DNA
2011-12-08 16:29 - 2010-04-07 17:44 - 0000000 ____D C:\Users\Helms\AppData\Roaming\uTorrent
2011-12-08 16:29 - 2009-06-16 12:49 - 1302150 ____A C:\Windows\WindowsUpdate.log
2011-12-08 16:17 - 2010-04-13 14:58 - 0000000 ____D C:\Program Files (x86)\Spyware Doctor
2011-12-08 15:54 - 2011-10-23 18:40 - 0000000 ___HD C:\Users\Helms\Downloads\New Folder
2011-12-08 15:30 - 2006-11-02 04:46 - 0756338 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-08 15:28 - 2009-07-12 16:42 - 0002611 ____A C:\Users\Helms\Desktop\Microsoft Office Word 2007.lnk
2011-12-06 18:46 - 2009-07-10 23:35 - 0000000 ____D C:\Users\Helms\dwhelper
2011-12-06 18:16 - 2011-12-06 18:16 - 0000000 ____D C:\Program Files (x86)\ConvertHelper
2011-12-06 18:16 - 2011-12-06 18:15 - 3782822 ____A (DownloadHelper ) C:\Users\Helms\Downloads\ConvertHelperSetup.exe
2011-12-06 18:11 - 2009-07-10 23:05 - 0221696 ____A C:\Users\Helms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-06 16:02 - 2011-12-06 16:02 - 0048571 ____A C:\Users\Helms\Downloads\381872_2795242364190_1352378911_32992821_181072164_n.jpg
2011-12-05 17:01 - 2009-08-11 00:19 - 0000000 ____D C:\Users\Helms\AppData\Local\PMB Files
2011-12-05 16:30 - 2011-06-29 18:14 - 0000000 ____D C:\Program Files (x86)\DNA
2011-12-05 16:29 - 2011-11-20 16:19 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2011-12-05 16:28 - 2009-06-16 13:28 - 0000000 ____D C:\Users\All Users\NVIDIA
2011-12-05 16:28 - 2009-06-16 13:28 - 0000000 ____D C:\ProgramData\NVIDIA
2011-12-01 20:01 - 2009-07-10 03:54 - 0071992 ____A C:\Users\Helms\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-01 18:31 - 2011-12-01 18:31 - 0001099 ____A C:\Users\Helms\Desktop\Freelancer - Shortcut.lnk
2011-12-01 18:31 - 2011-12-01 18:31 - 0000000 ____D C:\Users\Helms\AppData\Local\Freelancer
2011-12-01 18:31 - 2011-09-02 04:27 - 0000000 ____D C:\Users\Helms\Documents\My Games
2011-12-01 18:24 - 2011-12-01 18:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2011-12-01 16:53 - 2009-07-10 05:52 - 0007111 ____A C:\Windows\TMFilter.log
2011-12-01 16:46 - 2011-12-01 16:31 - 0000000 ____D C:\Users\Helms\Downloads\FreeLancer
2011-11-29 20:34 - 2009-07-10 23:45 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-11-28 23:48 - 2011-11-28 23:48 - 0000000 ____D C:\Users\Helms\Documents\HeroBlade Logs
2011-11-28 23:48 - 2011-11-28 23:48 - 0000000 ____D C:\Users\Helms\AppData\Local\SWTOR
2011-11-26 16:11 - 2008-01-20 19:26 - 0275654 ____A C:\Windows\PFRO.log
2011-11-25 16:44 - 2011-11-23 15:01 - 0000000 ____D C:\Users\Helms\Downloads\PN
2011-11-24 19:20 - 2011-11-24 19:20 - 0000000 ____D C:\Windows\pss
2011-11-22 23:15 - 2011-11-22 22:57 - 0021914 ____A C:\Users\Helms\Documents\Install STAR WARS The Old Republic.log
2011-11-22 23:14 - 2011-11-22 23:14 - 0001247 ____A C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2011-11-22 23:12 - 2011-11-22 23:12 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2011-11-22 23:06 - 2009-07-10 23:16 - 0000000 ____D C:\Users\Helms\Documents\media
2011-11-22 22:53 - 2011-11-22 22:51 - 25599928 ____A C:\Users\Helms\Downloads\SWTOR_setup.exe
2011-11-22 17:08 - 2011-11-20 17:04 - 0000000 ____D C:\Users\All Users\Comodo
2011-11-22 17:08 - 2011-11-20 17:04 - 0000000 ____D C:\ProgramData\Comodo
2011-11-20 17:34 - 2009-07-10 03:54 - 0000000 ____D C:\users\Helms
2011-11-20 17:14 - 2011-11-20 17:14 - 0000000 ____D C:\Users\Helms\Documents\ForceField Shared Files
