Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix now PC wont load


  • This topic is locked This topic is locked
49 replies to this topic

#1 tonicfan

tonicfan

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 08 April 2012 - 08:09 PM

I have win 7 home edition 64bit on a Dell PC. I cannot remember the model. Inspiron 540 i think

I got a virus and ran malware bytes and it cleaned out most of it. But i noticed that ping.exe was still in the task mgr. I ran combofix (i have run this before and it fixed the problem).
Now I cannot boot my computer. It goes to the start up repair and asks to repair or start windows normally. Start up repair did not work. Whenever i start it normally the monitors go black during loading and the computer stops responding.

I tried booting in safe mode and i get STOP: C0000135 the program can't start because %hs is missing from your computer. Try reinstalling the program to fx this problem

I read on here that i needed to run the fabar scan tool and have done that. I also am including the combofix log that i got off the hard drive.

Pretty Sure I need the FIX FILE for this to be able to boot and then make sure everything is cleared up with your instructions and recommendations.

If you can please help me. I need my computer for work and am on an old laptop which is a temporary solution. But all my work programs are on my PC.
I would really appreciate help!!! Thank you in advance!



ComboFix 12-04-08.01 - SER 04/08/2012 18:54:54.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6634 [GMT -4:00]
Running from: e:\[nox\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SER\AppData\Local\Temp\wmalop.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 23:07 . 2012-04-08 23:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-08 23:07 . 2012-04-08 23:07 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-04-08 23:07 . 2012-04-08 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 22:19 . 2012-04-08 22:19 -------- d-----w- c:\users\SER\AppData\Local\{E6BE5F35-81C8-11E1-826D-B8AC6F996F26}
2012-04-08 22:18 . 2012-04-08 22:18 -------- d-----w- c:\programdata\F4D55F3B0000246C00015024B4EB2367
2012-04-06 18:38 . 2012-04-06 18:38 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 04:07 . 2012-03-31 04:07 -------- d-----w- c:\users\SER\AppData\Roaming\Red Kawa
2012-03-31 03:30 . 2012-03-31 03:30 -------- d-----w- c:\users\SER\AppData\Local\Geckofx
2012-03-31 03:29 . 2012-03-31 03:29 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-03-31 03:29 . 2012-03-31 03:29 -------- d-----w- c:\program files (x86)\Red Kawa
2012-03-25 17:53 . 2012-03-25 17:53 -------- d-----w- c:\users\SER\AppData\Roaming\Electronic Arts
2012-03-22 20:12 . 2012-03-22 20:12 -------- d-----w- c:\users\SER\AppData\Local\VAFinancials
2012-03-22 20:12 . 2012-03-22 20:12 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2012-03-22 20:12 . 2012-03-22 20:12 -------- d-----w- c:\program files (x86)\VAFS5
2012-03-21 22:24 . 1999-12-01 05:40 401462 ----a-w- c:\windows\SysWow64\temp.00F
2012-03-21 22:24 . 2012-03-21 22:39 -------- d-----w- c:\program files (x86)\Syncrosoft
2012-03-19 18:21 . 2012-03-19 18:21 -------- d-----w- c:\program files\iTunes
2012-03-19 18:21 . 2012-03-19 18:21 -------- d-----w- c:\program files (x86)\iTunes
2012-03-19 18:21 . 2012-03-19 18:21 -------- d-----w- c:\program files\iPod
2012-03-19 18:19 . 2012-03-19 18:19 -------- d-----w- c:\program files\Bonjour
2012-03-19 18:01 . 2012-03-01 18:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24125940-AC66-41FE-B448-F38092DB1F3C}\mpengine.dll
2012-03-19 17:58 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-19 17:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-19 17:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-19 17:58 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 17:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-19 17:58 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-19 17:58 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-19 17:58 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-19 17:58 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-19 17:58 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 05:09 . 2012-03-19 05:30 -------- d-----w- c:\users\SER\AppData\Roaming\Begyn
2012-03-15 21:18 . 2012-03-15 21:18 -------- d-----w- c:\users\SER\AppData\Roaming\Nasea
2012-03-15 15:59 . 2012-03-15 15:59 -------- d-----w- c:\users\SER\AppData\Roaming\TeamViewer
