Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c0000135 the program can't start because he %hs is missing


  • This topic is locked This topic is locked
11 replies to this topic

#1 Warsnake

Warsnake

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 26 June 2012 - 05:34 PM

.
EDIT: MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


Hi,

My pc is stuck in a rebootloop until I turn off the "reboot on system error" in the BIOS.

I then get the blue screen with the message "c0000135 the program can't start because he %hs is missing"
I've researched the issue and it seems the Zeroaccess virus has infiltrated my pc. I can't seem to clean it.

below is the log from the FRSTscan. Please help me.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 27-06-2012 00:03:19
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [x]
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Yvonne\...\Run: [Google Update] "C:\Users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-20] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.4 195.130.131.4

================================ Services (Whitelisted) ==================

2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-08] (Adobe Systems Incorporated)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556032 2010-08-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-21] (Mozilla Foundation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1202688 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [x]

========================== Drivers (Whitelisted) =============

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-20] (Duplex Secure Ltd.)
3 PCIUtil; \??\C:\Users\Yvonne\AppData\Local\Temp\PCIUtil.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-27 00:03 - 2012-06-27 00:03 - 00000000 ____D C:\FRST
2012-06-26 21:26 - 2012-06-26 21:26 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-06-26 20:09 - 2012-06-26 20:09 - 00000000 __SHD C:\found.000
2012-06-26 19:57 - 2012-06-26 19:57 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-06-26 05:31 - 2009-09-09 21:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2012-06-26 05:19 - 2012-06-26 05:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-26 05:16 - 2009-11-25 02:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-06-26 05:16 - 2009-11-25 02:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-06-26 05:16 - 2009-11-25 02:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2012-06-26 05:16 - 2009-11-25 02:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2012-06-26 05:16 - 2009-11-25 02:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-06-26 04:45 - 2012-06-03 13:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-26 04:15 - 2012-02-29 21:53 - 00019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-26 04:15 - 2012-02-29 21:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-26 04:15 - 2012-02-29 21:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-26 04:15 - 2012-02-29 21:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-26 04:14 - 2012-06-26 04:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-26 04:14 - 2012-06-26 04:14 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-26 04:14 - 2012-06-26 04:14 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-26 04:14 - 2012-06-26 04:14 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-26 04:14 - 2012-06-26 04:14 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-26 04:13 - 2012-06-26 04:14 - 00003733 ____A C:\Windows\IE9_main.log
2012-06-26 04:12 - 2010-02-10 23:10 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\browserchoice.exe
2012-06-26 03:59 - 2010-03-03 19:57 - 00190976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2012-06-26 03:59 - 2009-10-09 18:57 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2012-06-26 03:56 - 2010-09-13 22:07 - 00276992 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2012-06-26 03:53 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-26 03:53 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-26 03:53 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-26 03:52 - 2010-08-03 22:17 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\msdri.dll
2012-06-26 03:51 - 2012-05-14 17:12 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-26 03:51 - 2011-11-16 21:41 - 01288984 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-06-26 03:51 - 2011-07-15 20:37 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-06-26 03:51 - 2011-07-15 20:34 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-06-26 03:51 - 2011-07-15 20:34 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-06-26 03:51 - 2011-07-15 20:31 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-06-26 03:51 - 2011-07-15 20:19 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 20:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 18:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 18:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 18:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-06-26 03:51 - 2011-07-15 18:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-06-26 03:51 - 2011-04-24 18:35 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-06-26 03:51 - 2011-02-22 21:05 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-06-26 03:51 - 2010-12-20 21:38 - 00350720 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-06-26 03:51 - 2010-12-20 21:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2012-06-26 03:51 - 2010-12-20 21:38 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2012-06-26 03:51 - 2010-12-20 21:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2012-06-26 03:51 - 2010-12-20 21:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2012-06-26 03:51 - 2010-12-20 21:36 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-26 03:51 - 2010-12-20 21:36 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-26 03:51 - 2010-12-20 21:34 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2012-06-26 03:51 - 2010-11-01 20:41 - 00351232 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2012-06-26 03:51 - 2010-11-01 20:41 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-06-26 03:51 - 2010-11-01 20:40 - 00496128 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-06-26 03:51 - 2010-11-01 20:40 - 00305152 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2012-06-26 03:51 - 2010-11-01 20:39 - 00749056 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-06-26 03:51 - 2010-11-01 20:34 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2012-06-26 03:51 - 2010-11-01 20:34 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2012-06-26 03:51 - 2010-08-30 20:32 - 00954752 ____A (Microsoft Corporation) C:\Windows\System32\mfc40.dll
2012-06-26 03:51 - 2010-08-30 20:32 - 00954288 ____A (Microsoft Corporation) C:\Windows\System32\mfc40u.dll
2012-06-26 03:51 - 2010-08-26 21:46 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2012-06-26 03:51 - 2010-06-25 21:14 - 01495040 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-06-26 03:51 - 2010-05-23 02:15 - 01619456 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-06-26 03:51 - 2010-05-23 02:11 - 03181568 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-06-26 03:51 - 2010-05-23 02:11 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-06-26 03:50 - 2012-04-01 20:46 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-06-26 03:50 - 2012-04-01 20:46 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-26 03:50 - 2012-03-30 02:29 - 01287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-26 03:50 - 2012-02-14 21:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-26 03:50 - 2012-02-14 20:22 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-26 03:50 - 2011-11-16 21:48 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-26 03:50 - 2011-11-16 21:48 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-26 03:50 - 2011-11-16 21:42 - 00369352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-26 03:50 - 2011-11-16 21:39 - 00314368 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-06-26 03:50 - 2011-11-16 21:39 - 00224768 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-26 03:50 - 2011-11-16 21:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-06-26 03:50 - 2011-11-16 21:39 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-06-26 03:50 - 2011-11-16 21:39 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-06-26 03:50 - 2011-11-16 21:38 - 01037312 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-06-26 03:50 - 2011-11-16 21:36 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-06-26 03:50 - 2011-11-04 20:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-06-26 03:50 - 2011-10-25 20:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-06-26 03:50 - 2011-10-25 20:28 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-26 03:50 - 2011-08-26 20:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-06-26 03:50 - 2011-08-26 20:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-06-26 03:50 - 2011-05-24 02:35 - 00294912 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-06-26 03:50 - 2011-03-10 21:40 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-06-26 03:50 - 2011-03-10 21:40 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-06-26 03:49 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-26 03:49 - 2012-03-16 23:20 - 00056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-26 03:49 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-06-26 03:49 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-26 03:49 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-06-26 03:49 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-06-26 03:49 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-06-26 03:49 - 2011-12-15 23:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-06-26 03:49 - 2011-10-25 20:25 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-06-26 03:49 - 2011-08-16 20:26 - 00465408 