Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP c0000135 the program cant start because %hs is missing


  • This topic is locked This topic is locked
3 replies to this topic

#1 Yane

Yane

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 05 July 2012 - 10:12 PM

Hello,

I have trouble to start my computer, and even safe mode does not work. After trying restart several times, I got the message saying "stop c0000135 the program cant start because %hs is missing.

I looked at some similar posts http://www.bleepingcomputer.com/forums/topic444580.html

and I downloaded the Farbar Recovery Scan Tool. I did a scan and saved the log FRST.txt to my flash drive.

I am stuck after this because the next instruction were posted specifically for that user, on his machine.

Can anyone guide me on what to do next, or if there is a different solution?

Thanks.

BC AdBot (Login to Remove)

 


#2 Yane

Yane
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 05 July 2012 - 10:13 PM

Here is the scan results:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-07-2012
Ran by SYSTEM at 05-07-2012 21:44:24
Running from H:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [40960 2009-12-04] ()
HKLM\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s [1527808 2008-10-26] (AuthenTec)
HKLM\...\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-27] ()
HKLM\...\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r [61728 2009-05-28] (Lenovo Group Limited)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog [214576 2010-08-25] ()
HKLM\...\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [256576 2008-10-07] (Lenovo Group Ltd.)
HKLM\...\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [124248 2009-01-28] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [185688 2009-01-28] (Lenovo Group Limited)
HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [894312 2010-08-25] (Lenovo Group Limited)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1206544 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [] [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [111640 2010-02-04] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow [866592 2010-10-15] (Trend Micro Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1246544 2010-11-03] (Logitech, Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 129.130.254.2 129.130.254.3
Lsa: [Notification Packages] scecli
ACGina
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SafeConnect.lnk
ShortcutTarget: SafeConnect.lnk -> C:\Program Files\SafeConnect\scClient.exe (Impulse Point, LLC)
Startup: C:\Users\Yan\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2010-04-22] (Lenovo)
2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [259432 2010-04-22] (Lenovo)
3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2008-10-26] ()
3 DDNIOEMService; "C:\Program Files\DDNI\SBITS\DDNIOEMService.exe" [162280 2007-09-28] (Digital Delivery Networks, Inc.)
2 dtsvc; C:\Windows\system32\DTS.exe [98304 2008-10-26] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-04-20] (Lenovo Group Limited)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-04-20] (Lenovo Group Limited)
2 LVPrcSrv; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [154136 2009-10-06] (Logitech Inc.)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2010-03-05] ()
2 ntrtscan; "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" [1418672 2010-10-14] (Trend Micro Inc.)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
3 PIPIStartSvr; C:\pipi\PIPIStartSvr.exe [21464 2012-04-22] (PIPI)
3 Power Manager DBC Service; "C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE" [75112 2010-08-25] (Lenovo)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [28672 2009-10-19] (Lenovo Group Limited)
3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [345424 2010-07-23] (Trend Micro Inc.)
2 tmlisten; "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" [1349920 2010-10-14] (Trend Micro Inc.)
3 TmPfw; "C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe" [497008 2010-01-07] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe" [689416 2010-01-07] (Trend Micro Inc.)
2 TSSCoreService; "C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe" [779576 2009-03-04] (Lenovo)
2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
2 vpnagent; "C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe" [603896 2011-02-11] (Cisco Systems, Inc.)
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
2 ThinkVantage Registry Monitor Service; "c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [x]
2 ZhuDongFangYu; "C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe" [x]