2012-03-15 04:48 . 2010-09-16 04:13 2601752 ----a-w- c:\windows\SysWow64\pbsvc_moh.exe
2012-03-10 06:47 . 2012-03-10 06:47 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 03:57 . 2010-09-12 07:49 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-08 03:57 . 2010-09-12 06:57 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-08 03:37 . 2010-09-12 06:57 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-06 18:38 . 2011-05-16 22:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 05:33 . 2010-09-12 06:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-23 13:18 . 2010-09-12 02:17 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-10 04:13 . 2012-03-06 20:29 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-03-06 20:29 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-03-06 20:29 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-03-06 20:29 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 04:13 . 2012-03-06 20:29 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 04:13 . 2012-03-06 20:29 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-03-06 20:29 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-03-06 20:29 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 04:13 . 2012-03-06 20:29 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-03-06 20:29 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 04:13 . 2012-03-06 20:29 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 04:13 . 2012-03-06 20:29 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 04:13 . 2012-03-06 20:29 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 04:13 . 2012-03-06 20:29 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-03-06 20:29 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 04:13 . 2012-03-06 20:29 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2012-01-22 23:17 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2012-01-22 23:17 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2012-01-22 23:17 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-01-22 23:17 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-01-22 23:17 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 03:14 . 2012-01-22 23:22 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2012-01-22 23:22 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2012-01-22 23:22 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2012-01-22 23:22 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:07 . 2012-01-22 23:22 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 01:05 . 2012-02-10 01:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-01-18 06:44 . 2012-01-18 06:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 06:44 . 2012-01-18 06:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 06:44 . 2012-01-18 06:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 06:44 . 2012-01-18 06:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 06:44 . 2012-01-18 06:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 06:44 . 2012-01-18 06:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 06:44 . 2012-01-18 06:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 06:44 . 2012-01-18 06:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 06:44 . 2012-01-18 06:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 06:44 . 2012-01-18 06:44 25632 ----a-w- c:\windows\system32\drivers\lvbflt64.sys
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-17 12:46 . 2012-03-06 20:29 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-03-06 20:29 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-03-06 20:29 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-17_03.59.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-31 03:05 . 2011-08-31 03:05 50536 c:\windows\SysWOW64\jdns_sd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05 73064 c:\windows\SysWOW64\dnssd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05 83816 c:\windows\SysWOW64\dns-sd.exe
+ 2012-04-08 22:53 . 2012-04-08 22:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040820120409\index.dat
+ 2012-02-01 23:07 . 2012-04-08 22:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-01 23:07 . 2012-02-02 00:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-06-04 02:19 . 2012-04-08 22:42 78364 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 23:10 46508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-11 20:06 . 2012-04-08 23:10 26282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362008282-2375028595-759901535-1000_UserData.bin