2011-11-20 17:13 - 2011-11-20 17:13 - 0000000 ____D C:\Users\Helms\AppData\Roaming\CheckPoint
2011-11-20 17:12 - 2011-11-20 17:12 - 0000000 ____D C:\Program Files\CheckPoint
2011-11-20 17:10 - 2011-11-20 17:10 - 0001753 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2011-11-20 17:09 - 2011-11-20 17:09 - 0000000 ____D C:\Program Files\COMODO
2011-11-20 17:05 - 2011-11-20 17:03 - 0000000 ____D C:\Users\All Users\Comodo Downloader
2011-11-20 17:05 - 2011-11-20 17:03 - 0000000 ____D C:\ProgramData\Comodo Downloader
2011-11-20 17:00 - 2011-11-20 16:50 - 62677136 ____A (COMODO) C:\Users\Helms\Downloads\cfw_installer.exe
2011-11-20 17:00 - 2011-11-20 16:30 - 0000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2011-11-20 16:56 - 2011-11-20 16:56 - 0001691 ____A C:\Users\Helms\Desktop\PeerBlock.lnk
2011-11-20 16:55 - 2011-11-20 16:55 - 2105040 ____A (PeerBlock, LLC ) C:\Users\Helms\Downloads\PeerBlock-Setup_v1.1_r518.exe
2011-11-20 16:54 - 2011-11-20 16:54 - 10569376 ____A (ashampoo GmbH & Co. KG ) C:\Users\Helms\Downloads\ashampoo_firewall_sm.exe
2011-11-20 16:51 - 2011-11-20 16:51 - 0000000 ____D C:\Program Files (x86)\CheckPoint
2011-11-20 16:49 - 2011-11-20 16:49 - 0463080 ____A (CNET Download.com) C:\Users\Helms\Downloads\cnet2_PeerBlock-Setup_v1_1_r518_exe.exe
2011-11-20 16:48 - 2011-11-20 16:48 - 0463080 ____A (CNET Download.com) C:\Users\Helms\Downloads\cnet2_ashampoo_firewall_sm_exe.exe
2011-11-20 16:30 - 2011-11-20 16:30 - 0000945 ____A C:\Users\Public\Desktop\Trojan Killer.lnk
2011-11-20 16:29 - 2011-11-20 16:25 - 22011960 ____A (GridinSoft, Inc. ) C:\Users\Helms\Downloads\trojankiller2112-setup.exe
2011-11-20 15:26 - 2011-11-20 15:22 - 0102400 ____A C:\Windows\RegBootClean.exe
2011-11-20 15:24 - 2011-11-20 15:24 - 0000000 ____D C:\Users\Helms\Documents\OneNote Notebooks
2011-11-19 10:36 - 2011-11-19 10:36 - 0000000 ____A C:\Users\All Users\2mMA0JG.dat
2011-11-19 10:36 - 2011-11-19 10:36 - 0000000 ____A C:\ProgramData\2mMA0JG.dat
2011-11-18 22:12 - 2011-11-03 16:53 - 0000000 ____D C:\Users\Helms\AppData\Local\Akamai
2011-11-18 21:06 - 2011-11-18 21:06 - 0000000 ____D C:\Windows\system64
2011-11-16 16:22 - 2009-07-11 10:20 - 0000000 ____D C:\Program Files (x86)\StarWarsGalaxies
2011-11-13 10:42 - 2011-02-04 10:54 - 0000000 ____D C:\Users\Helms\Documents\HOMEWORK!!!!!!!!!!!!!!
2011-11-12 01:04 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-12 01:01 - 2006-11-02 04:35 - 52174280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-11-08 04:53 - 2011-11-06 12:21 - 0002158 ____A C:\Users\Helms\Desktop\DC Universe Online Live.lnk
2011-11-07 19:42 - 2010-08-18 11:33 - 0000000 ____D C:\Users\Helms\Documents\swords
2011-11-06 12:26 - 2011-09-01 13:47 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-06 12:25 - 2011-11-06 12:21 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-11-06 12:23 - 2011-11-06 12:22 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-11-06 12:21 - 2011-11-06 12:20 - 8980224 ____A C:\Users\Helms\Downloads\DCUO_setup.exe
2011-11-06 12:21 - 2011-07-22 22:41 - 0000000 ____D C:\Users\Public\Sony Online Entertainment
2011-11-04 13:10 - 2011-11-04 13:10 - 0076413 ____A C:\Users\Helms\Downloads\307828_285868091444073_115625068468377_944798_1257402835_n.jpg
2011-10-23 19:36 - 2011-10-23 19:36 - 0000667 ____A C:\Users\Helms\Desktop\Mabinogi Launcher.lnk