========================== Drivers (Whitelisted) =============

3 lvpopflt; C:\Windows\System32\DRIVERS\lvpopflt.sys [114712 2009-10-07] (Logitech Inc.)
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-06] ()
3 LVRS; C:\Windows\System32\DRIVERS\lvrs.sys [266008 2009-10-07] (Logitech Inc.)
3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [6756632 2009-10-07] (Logitech Inc.)
3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6758912 2010-03-17] (Intel Corporation)
2 SCManager; C:\Program Files\SafeConnect\scManager.sys servicestart [175968 2011-09-01] (Impulse Point, LLC)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-08-26] (Duplex Secure Ltd.)
2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [62032 2010-07-23] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163920 2010-07-23] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [52304 2010-07-23] (Trend Micro Inc.)
2 TmFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [262416 2011-07-12] (Trend Micro Inc.)
1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146000 2010-07-21] (Trend Micro Inc.)
2 TmPreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36624 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2010-11-08] (Trend Micro Inc.)
2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282704 2010-07-21] (Trend Micro Inc.)
3 vpnva; C:\Windows\System32\DRIVERS\vpnva.sys [19680 2011-02-11] (Cisco Systems, Inc.)
2 VSApiNt; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1405720 2011-07-12] (Trend Micro Inc.)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-13] (Microsoft Corporation)
3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [x]
3 PCDSRVC{3037D694-FD904ACA-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [x]
3 PCDSRVC{C4B36920-79E24793-06020000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-05 07:41 - 2012-07-05 07:41 - 00000000 __AHT C:\Users\Public\Documents\~yan.heng@my.ndsu.edu.ost.tmp
2012-07-04 19:09 - 2012-07-04 19:09 - 00000000 __SHD C:\found.014
2012-07-04 16:34 - 2012-07-04 20:23 - 00828734 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-07-04 16:12 - 2012-07-05 07:37 - 00001024 ____A C:\Users\Yan\.rnd
2012-07-04 15:57 - 2012-07-04 15:57 - 00007630 ____A C:\Users\Yan\AppData\Local\Resmon.ResmonCfg
2012-07-04 15:33 - 2012-07-04 15:33 - 00000000 __SHD C:\found.013
2012-07-03 14:40 - 2012-07-03 14:45 - 00000000 _AHCT C:\Windows\wusa.lock
2012-07-03 13:22 - 2012-07-05 07:35 - 00022300 ___AC C:\Windows\setupact.log
2012-07-03 13:22 - 2012-07-03 13:22 - 00000000 ___AC C:\Windows\setuperr.log
2012-07-03 13:08 - 2012-07-03 13:08 - 00000000 ____D C:\Users\Yan\AppData\Roaming\360mobilemgr
2012-07-03 12:59 - 2012-07-03 16:11 - 00000000 ____D C:\Users\All Users\360safe
2012-07-03 12:58 - 2012-07-03 12:58 - 00000000 ____D C:\Users\Yan\AppData\Roaming\360Login
2012-07-03 12:58 - 2011-11-11 03:31 - 00146776 ___AC (360.cn) C:\Windows\System32\360SoftMgr.cpl
2012-07-03 12:57 - 2012-07-03 12:57 - 00000000 ____D C:\Program Files\360
2012-07-03 12:55 - 2012-07-03 12:55 - 00000000 ____D C:\Program Files\VMware