+ 2011-08-31 03:05 . 2011-08-31 03:05 61288 c:\windows\system32\jdns_sd.dll
+ 2009-07-14 05:30 . 2012-03-19 18:20 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-03-06 20:31 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-15 15:01 . 2012-02-15 15:01 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaapl64.sys
+ 2011-08-02 20:38 . 2011-08-02 20:38 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\netaapl64.sys
+ 2011-08-31 03:05 . 2011-08-31 03:05 85864 c:\windows\system32\dnssd.dll
+ 2011-08-31 03:05 . 2011-08-31 03:05 96104 c:\windows\system32\dns-sd.exe
+ 2010-09-11 20:38 . 2012-04-08 22:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-11 20:38 . 2012-03-16 05:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-11 20:38 . 2012-04-08 22:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-11 20:38 . 2012-03-16 05:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 22:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-16 05:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-23 23:17 94904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-03-17 03:22 94904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-21 01:28 . 2012-02-21 01:28 53608 c:\windows\Installer\$PatchCache$\Managed\057978BEDBCC3104FB5D20494DADB50D\2.1.7\pthreadVC2.dll
+ 2012-02-21 01:28 . 2012-02-21 01:28 23248 c:\windows\Installer\$PatchCache$\Managed\057978BEDBCC3104FB5D20494DADB50D\2.1.7\AppleVersions.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\GV600_4.dll
+ 2012-04-08 23:08 . 2012-04-08 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 03:59 . 2012-03-17 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 03:59 . 2012-03-17 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-08 23:08 . 2012-04-08 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 18:38 . 2012-04-06 18:38 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-04-06 18:38 . 2012-04-06 18:38 253600 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-08-31 03:05 . 2011-08-31 03:05 178536 c:\windows\SysWOW64\dnssdX.dll
+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\SysWOW64\devil.dll
+ 2012-02-01 23:06 . 2012-04-08 22:51 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-16 12:18 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-08 23:06 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\SysWOW64\avisynth.dll
+ 2009-07-14 02:36 . 2012-04-02 23:15 801964 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-17 03:20 801964 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-17 03:20 173944 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-02 23:15 173944 c:\windows\system32\perfc009.dat
+ 2012-04-06 18:38 . 2012-04-06 18:38 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_Plugin.exe
+ 2009-07-14 05:30 . 2012-03-19 18:20 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-06 20:31 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-19 18:20 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-03-06 20:31 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-31 03:05 . 2011-08-31 03:05 212840 c:\windows\system32\dnssdX.dll
- 2009-07-14 05:01 . 2012-03-17 03:58 527264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-08 23:07 527264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-19 18:22 . 2012-03-19 18:22 897024 c:\windows\Installer\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}\SafariIco.exe
+ 2012-03-19 18:22 . 2012-03-19 18:22 380928 c:\windows\Installer\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}\iTunesIco.exe
- 2012-03-16 05:51 . 2012-03-16 05:51 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-04-06 18:38 . 2012-04-06 18:38 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
- 2009-07-14 04:54 . 2012-03-16 12:18 2719744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 23:06 2719744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-16 12:18 3178496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 23:06 3178496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-03-19 18:03 2435312 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-25 17:24 2435312 c:\windows\system32\FNTCACHE.DAT
+ 2012-02-15 15:01 . 2012-02-15 15:01 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaaplrc.dll
+ 2010-04-20 00:29 . 2010-04-20 00:29 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\wdfcoinstaller01009.dll