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-06-26 03:49 - 2011-08-16 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-06-26 03:49 - 2011-08-16 20:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-06-26 03:49 - 2011-08-16 20:22 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-06-26 03:49 - 2011-08-16 20:22 - 00059904 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-06-26 03:49 - 2011-07-08 18:26 - 00222720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-06-26 03:49 - 2011-06-15 20:35 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-06-26 03:49 - 2011-05-03 18:43 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-06-26 03:49 - 2011-05-03 18:43 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-06-26 03:49 - 2011-05-02 20:50 - 00740864 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-06-26 03:49 - 2011-04-28 18:57 - 00311296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-06-26 03:49 - 2011-04-28 18:57 - 00309760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-06-26 03:49 - 2011-04-28 18:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-06-26 03:49 - 2011-04-08 21:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-06-26 03:49 - 2011-03-02 21:29 - 00269824 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-06-26 03:49 - 2011-03-02 21:29 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-06-26 03:49 - 2011-03-02 21:27 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-06-26 03:49 - 2011-02-18 21:33 - 00802304 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-06-26 03:49 - 2011-02-18 21:32 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-06-26 03:49 - 2011-02-18 19:37 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-06-26 03:49 - 2011-02-17 21:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-06-26 03:49 - 2010-12-22 21:28 - 00850432 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-06-26 03:49 - 2010-12-22 21:28 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-06-26 03:49 - 2010-12-22 21:24 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-06-26 03:49 - 2010-10-15 20:34 - 00573440 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2012-06-26 03:49 - 2010-08-25 20:39 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2012-06-26 03:49 - 2010-06-28 21:02 - 01413632 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-06-26 03:48 - 2012-04-27 19:19 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-26 03:48 - 2012-04-25 20:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-26 03:48 - 2012-04-25 20:48 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-26 03:48 - 2012-04-25 20:43 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-26 03:48 - 2012-01-02 21:44 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-06-26 03:48 - 2011-11-19 06:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-06-26 03:48 - 2011-06-15 01:04 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll
2012-06-26 03:48 - 2011-06-15 01:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-06-26 03:48 - 2011-06-15 01:04 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-06-26 03:48 - 2011-06-15 01:04 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-06-26 03:48 - 2011-06-15 01:04 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-06-26 03:48 - 2011-04-26 18:33 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-06-26 03:48 - 2011-03-12 03:31 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-06-26 03:48 - 2011-02-25 21:33 - 02614784 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-06-26 03:48 - 2011-02-23 21:32 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-06-26 03:48 - 2011-02-11 21:30 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-06-26 03:48 - 2010-12-17 21:30 - 02690560 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-06-26 03:48 - 2010-12-17 21:29 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-06-26 03:48 - 2010-12-17 21:26 - 01034240 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-06-26 03:48 - 2010-10-15 20:41 - 00101760 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2012-06-26 03:48 - 2010-08-31 20:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2012-06-26 03:48 - 2010-08-31 20:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2012-06-26 03:48 - 2010-08-20 21:36 - 00738816 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2012-06-26 03:48 - 2010-08-20 21:33 - 00530432 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2012-06-26 03:48 - 2010-08-20 21:32 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-06-26 03:48 - 2010-05-04 22:46 - 00363520 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2012-06-26 03:48 - 2010-01-18 15:29 - 00369152 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2012-06-26 03:48 - 2010-01-18 15:29 - 00365568 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2012-06-26 03:48 - 2010-01-18 15:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2012-06-26 03:48 - 2010-01-18 15:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2012-06-26 