2012-07-03 12:29 - 2012-07-03 12:31 - 00000618 _RASH C:\Users\Yan\ntuser.pol
2012-07-03 12:29 - 2012-07-03 12:29 - 00000454 _RASH C:\Users\All Users\ntuser.pol
2012-07-03 07:26 - 2012-07-03 07:26 - 00000000 ____D C:\Users\Yan\AppData\Local\{CD37B7EC-469B-4B46-8D73-7CD233D9058C}
2012-07-03 07:26 - 2012-07-03 07:26 - 00000000 ____D C:\Users\Yan\AppData\Local\{9B4AEEBB-CE60-4B94-BFC4-F3D68C635BD4}
2012-07-02 19:30 - 2012-07-03 12:43 - 00000000 __SHD C:\found.012
2012-07-02 14:57 - 2012-07-02 14:57 - 00000000 ____D C:\Users\Yan\AppData\Local\{93094707-2B17-4DF2-B460-DC4CA207F87C}
2012-07-02 14:56 - 2012-07-02 14:56 - 00000000 ____D C:\Users\Yan\AppData\Local\{3096F643-F76B-4188-A340-CB112B627BB5}
2012-07-02 14:19 - 2012-07-02 14:19 - 02983424 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2012-07-02 14:19 - 2012-07-02 14:19 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2012-07-02 14:03 - 2012-07-02 14:03 - 00000000 ____D C:\Users\Yan\AppData\Local\{C29A1997-6516-498A-A346-885C5C6567A8}
2012-07-02 14:03 - 2012-07-02 14:03 - 00000000 ____D C:\Users\Yan\AppData\Local\{001CEA08-9CD5-48A9-AC10-E5BC68C79670}
2012-07-02 14:00 - 2012-07-02 14:00 - 00020240 ____N C:\bootsqm.dat
2012-07-02 13:58 - 2012-07-02 13:58 - 00000000 __SHD C:\found.011
2012-07-02 11:39 - 2012-07-02 11:39 - 00000000 ____D C:\Program Files\Oracle
2012-07-02 11:38 - 2012-05-04 16:29 - 00227720 ___AC (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-02 11:37 - 2012-05-15 16:06 - 00174064 ___AC (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-02 11:37 - 2012-05-15 16:06 - 00174064 ___AC (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-02 11:36 - 2012-07-02 11:37 - 00002942 ___AC C:\Windows\System32\jupdate-1.7.0_05-b05.log
2012-07-02 11:31 - 2012-07-02 11:31 - 00000000 ____D C:\Users\Yan\AppData\Local\{CA7E80E4-25B2-4C05-AD4E-F3BB7DB1BCA1}
2012-07-02 11:30 - 2012-07-02 11:30 - 00000000 ____D C:\Users\Yan\AppData\Local\{0DC67404-8730-4CDF-814B-966205B7209E}
2012-07-02 11:24 - 2012-07-02 11:24 - 00000000 ____D C:\Users\Yan\AppData\Local\{66764E3D-7604-475B-B7D6-70AB1E0759AC}
2012-07-02 11:23 - 2012-07-02 11:23 - 00000000 ____D C:\Users\Yan\AppData\Local\{8833E5D7-139D-4243-8212-8E37D55E410A}
2012-07-02 09:58 - 2012-07-02 09:58 - 00000000 ____D C:\Users\Yan\AppData\Local\{CB19F9F8-D65B-4B94-8623-D0716C20A145}
2012-07-02 09:58 - 2012-07-02 09:58 - 00000000 ____D C:\Users\Yan\AppData\Local\{27BED54D-9C4F-4AE7-8802-59397C776FC1}
2012-07-02 09:40 - 2012-07-02 09:40 - 00000000 ____D C:\Users\Yan\AppData\Local\{E9779809-C4E3-4042-B629-E9190F8C73C1}
2012-07-02 09:40 - 2012-07-02 09:40 - 00000000 ____D C:\Users\Yan\AppData\Local\{794F325A-4785-4DD1-89F2-46AE9CBD9CAE}
2012-06-29 15:48 - 2012-06-29 15:48 - 00000000 ____D C:\Users\Yan\AppData\Local\{77949FCA-BF2D-497B-B488-54CCD8BC81A2}
2012-06-29 15:47 - 2012-06-29 15:48 - 00000000 ____D C:\Users\Yan\AppData\Local\{2EDB307D-0288-428E-A136-8E9824546A04}
2012-06-28 09:42 - 2012-06-28 09:43 - 00000000 ____D C:\Users\Yan\AppData\Local\{5C71E6D2-B031-4E0B-8C9C-9212458ED520}