- 2009-07-14 04:45 . 2012-03-16 18:07 7130605 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-19 18:10 7130605 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-09-12 22:20 . 2012-02-24 04:07 3611800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-12 22:20 . 2012-04-06 18:36 3611800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-01 23:21 . 2012-04-08 23:07 2749060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-02-01 23:21 . 2012-02-02 00:52 2749060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-19 18:17 . 2012-03-19 18:17 2682368 c:\windows\Installer\7b6f1.msi
- 2012-03-16 05:51 . 2012-03-16 05:51 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-20 03:50 . 2012-03-20 03:50 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-03-16 05:51 . 2012-03-16 05:51 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-14 02:34 . 2012-03-19 18:02 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-02-25 17:22 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-09-12 02:16 . 2012-03-19 17:59 56297240 c:\windows\system32\MRT.exe
+ 2012-04-06 18:38 . 2012-04-06 18:38 11588768 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll
+ 2011-04-23 06:57 . 2012-04-08 23:07 40579292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1362008282-2375028595-759901535-1000-12288.dat
+ 2012-03-19 18:22 . 2012-03-19 18:22 38242304 c:\windows\Installer\7c107.msi
+ 2012-03-19 18:19 . 2012-03-19 18:19 48986624 c:\windows\Installer\7c04e.msi
+ 2012-03-19 18:17 . 2012-03-19 18:17 11105280 c:\windows\Installer\7b752.msi
+ 2012-03-19 18:16 . 2012-03-19 18:16 26820096 c:\windows\Installer\7b6c1.msi
+ 2012-03-19 18:15 . 2012-03-19 18:15 20396032 c:\windows\Installer\7b3f1.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Radio365Agent"="c:\progra~2\Live365\Radio365\Radio365TrayAgent.exe" [2009-03-04 884736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"DigidesignMMERefresh"="c:\program files\Digidesign\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"HostManager"="c:\program files (x86)\Common Files\AOL\1302641372\ee\AOLSoftware.exe" [2010-03-08 41800]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2011-02-18 236040]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 RoxMediaDBVHS;RoxMediaDBVHS;c:\program files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2010-02-19 1116656]
R3 rspAux;rspAux;c:\windows\system32\DRIVERS\rspAux64.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [x]
R3 SDVC05;USB SDVC05;c:\windows\system32\Drivers\SDVC05.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WGSControl;Worldgroup Server;c:\wgserv\wgssvc.exe [1999-03-31 16384]
R3 WGSMain;WGS Executable;c:\wgserv\wgserver.exe [2010-09-28 432640]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:38]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362008282-2375028595-759901535-1000Core.job
- c:\users\SER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 00:12]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362008282-2375028595-759901535-1000UA.job
- c:\users\SER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 00:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-05 675840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll" [2006-10-16 31744]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"combofix"="c:\combofix\CF25510.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
avidstartup
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
Trusted Zone: hitmonster.info
Trusted Zone: lauraingraham.com\www
Trusted Zone: mancow.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\SER\AppData\Roaming\Mozilla\Firefox\Profiles\suc6uc1h.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-wmalop - c:\users\SER\AppData\Local\Temp\wmalop.dll
HKLM-Run-setint - c:\users\SER\AppData\Local\Temp\setint.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1362008282-2375028595-759901535-1000\Software\SecuROM\License information*]
"datasecu"=hex:11,54,15,22,e0,a8,d1,5d,7d,6d,cf,b1,8c,53,d8,f4,51,00,51,2a,56,
2b,1f,8e,7c,e0,45,0e,db,99,7e,6b,4d,61,82,e5,fa,05,56,80,14,c8,bf,ab,80,b1,\
"rkeysecu"=hex:7e,f6,39,19,69,db,d5,ab,c8,c4,4b,f3,35,ee,b7,2d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Live365\Radio365\Radio365TrayAgent.exe
c:\windows\SysWOW64\DeltaIITray.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-04-08 19:15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 23:15
ComboFix2.txt 2012-03-17 04:20
ComboFix3.txt 2012-02-02 01:12
.
Pre-Run: 59,027,992,576 bytes free
Post-Run: 58,929,139,712 bytes free
.
- - End Of File - - 639B40EF3D19F0E6C801557CE3EFA9F7





Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 08-04-2012 20:13:47
Running from H:\
Microsoft Windows XP (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [nwiz] nwiz.exe /installquiet [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [110184 2009-11-20] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [12669544 2009-11-20] (NVIDIA Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe [236040 2009-07-27] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2010-09-01] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKU\Owner\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-13] (Microsoft Corporation)
HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS3; "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service [153792 2007-03-20] (Adobe Systems Incorporated)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [144672 2010-08-13] (Apple Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [29896 2005-09-23] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [345376 2010-07-27] (Apple Inc.)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-13] (Microsoft Corp., Veritas Software)
3 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2008-04-13] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2010-09-08] (Macrovision Europe Ltd.)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
3 ImapiService; C:\WINDOWS\System32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
4 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
2 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [154216 2009-11-20] (NVIDIA Corporation)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441136 2006-10-26] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
3 RSVP; C:\Windows\System32\rsvp.exe [132608 2002-09-03] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
2 srservice; C:\WINDOWS\System32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{13E28838-8B78-40DB-963F-4871C21F8A8A} [5120 2008-04-13] (Microsoft Corporation)
3 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-13] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]

========================== Drivers (Whitelisted) =============

4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2002-09-03] (Microsoft Corporation)
3 aec; C:\Windows\System32\Drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
3 audstub; C:\Windows\System32\Drivers\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2002-09-03] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2002-09-03] (Microsoft Corporation)
3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [302472 2009-07-27] (Avid Technology, Inc.)
4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
4 dmio; C:\Windows\System32\Drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
4 dmload; C:\Windows\System32\Drivers\dmload.sys [5888 2002-09-03] (Microsoft Corp., Veritas Software.)
3 DMusic; C:\Windows\System32\Drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [125056 2002-09-03] (Microsoft Corporation)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\Drivers\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
1 Imapi; C:\Windows\System32\Drivers\Imapi.sys [42112 2008-04-13] (Microsoft Corporation)
3 ip6fw; C:\Windows\System32\Drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\Drivers\IpInIp.sys [20864 2008-04-13] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [75264 2008-04-13] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2002-09-03] (Microsoft Corporation)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [10235968 2009-11-20] (NVIDIA Corporation)
3 NVENETFD; C:\Windows\System32\Drivers\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [57320 2009-11-11] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\Drivers\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\Drivers\NwlnkFlt.sys [12416 2002-09-03] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\Drivers\NwlnkFwd.sys [32512 2002-09-03] (Microsoft Corporation)
3 PSched; C:\Windows\System32\Drivers\PSched.sys [69120 2008-04-13] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [17792 2002-09-03] (Parallel Technologies, Inc.)
3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [16512 2002-09-03] (Microsoft Corporation)
1 redbook; C:\Windows\System32\Drivers\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
3 splitter; C:\Windows\System32\Drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
0 sr; C:\Windows\System32\Drivers\sr.sys [73472 2008-04-13] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
2 SwsVpkt; C:\Windows\System32\Drivers\SwsVpkt.sys [16994 2006-05-20] (Software Systems)
3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
3 Update; C:\Windows\System32\Drivers\Update.sys [384768 2008-04-13] (Microsoft Corporation)
3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 OMCI; C:\Windows\System32\DRIVERS\OMCI.SYS [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-08 20:13 - 2012-04-08 20:13 - 0000000 ____D C:\FRST
2012-03-29 18:10 - 2012-04-08 12:32 - 0000000 ____D C:\SOCCER MATCHES
2012-03-21 23:59 - 2012-03-22 00:00 - 17278696 ____A (Activision ) C:\CoDWaW-1.6-1.7-PatchSetup.exe
2012-03-21 19:05 - 2012-03-21 19:35 - 0000000 ____D C:\VST PLUG INS
2012-03-21 17:21 - 2012-03-21 17:21 - 0000000 ____D C:\Korg- M1+Wavestation vXpc
2012-03-21 17:05 - 2012-03-21 17:19 - 83799876 ____A C:\Korg- M1+Wavestation vXpc.rar
2012-03-16 23:24 - 2012-03-16 23:24 - 16157992 ____A (Mozilla) C:\Firefox Setup 11.0.exe
2012-03-14 01:03 - 2012-03-14 01:03 - 0000000 ____D C:\Warfare3_G700_Logitech
2012-03-14 01:02 - 2012-03-14 01:02 - 0002225 ____A C:\Warfare3_G700_Logitech.zip
2012-03-09 12:33 - 2012-03-09 12:33 - 2405568 ____A (Trend Micro Inc.) C:\HousecallLauncher64.exe
2012-03-09 11:28 - 2012-03-09 11:28 - 1955730 ____A C:\rar_password_recovery_trial.exe

