Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLs Need Need FIXLIST.txt


  • This topic is locked This topic is locked
4 replies to this topic

#1 Tonychong

Tonychong

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 05 November 2012 - 01:04 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 05-11-2012 00:29:38
Running from H:\
Windows 7 Ultimate (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001

ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.
==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [206448 2012-11-04] (Kaspersky Lab ZAO)
HKLM\...\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKU\Antony\...\Run: [SUPERAntiSpyware] D:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [x]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146

==================== Services (Whitelisted) ===================

2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [64952 2011-06-06] (Adobe Systems Incorporated)
2 AVP; "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [206448 2012-11-04] (Kaspersky Lab ZAO)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [878416 2009-06-10] (Microsoft Corporation)
2 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [73728 2009-06-17] (Hewlett-Packard Company)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 [3201024 2008-07-29] (Microsoft Corporation)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [490280 2010-03-25] (Nero AG)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-12-27] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-13] (Skype Technologies)
3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService [419624 2011-12-09] (Valve Corporation)
2 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2916736 2011-11-29] (TeamViewer GmbH)

==================== Drivers (Whitelisted) =====================

3 amdiox86; C:\Windows\System32\Drivers\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [86656 2012-05-14] (Advanced Micro Devices)
3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
3 b57nd60x; C:\Windows\System32\Drivers\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [586072 2012-11-04] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [23856 2011-03-11] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [19984 2009-11-03] (Kaspersky Lab)
3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
3 RecFltr; C:\Windows\System32\Drivers\RecFltr.sys [41984 2007-01-18] ()
3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-03-02] (Realtek Corporation )

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-05 06:26 - 2012-11-05 06:26 - 00000000 ____D C:\ComboFix
2012-11-05 06:25 - 2012-11-05 06:26 - 00000000 ____D C:\Qoobox
2012-11-05 06:24 - 2012-11-05 06:24 - 00000000 ____D C:\Windows\erdnt
2012-11-05 06:23 - 2012-11-05 06:24 - 04996943 ____R (Swearware) C:\Users\Antony\Downloads\ComboFix.exe
2012-11-05 05:07 - 2012-11-05 05:38 - 174063616 ____A C:\Users\Antony\Downloads\Disco de reparaciˇn Windows 7 64 bits.iso
2012-11-05 04:42 - 2012-11-05 05:07 - 91880930 ____A C:\Users\Antony\Downloads\RepairDiscWindows7-64-bit.iso.part
2012-11-05 00:29 - 2012-11-05 00:29 - 00000000 ____D C:\FRST
2012-11-04 21:24 - 2012-11-04 21:41 - 280369152 ____A C:\Users\Antony\Downloads\kav_rescue_10.iso
2012-11-04 16:50 - 2012-11-04 22:11 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-10-27 19:17 - 2012-10-27 19:17 - 00000000 ____D C:\VSPath
2012-10-27 17:24 - 2012-10-27 17:24 - 00000000 ____D C:\Users\All Users\ATI
2012-10-27 17:24 - 2012-10-27 17:24 - 00000000 ____D C:\Program Files\AMD AVT
2012-10-27 17:24 - 2012-10-27 17:24 - 00000000 ____D C:\Program Files\AMD APP
2012-10-14 05:12 - 2012-10-14 05:13 - 00000000 ____D C:\Program Files\Apache
2012-10-10 19:06 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-10 19:06 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-10 19:06 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-10 19:06 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-10 19:06 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-10 19:06 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-10 19:06 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-10 19:06 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-10 19:06 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-10 19:06 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-10 19:06 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-10 19:06 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-10 19:06 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-10 19:06 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-10 19:06 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-10 19:06 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-10 19:04 - 2012-10-10 19:04 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-10-10 17:04 - 2012-10-10 17:04 - 00000000 ____D C:\Users\Antony\AppData\Local\Macromedia
2012-10-10 17:01 - 2012-11-04 19:34 - 00000000 ____D C:\Windows\pss
2012-10-10 17:00 - 2012-09-14 19:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 17:00 - 2012-08-30 18:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 17:00 - 2012-08-30 18:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 17:00 - 2012-08-24 18:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 17:00 - 2012-08-11 00:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 17:00 - 2012-07-18 18:10 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-10-10 17:00 - 2012-07-04 22:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-10-10 17:00 - 2012-07-04 22:23 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-10-10 17:00 - 2012-07-04 22:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-10-10 17:00 - 2012-06-02 05:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 17:00 - 2012-06-02 05:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 17:00 - 2012-06-02 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 17:00 - 2012-05-14 05:37 - 00768512 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-10-10 16:54 - 2012-10-10 16:54 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-10 16:46 - 2012-10-10 16:47 - 00000000 ____D C:\Users\Antony\AppData\Local\{A0ACC46B-E78D-4EA4-8484-6634DC82BB83}