2011-10-23 17:27 - 2011-10-23 15:38 - 419691448 ____A C:\Users\Helms\Downloads\MabinogiMP3US.exe
2011-10-23 17:11 - 2009-07-10 18:44 - 0000000 ____D C:\Users\Helms\AppData\Local\SecondLife
2011-10-23 16:28 - 2010-10-15 22:52 - 0000938 ____A C:\Users\Public\Desktop\Second Life Viewer 2.lnk
2011-10-23 16:28 - 2010-10-15 22:51 - 0000000 ____D C:\Program Files (x86)\SecondLifeViewer2
2011-10-23 16:26 - 2011-10-23 16:21 - 29383808 ____A C:\Users\Helms\Downloads\Second_Life_3-1-0-243176_Setup.exe
2011-10-20 16:15 - 2011-10-20 16:15 - 0001046 ____A C:\Users\Helms\Desktop\play every 90 days UCClient.lnk
2011-10-20 16:13 - 2011-10-20 16:08 - 0000000 ____D C:\Users\Helms\Downloads\UCGO-1.5.7
2011-10-20 13:00 - 2009-10-01 13:53 - 0001356 ____A C:\Users\Helms\AppData\Local\d3d9caps.dat
2011-10-15 08:58 - 2006-11-02 07:27 - 0165222 ____A C:\Windows\setupact.log
2011-10-13 21:21 - 2011-10-13 21:21 - 0000765 ____A C:\Users\Helms\Desktop\MMBN Client.lnk
2011-10-13 21:20 - 2011-10-13 19:42 - 0000000 ____D C:\Users\Helms\Downloads\MMBN Client
2011-10-13 20:34 - 2011-10-13 20:34 - 0002168 ____A C:\Users\Helms\Desktop\MMBN Chrono X 3rd Demo.lnk
2011-10-13 20:34 - 2011-10-13 20:34 - 0000000 ____D C:\Program Files (x86)\MegaDudes
2011-10-13 20:29 - 2011-10-13 20:25 - 31345516 ____A (MegaDudes ) C:\Users\Helms\Downloads\MMBNCHRONO X 3_2 demo.exe
2011-10-13 19:40 - 2011-10-13 19:39 - 12541140 ____A C:\Users\Helms\Downloads\MMBN Client.zip
2011-10-13 17:54 - 2011-10-13 17:54 - 0145985 ____A C:\Users\Helms\Downloads\1318553463100.png
2011-10-13 00:59 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-10-13 00:40 - 2009-07-10 04:00 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-09 15:40 - 2011-06-25 16:01 - 0002481 ____A C:\Users\Public\Desktop\Launchpad Enhanced.lnk
2011-10-09 09:08 - 2011-09-25 14:09 - 0000000 ____D C:\Users\Helms\Downloads\Game ISOs
2011-10-07 09:47 - 2011-11-25 16:50 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2011-10-07 09:47 - 2011-06-30 07:38 - 0574216 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys
2011-10-07 09:47 - 2011-06-30 07:38 - 0093200 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2011-10-07 09:47 - 2011-06-30 07:38 - 0042224 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2011-10-07 09:47 - 2011-06-30 07:37 - 0388280 ____A (COMODO) C:\Windows\System32\guard64.dll
2011-10-07 09:47 - 2011-06-30 07:37 - 0300200 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2011-10-07 09:47 - 2011-06-30 07:37 - 0016528 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
2011-10-06 20:06 - 2011-10-06 20:04 - 13492133 ___RA C:\Users\Helms\Downloads\Big_Daddy_Wallpaper.zip
2011-10-06 20:06 - 2011-10-06 20:04 - 10203635 ___RA C:\Users\Helms\Downloads\Portal_2_Waterfall_Wallpaper.zip
2011-10-06 20:05 - 2011-10-06 20:04 - 6202876 ___RA C:\Users\Helms\Downloads\Big_Daddy_Drill_Wallpaper.zip
2011-10-06 20:03 - 2011-10-06 20:03 - 0048658 ____A C:\Users\Helms\Downloads\Portal-2-Lemons-Wallpaper-1200x800-510x340.jpg
2011-10-06 18:55 - 2011-10-06 18:52 - 7398668 ___RA C:\Users\Helms\Downloads\Revan-vs-Jedi-Wallpaper.zip
2011-10-06 18:55 - 2011-10-06 18:52 - 10033398 ___RA C:\Users\Helms\Downloads\Lady-Revan-Wallpaper.zip
2011-10-06 18:55 - 2011-10-06 18:51 - 10543872 ___RA C:\Users\Helms\Downloads\Sith-Infighting-Wallpaper.zip
2011-10-05 21:21 - 2011-09-02 19:57 - 0000000 ____D C:\Users\Helms\AppData\Local\Fallout3