============ 3 Months Modified Files and Folders =============

2012-04-08 20:13 - 2012-04-08 20:13 - 0000000 ____D C:\FRST
2012-04-08 17:51 - 2010-09-11 23:36 - 0000000 ____D C:\[NOX
2012-04-08 12:32 - 2012-03-29 18:10 - 0000000 ____D C:\SOCCER MATCHES
2012-04-02 14:23 - 2012-04-02 14:22 - 0000000 ____D C:\CHANTS
2012-03-29 13:36 - 2011-09-27 09:25 - 0000000 ____D C:\WSER Radio MUSIC
2012-03-23 16:59 - 2010-10-18 21:50 - 0000000 ____D C:\AI Smooth
2012-03-22 15:11 - 2011-02-22 00:30 - 0000000 ____D C:\Flight Sim Photos
2012-03-22 00:00 - 2012-03-21 23:59 - 17278696 ____A (Activision ) C:\CoDWaW-1.6-1.7-PatchSetup.exe
2012-03-21 19:35 - 2012-03-21 19:05 - 0000000 ____D C:\VST PLUG INS
2012-03-21 16:27 - 2010-09-22 22:07 - 0000000 ____D C:\PROTOOLS
2012-03-21 14:26 - 2010-10-25 22:04 - 0000000 ____D C:\REMOTE LUXURY
2012-03-16 23:24 - 2012-03-16 23:24 - 16157992 ____A (Mozilla) C:\Firefox Setup 11.0.exe
2012-03-14 01:03 - 2012-03-14 01:03 - 0000000 ____D C:\Warfare3_G700_Logitech
2012-03-14 01:02 - 2012-03-14 01:02 - 0002225 ____A C:\Warfare3_G700_Logitech.zip
2012-03-11 16:20 - 2011-04-07 18:14 - 0000000 ____D C:\1-HIT MONSTER
2012-03-09 12:33 - 2012-03-09 12:33 - 2405568 ____A (Trend Micro Inc.) C:\HousecallLauncher64.exe
2012-03-09 11:28 - 2012-03-09 11:28 - 1955730 ____A C:\rar_password_recovery_trial.exe
2012-03-05 20:01 - 2012-03-05 20:01 - 0848032 ____A (Amazon Services LLC) C:\Battlefield_3_Downloader.exe
2012-03-04 14:21 - 2012-03-04 14:21 - 0848032 ____A (Amazon Services LLC) C:\Call_of_Duty_Black_Ops_Downloader.exe
2012-03-03 21:12 - 2012-03-03 21:12 - 0848032 ____A (Amazon Services LLC) C:\Call_of_Duty_Modern_Warfare_3_Downloader.exe


========================= Known DLLs (Whitelisted) ============

C:\Windows\SysWOW64\advapi32.dll is missing
C:\Windows\SysWOW64\comdlg32.dll is missing
C:\Windows\SysWOW64\gdi32.dll is missing
C:\Windows\SysWOW64\imagehlp.dll is missing
C:\Windows\SysWOW64\kernel32.dll is missing
C:\Windows\SysWOW64\lz32.dll is missing
C:\Windows\SysWOW64\ole32.dll is missing
C:\Windows\SysWOW64\oleaut32.dll is missing
[2002-09-03 11:51] - [2008-04-13 19:12] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
C:\Windows\SysWOW64\olecli32.dll is missing
[2002-09-03 11:51] - [2008-04-13 19:12] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
C:\Windows\SysWOW64\olecnv32.dll is missing
[2002-09-03 11:51] - [2002-09-03 11:51] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
C:\Windows\SysWOW64\olesvr32.dll is missing
[2002-09-03 11:51] - [2002-09-03 11:51] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
C:\Windows\SysWOW64\olethk32.dll is missing
C:\Windows\SysWOW64\rpcrt4.dll is missing
C:\Windows\SysWOW64\shell32.dll is missing
C:\Windows\SysWOW64\url.dll is missing
C:\Windows\SysWOW64\urlmon.dll is missing
C:\Windows\SysWOW64\user32.dll is missing
C:\Windows\SysWOW64\version.dll is missing
C:\Windows\SysWOW64\wininet.dll is missing
C:\Windows\SysWOW64\wldap32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2002-09-03 12:12] - [2008-04-13 19:12] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows\System32\wininit.exe is missing.
C:\Windows\SysWOW64\wininit.exe is missing.
C:\Windows\explorer.exe
[2002-09-03 11:32] - [2008-04-13 19:12] - 1033728 ____A (Microsoft Corporation) 12896823FB95BFB3DC9B46BCAEDC9923