==================== 3 Months Modified Files ==================

2012-11-05 06:27 - 2009-07-14 05:34 - 00016256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-05 06:27 - 2009-07-14 05:34 - 00016256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-05 06:24 - 2012-11-05 06:23 - 04996943 ____R (Swearware) C:\Users\Antony\Downloads\ComboFix.exe
2012-11-05 06:04 - 2011-11-12 22:25 - 00041625 ____A C:\Windows\AutoKMS.log
2012-11-05 06:03 - 2011-11-07 03:06 - 00014970 ____A C:\Windows\setupact.log
2012-11-05 06:03 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-05 05:38 - 2012-11-05 05:07 - 174063616 ____A C:\Users\Antony\Downloads\Disco de reparaciˇn Windows 7 64 bits.iso
2012-11-05 05:07 - 2012-11-05 04:42 - 91880930 ____A C:\Users\Antony\Downloads\RepairDiscWindows7-64-bit.iso.part
2012-11-05 04:33 - 2011-12-16 05:39 - 00001120 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3394996846-91429943-2269722903-1001UA.job
2012-11-04 21:41 - 2012-11-04 21:24 - 280369152 ____A C:\Users\Antony\Downloads\kav_rescue_10.iso
2012-11-04 20:03 - 2011-11-01 00:28 - 00586072 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-11-04 19:57 - 2011-10-31 22:58 - 01684704 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-04 19:57 - 2009-07-14 09:48 - 00743456 ____A C:\Windows\System32\perfh00A.dat
2012-11-04 19:57 - 2009-07-14 09:48 - 00156682 ____A C:\Windows\System32\perfc00A.dat
2012-10-27 17:10 - 2011-11-07 03:06 - 00406432 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-10 19:04 - 2011-10-02 00:15 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-10-10 17:29 - 2011-11-01 00:28 - 00116189 ____A C:\Windows\System32\Drivers\klin.dat
2012-10-10 17:29 - 2011-11-01 00:28 - 00098168 ____A C:\Windows\System32\Drivers\klick.dat
2012-10-10 16:54 - 2012-10-10 16:54 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-10 16:54 - 2011-11-01 00:46 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-28 21:36 - 2012-09-28 21:36 - 00180224 ____A C:\Windows\System32\clinfo.exe
2012-09-28 21:36 - 2012-09-28 21:36 - 00065536 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo.dll
2012-09-28 21:36 - 2012-09-28 21:36 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode.dll
2012-09-28 21:32 - 2012-09-28 21:32 - 27341824 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl.dll
2012-09-28 06:32 - 2011-11-01 16:42 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-28 03:22 - 2012-09-28 03:22 - 05557928 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdag.dll
2012-09-28 03:20 - 2012-09-28 03:20 - 09107968 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-09-28 03:07 - 2012-09-28 03:07 - 00304128 ____A C:\Windows\System32\atiapfxx.blb
2012-09-28 03:05 - 2012-09-28 03:05 - 00058880 ____A (AMD) C:\Windows\System32\coinst_9.002.dll
2012-09-28 03:03 - 2012-09-28 03:03 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-09-28 03:02 - 2012-09-28 03:02 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt.dll
2012-09-28 03:02 - 2012-09-28 03:02 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl.dll
2012-09-28 02:57 - 2012-09-28 02:57 - 13703168 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd.dll
2012-09-28 02:43 - 2012-09-28 02:43 - 00935424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx32.dll
2012-09-28 02:41 - 2012-09-28 02:41 - 19624960 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atioglxx.dll
2012-09-28 02:39 - 2012-09-28 02:39 - 06536192 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx32.dll
2012-09-28 02:39 - 2012-09-28 02:39 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atidemgy.dll
2012-09-28 02:38 - 2012-09-28 02:38 - 00473088 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-09-28 02:38 - 2012-09-28 02:38 - 00217600 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-09-28 02:36 - 2012-09-28 02:36 - 00163840 ____A (AMD) C:\Windows\System32\atitmmxx.dll
2012-09-28 02:36 - 2012-09-28 02:36 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\System32\ati2edxx.dll