2011-10-05 21:10 - 2011-09-02 04:27 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2011-10-04 15:18 - 2011-10-04 15:18 - 0000000 ____A C:\Windows\SysWOW64\PCTBD779539804.dmp
2011-10-01 21:13 - 2011-10-01 21:12 - 0000000 ____D C:\Users\Helms\AppData\Roaming\The Longest Journey
2011-10-01 19:22 - 2011-04-07 19:30 - 0000000 ____D C:\Users\Helms\Downloads\The Legend of Zelda - 10 Albums!
2011-09-28 22:03 - 2011-09-28 22:03 - 0001902 ____A C:\Users\Public\Desktop\The Longest Journey.lnk
2011-09-28 22:00 - 2011-09-28 22:00 - 0001871 ____A C:\Users\Public\Desktop\Fallout Tactics.lnk
2011-09-28 21:57 - 2011-09-28 21:25 - 0000000 ____D C:\Program Files (x86)\GOG.com
2011-09-28 21:27 - 2011-09-28 21:27 - 0001816 ____A C:\Users\Public\Desktop\Fallout.lnk
2011-09-28 02:55 - 2011-09-27 16:19 - 0000000 ____D C:\Users\Helms\Downloads\Fallout Trilogy
2011-09-27 20:42 - 2011-09-27 16:30 - 0000000 ____D C:\Users\Helms\Downloads\The Longest Journey (November 16, 2000)
2011-09-27 20:39 - 2011-09-27 16:22 - 0000000 ____D C:\Users\Helms\Downloads\Fallout
2011-09-27 16:31 - 2011-09-27 16:31 - 0379909 ____A C:\Users\Helms\Downloads\15961 - Beast_Boy Cyborg Raven Robin Starfire Teen_Titans.jpg
2011-09-27 16:31 - 2011-09-27 16:31 - 0379636 ____A C:\Users\Helms\Downloads\10336 - Beast_Boy Raven Teen_Titans.png
2011-09-27 16:15 - 2011-09-27 16:14 - 0000000 ____D C:\Users\Helms\Downloads\Fallout Tactics (March 15, 2001)
2011-09-27 15:20 - 2011-09-27 15:02 - 0000000 ____D C:\Users\Helms\Downloads\Marvel Universe Vs Wolverine
2011-09-27 15:06 - 2011-09-27 15:03 - 0000000 ____D C:\Users\Helms\Downloads\New Teen Titans - Games - Hardcover Original Graphic Novel -145 pgs (HHshark-2011)
2011-09-25 16:38 - 2011-09-25 16:38 - 0001635 ____A C:\Users\Public\Desktop\Opera.lnk
2011-09-25 16:38 - 2011-09-25 16:38 - 0000000 ____D C:\Users\Helms\AppData\Roaming\Opera
2011-09-25 16:38 - 2011-09-25 16:38 - 0000000 ____D C:\Users\Helms\AppData\Local\Opera
2011-09-25 16:38 - 2011-09-25 16:38 - 0000000 ____D C:\Program Files (x86)\Opera
2011-09-25 16:37 - 2011-09-25 16:36 - 10307952 ____A (Opera Software ASA) C:\Users\Helms\Downloads\Opera_1151_int_Setup.exe
2011-09-24 11:58 - 2011-09-23 16:44 - 0000023 ____A C:\Windows\BlendSettings.ini
2011-09-23 21:17 - 2009-06-16 12:59 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-09-23 16:41 - 2011-09-20 18:54 - 0000000 ____D C:\Users\Helms\AppData\Local\Oblivion
2011-09-23 16:38 - 2011-09-23 16:38 - 0001060 ____A C:\Users\Helms\Desktop\Oblivion Mod Manager.lnk
2011-09-22 19:11 - 2011-09-22 19:11 - 0000032 ____A C:\Windows\CD_Start.INI
2011-09-22 18:48 - 2011-09-22 18:48 - 0000000 ____A C:\Windows\SysWOW64\PCTBD324111187.dmp
2011-09-22 18:43 - 2008-09-19 03:02 - 0310171 ____A C:\Windows\DirectX.log
2011-09-20 18:54 - 2011-09-20 18:54 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2011-09-20 18:54 - 2011-09-20 18:54 - 0000000 __RHD C:\Users\Helms\AppData\Roaming\SecuROM
2011-09-20 13:06 - 2011-11-11 13:53 - 1423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-20 06:04 - 2011-11-11 13:53 - 0040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2011-09-19 00:29 - 2011-06-30 14:43 - 0751744 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-09-16 00:12 - 2008-09-19 03:18 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-09-16 00:12 - 2008-09-19 03:18 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-09-13 12:05 - 2010-04-07 17:45 - 0000000 ____D C:\Program Files (x86)\Ask.com