C:\Windows\SysWOW64\explorer.exe is missing.
C:\Windows\System32\svchost.exe
[2002-09-03 12:05] - [2008-04-13 19:12] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\Windows\SysWOW64\svchost.exe is missing.
C:\Windows\System32\User32.dll
[2002-09-03 12:08] - [2008-04-13 19:12] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows\SysWOW64\User32.dll is missing.
C:\Windows\System32\Drivers\volsnap.sys
[2002-09-03 12:10] - [2008-04-13 13:41] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025


========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 8190.98 MB
Available physical RAM: 7492.21 MB
Total Pagefile: 8189.13 MB
Available Pagefile: 7478.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.5 GB) (Free:510.12 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.76 GB) (Free:5.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (OS) (Fixed) (Total:454.96 GB) (Free:54.83 GB) NTFS
6 Drive h: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 931 GB 8 MB
Disk 2 No Media 0 B 0 B
Disk 3 Online 1920 MB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 454 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E OS NTFS Partition 454 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 16 KB

======================================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1919 MB Healthy

======================================================================================================
======================= End Of Log ==========================

Edited by tonicfan, 09 April 2012 - 04:54 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:00 PM

Posted 12 April 2012 - 06:23 PM

Hi

You have a lot of core system files missing:

"C:\Windows\System32\wininit.exe is missing." without this file you wont be able to boot, so let's see if we can find a replacement on the machine

Boot to System Recovery Options and run FRST64.

Type the following in the edit box after "Search:".

wininit.*; userinit.*;


Click Search button and post the log (Search.txt) it makes to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 tonicfan

tonicfan
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 12 April 2012 - 07:18 PM

Looks like it found some stuff

Here is the search.txt:

Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 2012-04-12 20:11:42
Running from H:\

================== Search: "wininit.*; userinit.*;" ===================

C:\WINDOWS\system32\userinit.exe
[2002-09-03 12:08] - [2008-04-13 19:12] - 0026112 ____A (Microsoft Corporation) A93AEE1928A9D7CE3E16D24EC7380F89

C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2010-09-08 14:34] - [2008-04-13 19:12] - 0026112 ____A (Microsoft Corporation) A93AEE1928A9D7CE3E16D24EC7380F89

C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2010-09-08 13:05] - [2008-04-13 19:12] - 0026112 ____N (Microsoft Corporation) A93AEE1928A9D7CE3E16D24EC7380F89

C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2010-09-08 15:02] - [2004-08-03 23:56] - 0024576 ____C (Microsoft Corporation) 39B1FFB03C2296323832ACBAE50D2AFF

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:00 PM

Posted 12 April 2012 - 07:24 PM

unfortunately it didn't find any instances of wininit.exe which we need, let's run FRST64 again with just the wininit entry

Boot to System Recovery Options and run FRST64.

Type the following in the edit box after "Search:".

wininit.*



Click Search button and post the log (Search.txt) it makes to your reply.

If it doesn't find any replacements, do you know anyone with the identical operating system where you might be able to obtain a copy of that file?

(C:\Windows\System32\wininit.exe, it must come from another Win7 home edition 64bit)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 tonicfan

tonicfan
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 12 April 2012 - 07:28 PM

it says it didnt find anything but i went into that folder via dos and found it

x:\windows\system32\wininit.exe

there is also winload.exe
winlogon.exe
winpeshl.exe and winresume.exe

this appears to be the recover partition. so i do have it. should i copy it to a folder on the main drive?

#6 tonicfan

tonicfan
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 12 April 2012 - 07:31 PM

It says volume of drive X is boot


the E:\ drive is actually my C:\ drive. and the D:\ drive is RECOVERY and the E:\ drive is my other hard drive.. this is in the recovery console dos.