2012-06-28 09:42 - 2012-06-28 09:42 - 00000000 ____D C:\Users\Yan\AppData\Local\{3B1A722A-EBB2-46B7-BF77-D95DAFFEA00C}
2012-06-27 20:55 - 2012-06-27 20:55 - 00000000 ____D C:\Users\Yan\AppData\Local\{3E2D029A-DAFD-4FB2-89A6-8E0D3B07D10A}
2012-06-27 11:50 - 2012-06-27 12:07 - 00000000 ____D C:\Users\Yan\Desktop\New folder
2012-06-27 08:56 - 2012-06-27 08:56 - 00000000 ____D C:\Users\Yan\AppData\Local\{41E416F4-179D-4B97-BED9-B55A8BF0A160}
2012-06-26 13:49 - 2012-06-27 20:55 - 00000000 ____D C:\Users\Yan\AppData\Local\{F2504B80-B30C-4BF8-B3C9-826DB0ED5A84}
2012-06-22 14:53 - 2012-06-22 14:53 - 00000000 ____D C:\Users\Yan\AppData\Local\{370A3CE2-775B-43CA-BCA3-5D6095F2B0A4}
2012-06-22 14:52 - 2012-06-22 14:52 - 00000000 ____D C:\Users\Yan\AppData\Local\{872056E8-6719-4C26-BEDE-4A045F8E3859}
2012-06-19 17:38 - 2012-06-19 17:38 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-19 17:32 - 2012-06-19 17:37 - 11019776 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 06028288 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-19 17:32 - 2012-06-19 17:37 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-19 17:32 - 2012-06-19 17:37 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-19 17:32 - 2012-06-19 17:37 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-19 17:31 - 2012-06-19 17:31 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-19 17:30 - 2012-06-19 17:31 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-19 17:30 - 2012-06-19 17:31 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-19 17:30 - 2012-06-19 17:31 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-19 17:24 - 2012-06-19 17:24 - 00065536 __ASH C:\Windows\System32\config\components{612af9e2-84a8-11e1-a1a6-806e6f6e6963}.TxR.blf
2012-06-19 17:19 - 2012-06-19 17:19 - 00000000 ____D C:\Users\Yan\AppData\Local\{EE6E2554-5E63-49FC-BA76-52506D2CDA5D}
2012-06-19 17:18 - 2012-06-19 17:19 - 00000000 ____D C:\Users\Yan\AppData\Local\{37588F8A-DF4E-4306-B036-73603343D807}
2012-06-10 12:37 - 2012-06-10 12:38 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-10 12:37 - 2012-06-10 12:38 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-10 12:37 - 2012-06-10 12:38 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-10 12:37 - 2012-06-10 12:38 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-10 12:36 - 2012-06-10 12:38 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-10 12:36 - 2012-06-10 12:38 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-07 23:21 - 2012-06-07 23:21 - 02991512 ___AC (Sogou.com Inc.) C:\Windows\System32\SogouPY.ime
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\Yan\AppData\Local\{A18D5885-2B9E-4739-A003-C856477C3BB1}
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\Yan\AppData\Local\{9AEF730E-6A70-4587-8B99-EFC498554F08}
2012-06-06 19:08 - 2012-06-06 19:08 - 00000000 ____D C:\Users\Yan\Documents\????
2012-06-06 19:08 - 2012-06-06 19:08 - 00000000 ____D C:\Users\Yan\AppData\Roaming\baidu
2012-06-06 19:07 - 2012-06-06 19:07 - 00000614 ____A C:\Users\Public\Desktop\????.lnk