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4094.16 MB
Available physical RAM: 3447.19 MB
Total Pagefile: 3799.42 MB
Available Pagefile: 3422.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Vista64) (Fixed) (Total:286.37 GB) (Free:5.3 GB) NTFS ==>[System with boot components]
2 Drive d: (CD_ROM) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
3 Drive e: (ZACH HELMS) (Removable) (Total:7.45 GB) (Free:4.24 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7630 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 12 GB 32 KB
Partition 2 Primary 286 GB 12 GB

Disk: 0
Partition 2
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Vista64 NTFS Partition 286 GB Healthy

==========================================================

Last Boot: 2011-12-05 16:41

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 PM

Posted 09 December 2011 - 05:06 PM

We have a different procedure for unbootable computers.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Helms\...\Winlogon: [Shell] explorer.exe
SubSystems: [Windows] ==> ZeroAccess
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please restart and let it boot normally.

We have taken care of the main infection. Please tell me if you need my assistance to carry on and take care of the eventual vulnerabilities or you want to back up and go for a factory restore.

#5 MajinSkeith

MajinSkeith
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 09 December 2011 - 05:20 PM

Thank you so much! It booted into normal mode just fine :)
Here's the fixlog

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-09 16:15:17 R:1
Running from E:\

==============================================

HKEY_USERS\Helms\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

==== End of Fixlog ====

I'm going to begin my backup now and reset it all afterward. Working from the ground up it will be easier to protect it this time. Do you have any suggestions on what might prevent such issues in the future?

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:56 PM

Posted 09 December 2011 - 05:58 PM

You are very welcome. :thumbup2:

Please consult this article How To Prevent Malware.

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users