#7 tonicfan

tonicfan
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 12 April 2012 - 07:35 PM

The file is also located on e:\windows\system32 as well.... which is my main hard drive (c:\ when windows is booting)

I wonder why the search did not find it.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:00 PM

Posted 12 April 2012 - 07:41 PM

Yes, when in the Recovery environment, the drive letters are changed because of the hidden recovery partition

The file is also located on e:\windows\system32 as well.

well that's strange? I wonder why it is showing as missing?

well let's give a fix a try with FRST and see if we can get it booting, this might not work as that file may be patched and therefore not recognized?

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
cmd: bootrec /FixMbr
cmd: bootrec /fixboot
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Now restart, let it boot normally and tell me how it went.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 tonicfan

tonicfan
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 12 April 2012 - 07:51 PM

The windows error recovery page shows up like it has been since this mess started.

Says windows failed to start. A recent hardware or software change might be the cause.
If windows files have been damaged or configured incorrectly, startup repar can help diagnose....

then it offers to launch start up repair or start windows normally.
I launched start up repair when this whole thing started and as you know it did not fix the issue.
When i select start windows normally it starts to boot, but then after the windows icon appears the screen goes black and the computer stops responding.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-12 20:45:43 R:3
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:00 PM

Posted 12 April 2012 - 07:59 PM

Ok, then it has to do with the missing files

I'm not certain if the hidden recovery partition will allow you to access files, but I haven't ever tried.

Honestly, I'd prefer that you didn't try and access it as it is the recovery partition (if you wanted to reformat your computer you would need to use it) until I speak with other expert colleagues.

Just try something for me, you are using ubuntu to navigate through your windows OS?

If you can navigate to the following, please do so

C:\Qoobox\Quarantine\C\windows\System64.vir

check inside that folder and let me know the contents (if there are tons of entries just check for some of the files FRST is declaring as missing)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 tonicfan

tonicfan
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 12 April 2012 - 08:10 PM

The folder appears empty while accessing it with Ubuntu
The folder is there though.

Other folders in that windows folder are syswow64 which contains 4 tmp files .vir

system32 which has consrv.dll.vir dds_trash_log.cmd.vir java.exe.vir


and an assembly folder which has a couple folders in it with desktop.ini.virs in them


One other question:
My Dell did come with their back up program. Now I never really used it. Although it will allow me some files to save when if it wants me to restore to the last known back up, which as far as i know is when I bought the computer because that datasafe program was really hogging system resources so i stopped using it either that or they wanted me to upgrade all the time, i cant recall. If i used that would it restore just windows or it will it wipe out the whole C drive?

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:00 PM

Posted 12 April 2012 - 08:13 PM

I've just re-read what you posted and it maybe that the winlogon registry key is not pointing to the userinit file

When i select start windows normally it starts to boot, but then after the windows icon appears the screen goes black and the computer stops responding.


HKLM-x32\...\Winlogon: [Userinit] [x]

so try this as well

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v userinit /t REG_SZ /d "C:\\WINDOWS\\system32\\userinit.exe," 
reg: REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t "REG_SZ" /d "Explorer.exe" /f

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:00 PM

Posted 12 April 2012 - 08:16 PM

My Dell did come with their back up program. Now I never really used it. Although it will allow me some files to save when if it wants me to restore to the last known back up, which as far as i know is when I bought the computer because that datasafe program was really hogging system resources so i stopped using it either that or they wanted me to upgrade all the time, i cant recall. If i used that would it restore just windows or it will it wipe out the whole C drive?


I think you are referring to the recovery partition? In which case I believe it will reformat the computer, but I am not 100% positive on that, so I'll ask my colleagues, but let's try the above fix first

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 tonicfan

tonicfan
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 12 April 2012 - 08:37 PM

How long is this fix supposed to take? It says fixing and its been running now for over 15 mins. The blue line is just going past and i figured it would have been done by now?

It says fixing.... been goin for now over 20 mins

Edited by tonicfan, 12 April 2012 - 08:41 PM.


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:00 PM

Posted 12 April 2012 - 08:41 PM

hmm, no it shouldn't take that long,

give it another 15 minutes, then shut it down

run a normal scan with FRST64 and post a fresh log, we'll see where we stand now.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users