03:48 - 2010-01-18 15:28 - 00324608 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2012-06-26 03:48 - 2010-01-18 15:28 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2012-06-26 03:48 - 2010-01-18 15:28 - 00280064 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2012-06-26 03:48 - 2010-01-18 15:28 - 00277504 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2012-06-26 03:47 - 2012-05-01 20:52 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-26 03:47 - 2012-01-04 01:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-26 03:47 - 2012-01-04 01:03 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-06-26 03:47 - 2011-10-14 21:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-06-26 03:47 - 2011-05-03 20:53 - 01553920 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-06-26 03:47 - 2011-05-03 20:52 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-06-26 03:47 - 2011-05-03 20:52 - 00666624 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-06-26 03:47 - 2011-05-03 20:52 - 00428032 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-06-26 03:47 - 2011-05-03 20:52 - 00337408 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-06-26 03:47 - 2011-05-03 20:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-06-26 03:47 - 2011-05-03 20:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-06-26 03:47 - 2011-05-03 20:52 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-06-26 03:47 - 2011-05-03 20:52 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-06-26 03:47 - 2011-04-22 11:36 - 00026496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-06-26 03:47 - 2010-07-28 22:30 - 00197632 ____A (Intel® Corporation) C:\Windows\System32\ir32_32.dll
2012-06-26 03:47 - 2010-07-28 22:30 - 00082944 ____A (Radius Inc.) C:\Windows\System32\iccvid.dll
2012-06-26 03:47 - 2010-03-04 23:42 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2012-06-26 03:47 - 2009-12-19 01:02 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\avifil32.dll
2012-06-26 03:47 - 2009-12-19 01:02 - 00084480 ____A (Microsoft Corporation) C:\Windows\System32\mciavi32.dll
2012-06-26 03:47 - 2009-12-19 01:02 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2012-06-26 03:47 - 2009-12-19 01:02 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2012-06-26 03:47 - 2009-12-19 01:02 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2012-06-26 03:47 - 2009-12-19 01:02 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2012-06-26 03:47 - 2009-12-19 01:02 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2012-06-26 03:47 - 2009-12-08 03:32 - 00292864 ____A (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2012-06-26 03:47 - 2009-10-19 06:10 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-06-26 03:47 - 2009-09-02 23:04 - 01320960 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2012-06-26 03:47 - 2009-08-18 23:20 - 00507568 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-06-26 03:47 - 2009-08-18 23:20 - 00442920 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-06-26 03:32 - 2011-02-02 21:45 - 00219008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-06-26 03:32 - 2010-11-01 20:46 - 00728448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-06-26 03:32 - 2010-11-01 20:23 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-06-26 03:23 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-26 03:23 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-26 03:23 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-26 03:23 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-26 03:23 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-26 03:23 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-26 03:23 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-26 03:23 - 2012-06-02 05:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-26 03:23 - 2012-06-02 05:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-26 03:18 - 2012-06-26 04:36 - 00000000 ____D C:\Windows Loader
2012-06-26 03:07 - 2012-06-26 03:08 - 00135520 ____A C:\Windows\Minidump\062612-16021-01.dmp
2012-06-26 03:07 - 2012-06-26 03:07 - 00000000 ____D C:\Windows\Minidump
2012-06-22 19:53 - 2012-06-26 03:07 - 76337512 ____A C:\Windows\MEMORY.DMP
2012-06-21 11:27 - 2012-06-21 11:27 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-21 11:27 - 2012-06-21 11:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-20 07:23 - 2012-06-20 07:23 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-20 07:23 - 2012-06-20 07:23 - 00000000 ____D C:\Users\Yvonne\AppData\Roaming\Malwarebytes
2012-06-20 07:23 - 2012-06-20 07:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-20 07:23 - 2012-06-20 07:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-20 07:23 - 2012-04-04 05:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-20 07:20 - 2012-06-20 07:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-19 01:38 - 2012-06-19 01:38 - 00000000 ____D C:\Users\Yvonne\Documents\documents - Copy