============ 3 Months Modified Files ========================

2012-07-05 17:58 - 2009-07-13 20:53 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2012-07-05 15:30 - 2011-08-18 08:48 - 01572674 ___AC C:\Windows\WindowsUpdate.log
2012-07-05 15:21 - 2011-08-18 08:45 - 00030754 ___AC C:\Windows\PFRO.log
2012-07-05 13:37 - 2010-08-04 07:09 - 00009744 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 13:37 - 2010-08-04 07:09 - 00009744 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 07:41 - 2012-07-05 07:41 - 00000000 __AHT C:\Users\Public\Documents\~yan.heng@my.ndsu.edu.ost.tmp
2012-07-05 07:37 - 2012-07-04 16:12 - 00001024 ____A C:\Users\Yan\.rnd
2012-07-05 07:35 - 2012-07-03 13:22 - 00022300 ___AC C:\Windows\setupact.log
2012-07-04 20:23 - 2012-07-04 16:34 - 00828734 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-07-04 15:57 - 2012-07-04 15:57 - 00007630 ____A C:\Users\Yan\AppData\Local\Resmon.ResmonCfg
2012-07-03 14:45 - 2012-07-03 14:40 - 00000000 _AHCT C:\Windows\wusa.lock
2012-07-03 13:22 - 2012-07-03 13:22 - 00000000 ___AC C:\Windows\setuperr.log
2012-07-03 13:09 - 2011-01-28 17:50 - 00000000 ___AC C:\Windows\System32\multbp.cfg
2012-07-03 12:31 - 2012-07-03 12:29 - 00000618 _RASH C:\Users\Yan\ntuser.pol
2012-07-03 12:29 - 2012-07-03 12:29 - 00000454 _RASH C:\Users\All Users\ntuser.pol
2012-07-02 14:19 - 2012-07-02 14:19 - 02983424 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2012-07-02 14:19 - 2012-07-02 14:19 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2012-07-02 14:00 - 2012-07-02 14:00 - 00020240 ____N C:\bootsqm.dat
2012-07-02 11:37 - 2012-07-02 11:36 - 00002942 ___AC C:\Windows\System32\jupdate-1.7.0_05-b05.log
2012-07-02 10:23 - 2011-08-18 08:05 - 00017530 ___AC C:\Windows\cfgall.ini
2012-07-02 10:02 - 2011-08-23 05:08 - 00000242 ___AC C:\Windows\TMFilter.log
2012-07-02 09:30 - 2011-04-24 08:14 - 1053410304 ____A C:\Users\Public\Documents\yan.heng@my.ndsu.edu.ost
2012-06-30 21:18 - 2011-05-22 10:48 - 00002363 ____A C:\Users\Yan\Desktop\Google Chrome.lnk
2012-06-22 14:49 - 2009-07-13 20:33 - 00538248 ___AC C:\Windows\System32\FNTCACHE.DAT
2012-06-19 17:38 - 2012-06-19 17:38 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-19 17:37 - 2012-06-19 17:32 - 11019776 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 06028288 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 02072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-19 17:37 - 2012-06-19 17:32 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00627200 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-19 17:37 - 2012-06-19 17:32 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-19 17:37 - 2012-06-19 17:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-19 17:31 - 2012-06-19 17:31 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-19 17:31 - 2012-06-19 17:30 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-19 17:31 - 2012-06-19 17:30 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-19 17:31 - 2012-06-19 17:30 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-19 17:24 - 2012-06-19 17:24 - 00065536 __ASH C:\Windows\System32\config\components{612af9e2-84a8-11e1-a1a6-806e6f6e6963}.TxR.blf
2012-06-10 12:38 - 2012-06-10 12:37 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-10 12:38 - 2012-06-10 12:37 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-10 12:38 - 2012-06-10 12:37 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-10 12:38 - 2012-06-10 12:37 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-10 12:38 - 2012-06-10 12:36 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-10 12:38 - 2012-06-10 12:36 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-07 23:21 - 2012-06-07 23:21 - 02991512 ___AC (Sogou.com Inc.) C:\Windows\System32\SogouPY.ime
2012-06-06 20:11 - 2010-08-04 10:05 - 00000983 ____A C:\Users\Yan\Desktop\Dropbox.lnk
2012-06-06 19:07 - 2012-06-06 19:07 - 00000614 ____A C:\Users\Public\Desktop\????.lnk
2012-05-23 19:50 - 2011-09-09 17:01 - 00000000 ___AC C:\Windows\System32\Drivers\lvuvc.hs
2012-05-17 21:02 - 2012-05-09 19:28 - 00000566 ____A C:\Users\Yan\fa.sas
2012-05-16 19:28 - 2012-05-16 19:28 - 00068029 ____A C:\Users\Yan\Documents\pj1.egp