============ 3 Months Modified Files and Folders ===============

2012-06-27 00:03 - 2012-06-27 00:03 - 00000000 ____D C:\FRST
2012-06-26 21:26 - 2012-06-26 21:26 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-06-26 20:09 - 2012-06-26 20:09 - 00000000 __SHD C:\found.000
2012-06-26 19:57 - 2012-06-26 19:57 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-06-26 06:04 - 2010-10-18 00:31 - 00001900 ____A C:\Windows\PFRO.log
2012-06-26 06:03 - 2010-08-18 10:23 - 01642405 ____A C:\Windows\WindowsUpdate.log
2012-06-26 06:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-26 05:59 - 2010-08-18 10:54 - 00721264 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 05:55 - 2009-07-13 20:34 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 05:55 - 2009-07-13 20:34 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 05:52 - 2009-07-13 20:33 - 00344488 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-26 05:51 - 2010-08-22 03:58 - 00044448 ____A C:\Windows\setupact.log
2012-06-26 05:51 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 05:49 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-26 05:49 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-26 05:39 - 2010-08-21 03:51 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-26 05:25 - 2010-08-20 10:00 - 00001070 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2337836944-2319696534-3432536068-1000UA.job
2012-06-26 05:25 - 2010-08-20 10:00 - 00001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2337836944-2319696534-3432536068-1000Core.job
2012-06-26 05:23 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-06-26 05:19 - 2012-06-26 05:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-26 04:51 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-06-26 04:36 - 2012-06-26 03:18 - 00000000 ____D C:\Windows Loader
2012-06-26 04:14 - 2012-06-26 04:14 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-26 04:14 - 2012-06-26 04:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-26 04:14 - 2012-06-26 04:14 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-26 04:14 - 2012-06-26 04:14 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-26 04:14 - 2012-06-26 04:14 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-26 04:14 - 2012-06-26 04:14 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-26 04:14 - 2012-06-26 04:14 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-26 04:14 - 2012-06-26 04:14 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-26 04:14 - 2012-06-26 04:13 - 00003733 ____A C:\Windows\IE9_main.log
2012-06-26 04:05 - 2011-07-30 00:53 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-26 04:05 - 2011-07-30 00:51 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-26 03:08 - 2012-06-26 03:07 - 00135520 ____A C:\Windows\Minidump\062612-16021-01.dmp
2012-06-26 03:07 - 2012-06-26 03:07 - 00000000 ____D C:\Windows\Minidump
2012-06-26 03:07 - 2012-06-22 19:53 - 76337512 ____A C:\Windows\MEMORY.DMP
2012-06-23 08:50 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-06-22 06:45 - 2010-08-18 10:50 - 00000000 ____D C:\users\Yvonne
2012-06-21 11:27 - 2012-06-21 11:27 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-21 11:27 - 2012-06-21 11:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-21 11:27 - 2010-08-24 11:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-20 07:23 - 2012-06-20 07:23 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-20 07:23 - 2012-06-20 07:23 - 00000000 ____D C:\Users\Yvonne\AppData\Roaming\Malwarebytes
2012-06-20 07:23 - 2012-06-20 07:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-20 07:23 - 2012-06-20 07:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-20 07:20 - 2012-06-20 07:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-19 01:38 - 2012-06-19 01:38 - 00000000 ____D C:\Users\Yvonne\Documents\documents - Copy
2012-06-11 23:51 - 2011-02-22 03:23 - 00001237 ____A C:\Users\Yvonne\Desktop\DSC_0078 - Shortcut.lnk
2012-06-03 13:35 - 2012-06-26 04:45 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-26 03:23 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-26 03:23 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-26 03:23 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-26 03:23 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-26 03:23 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-26 03:23 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-26 03:23 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-26 03:23 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:12 - 2012-06-26 03:23 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-14 17:12 - 2012-06-26 03:51 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-01 20:52 - 2012-06-26 03:47 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 11:19 - 2012-04-30 11:19 - 00000125 ____A C:\Users\Yvonne\Desktop\BPO banking.url
2012-04-30 05:39 - 2012-04-30 05:37 - 00000132 ____A C:\Users\Yvonne\Desktop\gmail.url
2012-04-27 19:19 - 2012-06-26 03:48 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:48 - 2012-06-26 03:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:48 - 2012-06-26 03:48 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:43 - 2012-06-26 03:48 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:47 - 2012-06-26 03:53 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:47 - 2012-06-26 03:53 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:47 - 2012-06-26 03:53 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 11:55 - 2012-04-19 11:55 - 00015872 __ASH C:\Users\Yvonne\Thumbs.db
2012-04-07 03:34 - 2012-06-26 03:49 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 05:56 - 2012-06-20 07:23 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 20:46 - 2012-06-26 03:50 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-01 20:46 - 2012-06-26 03:50 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 02:29 - 2012-06-26 03:50 - 01287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

========================= Known DLLs (Whitelisted) ============

C:\Windows\System32\user32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 35%
Total physical RAM: 1014.14 MB
Available physical RAM: 658.13 MB
Total Pagefile: 1014.14 MB
Available Pagefile: 653.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:50.09 GB) (Free:24.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (data) (Fixed) (Total:24.41 GB) (Free:15.07 GB) NTFS
4 Drive f: () (Removable) (Total:3.72 GB) (Free:1.47 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 50 GB 31 KB
Partition 2 Primary 24 GB 50 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 50 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D data NTFS Partition 24 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3818 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 23:30

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   49.84KB   1 downloads

Edited by boopme, 26 June 2012 - 07:09 PM.


BC AdBot (Login to Remove)

 


#2 Warsnake

Warsnake
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 27 June 2012 - 05:12 AM

anyone? I'm most concerned that the user32.dll and winlogon.exe is not found in the SYSTEM32 folder

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 27 June 2012 - 05:49 AM

Hello Warsnake,

Welcome to the forum.

I see the system is updated yesterday. Had you noticed any infection or the boot issue appeared after the Windows update?

Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

winlogon.exe;user32.dll

Note: The file names should be separated by semicolon (;)

Click Search button and post the log it makes to your reply.

Edited by Farbar, 27 June 2012 - 05:50 AM.


#4 Warsnake

Warsnake
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 27 June 2012 - 12:43 PM

Hey Farbar,

Thanks you for helping. This is the requested log:

Farbar Recovery Scan Tool Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-27 19:39:03
Running from F:\

================== Search: "winlogon.exe;user32.dll" ===================

C:\Windows.old\Windows\system32\user32.dll
[2004-08-12 05:31] - [2008-04-13 19:42] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows.old\Windows\system32\winlogon.exe
[2004-08-12 05:33] - [2008-04-13 19:42] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows.old\Windows\ServicePackFiles\i386\user32.dll
[2008-09-19 04:49] - [2008-04-13 19:42] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe
[2008-09-19 04:49] - [2008-04-13 19:42] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows.old\Windows\$NtServicePackUninstall$\user32.dll
[2008-09-19 04:43] - [2004-08-12 05:31] - 0577024 ___AC (Microsoft Corporation) C72661F8552ACE7C5C85E16A3CF505C4

C:\Windows.old\Windows\$NtServicePackUninstall$\winlogon.exe
[2008-09-19 04:43] - [2004-08-12 05:33] - 0502272 ___AC (Microsoft Corporation) 01C3346C241652F43AED8E2149881BFE

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012-06-26 03:47] - [2009-10-27 21:52] - 0285696 ____A (Microsoft Corporation) 3BABE6767C78FBF5FB8435FEED187F30

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2012-06-26 03:47] - [2009-10-27 22:17] - 0285696 ____A (Microsoft Corporation) 37CDB7E72EB66BA85A87CBE37E7F03FD

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009-07-13 15:37] - [2009-07-13 17:14] - 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012-06-20 07:23] - [2012-04-04 05:56] - 0199240 ____A () 097D0E812D7A9A3101CE46CB2BE0474D

=== End Of Search ===

I've also noticed that when I tried the auto-repair, it says that a patch is preventing the system to start.

Edited by Warsnake, 27 June 2012 - 12:44 PM.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 27 June 2012 - 03:18 PM

Now we have the log.

Could you please answer the question too?

#6 Warsnake

Warsnake
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 27 June 2012 - 03:22 PM

no I haven't noticed any virus prior to the patching.

the boot issue came after the updates

Edited by Warsnake, 27 June 2012 - 03:36 PM.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 27 June 2012 - 04:03 PM

I suspected the problem is Windows update. So the issue might be deeper than just missing those important system files. We will see.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll C:\Windows\System32\user32.dll
Replace: C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe C:\Windows\System32\winlogon.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also reboot, let it boot normally and tell me how it went.

Edited by Farbar, 27 June 2012 - 04:03 PM.


#8 Warsnake

Warsnake
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 27 June 2012 - 04:45 PM

This is the log. And the pc seems to be booting again

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-27 23:43:16 Run:1
Running from F:\

==============================================

Could not find C:\Windows\System32\user32.dll.
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll copied successfully to C:\Windows\System32\user32.dll
Could not find C:\Windows\System32\winlogon.exe.
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe copied successfully to C:\Windows\System32\winlogon.exe

==== End of Fixlog ====

any idea how this could have happened?

#9 Warsnake

Warsnake
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 27 June 2012 - 05:19 PM

Rebooted for second time. Error came back.

attempting repair. I'll post again when I have new log

Seems System Restore needed to restore something. booting works now.

Edited by Warsnake, 27 June 2012 - 05:22 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 28 June 2012 - 01:01 AM

Looks the issue is resolved isn't it?

#11 Warsnake

Warsnake
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 28 June 2012 - 01:04 AM

Yes,

You've been a major help, Farbar. Couldn't have done it without your help.

Bedankt voor de hulp!

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:07 AM

Posted 28 June 2012 - 03:10 AM

Graag gedaan Warsnake. :)

This thread will now be closed since the issue seems to be resolved.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users