2012-05-15 16:06 - 2012-07-02 11:37 - 00174064 ___AC (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-15 16:06 - 2012-07-02 11:37 - 00174064 ___AC (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-10 06:11 - 2012-05-10 06:11 - 01287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 06:09 - 2012-05-10 06:09 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 06:09 - 2012-05-10 06:09 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 05:09 - 2012-05-10 05:09 - 00056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 05:09 - 2012-05-10 05:08 - 01170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-10 05:09 - 2012-05-10 05:08 - 01074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 05:09 - 2012-05-10 05:08 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-10 05:09 - 2012-05-10 05:08 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-10 05:09 - 2012-05-10 05:08 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-09 19:35 - 2012-05-09 19:35 - 00016196 ____A C:\Users\Yan\fa1
2012-05-04 16:29 - 2012-07-02 11:38 - 00227720 ___AC (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-04 16:29 - 2012-05-19 08:46 - 00772504 ___AC (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-04 16:29 - 2011-11-13 21:18 - 00687504 ___AC (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-01 15:40 - 2012-04-24 19:03 - 00000291 ____A C:\Users\Yan\egg.sas
2012-04-27 14:11 - 2012-01-16 11:36 - 00102400 ___AC C:\Windows\RegBootClean.exe
2012-04-27 08:43 - 2012-04-27 08:43 - 03203309 ____A C:\Users\Yan\lim1.wk1
2012-04-27 08:43 - 2012-04-27 08:31 - 00000393 ____A C:\Users\Yan\lim1.sas
2012-04-27 07:42 - 2012-04-27 07:42 - 00000127 ____A C:\Users\Yan\eggwk.sas
2012-04-27 07:37 - 2012-04-27 07:37 - 00000246 ____A C:\Users\Yan\egg1.sas
2012-04-21 17:52 - 2011-01-28 19:13 - 00001226 ___AC C:\Windows\PIPIPlayer.INI
2012-04-18 06:22 - 2012-04-18 06:22 - 00000165 ___AH C:\Users\Yan\Desktop\~$sas.xlsx
2012-04-17 10:46 - 2012-04-17 10:46 - 00000165 ___AH C:\Users\Yan\Desktop\~$Book2.xlsx
2012-04-12 10:47 - 2012-04-12 10:47 - 00001255 ____A C:\Users\Yan\Desktop\SAS 9.3 (English).lnk
2012-04-12 10:20 - 2010-08-04 07:36 - 00134280 ____A C:\Users\Yan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-11 15:35 - 2006-11-02 02:23 - 00000533 ___AC C:\Windows\win.ini
2012-04-11 15:25 - 2012-04-11 15:25 - 00065536 __ASH C:\Windows\System32\config\components{ab5fb6d8-3e3b-11e1-9e39-806e6f6e6963}.TxR.blf
2012-04-11 08:24 - 2012-04-11 11:03 - 00004665 ____A C:\Users\Yan\Documents\SAS93_99DJ63_70004014_Win_Wrkstn.txt
2012-04-11 08:08 - 2012-04-11 08:08 - 00000880 ____A C:\Users\Yan\Desktop\GAMS.lnk
2012-04-11 08:02 - 2012-04-11 08:02 - 00001916 ____A C:\Users\Yan\Desktop\NLOGIT 4.0.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 1944.03 MB
Available physical RAM: 1504.79 MB
Total Pagefile: 1944.03 MB
Available Pagefile: 1514.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (SW_Preload) (Fixed) (Total:68.96 GB) (Free:17.26 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:68.85 GB) (Free:56.39 GB) NTFS
3 Drive f: (Lenovo) (Fixed) (Total:9.77 GB) (Free:2.42 GB) NTFS
5 Drive h: (KINGSTON) (Removable) (Total:7.45 GB) (Free:0.71 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 1024 KB
Disk 1 Online 7643 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1499 MB 1024 KB
Partition 2 Primary 68 GB 1500 MB
Partition 0 Extended 68 GB 70 GB
Partition 4 Logical 68 GB 70 GB
Partition 3 Primary 9 GB 139 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SERVICEV003 NTFS Partition 1499 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SW_Preload NTFS Partition 68 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D New Volume NTFS Partition 68 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Lenovo NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7643 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 7643 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 14:50

======================= End Of Log ==========================

Edited by Orange Blossom, 05 July 2012 - 11:57 PM.
Moved to log forum. ~ OB


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:55 PM

Posted 06 July 2012 - 12:51 AM

The report shows problems with file associations.

Download the enclosed file. [attachment=126059:fixlist.txt]

Save it next to FRST. Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your next reply.

If successful, boot in Normal Mode. If able to, run Combofix as follows:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 06 July 2012 - 12:52 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:55 PM

Posted 21 September 2012 - 07:47 PM

Due to the lack of feedback this Topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users