2012-09-28 02:36 - 2012-09-28 02:36 - 00020992 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-09-28 02:22 - 2012-09-28 02:22 - 02691584 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdva.dll
2012-09-28 02:21 - 2012-09-28 02:21 - 02920000 ____A C:\Windows\System32\atiumdva.cap
2012-09-28 02:13 - 2012-09-28 02:13 - 00405504 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-09-28 02:13 - 2012-09-28 02:13 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atigktxx.dll
2012-09-28 02:13 - 2012-09-28 02:13 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-09-28 02:12 - 2012-09-28 02:12 - 00370176 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-09-28 02:12 - 2012-09-28 02:12 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc32.dll
2012-09-28 02:12 - 2012-09-28 02:12 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom32.dll
2012-09-28 02:11 - 2011-10-12 20:29 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxpag.dll
2012-09-28 02:10 - 2012-09-28 02:10 - 00082944 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9pag.dll
2012-09-28 02:09 - 2012-09-28 02:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-09-14 19:30 - 2012-10-10 17:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 16:00 - 2012-09-14 16:00 - 00038452 ____A C:\Windows\atiogl.xml
2012-08-30 18:18 - 2012-10-10 17:00 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-30 18:18 - 2012-10-10 17:00 - 03902832 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-24 18:10 - 2012-10-10 17:00 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:27 - 2012-10-10 19:06 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 08:03 - 2012-10-10 19:06 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 07:59 - 2012-10-10 19:06 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 07:51 - 2012-10-10 19:06 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 07:51 - 2012-10-10 19:06 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 07:51 - 2012-10-10 19:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 07:49 - 2012-10-10 19:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 07:48 - 2012-10-10 19:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 07:47 - 2012-10-10 19:06 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 07:47 - 2012-10-10 19:06 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 07:47 - 2012-10-10 19:06 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 07:45 - 2012-10-10 19:06 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 07:44 - 2012-10-10 19:06 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 07:44 - 2012-10-10 19:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 07:43 - 2012-10-10 19:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:40 - 2012-10-10 19:06 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-11 00:54 - 2012-10-10 17:00 - 00541184 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll


==================== Known DLLs (Whitelisted) =================

C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\PSAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\sechost.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\DifxApi.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2011-11-01 16:35] - [2009-10-28 07:17] - 0285696 ____A (Microsoft Corporation) 37CDB7E72EB66BA85A87CBE37E7F03FD

C:\Windows\System32\wininit.exe
[2009-07-14 00:36] - [2009-07-14 02:14] - 0096256 ____A (Microsoft Corporation) B5C5DCAD3899512020D135600129D665

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2011-11-01 16:35] - [2011-02-26 06:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe
[2009-07-14 00:19] - [2009-07-14 02:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe
[2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\User32.dll
[2009-07-14 00:24] - [2009-07-14 02:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe
[2009-07-14 00:34] - [2009-07-14 02:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys
[2009-07-14 00:11] - [2009-07-14 02:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-04 19:50:45

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.49 MB
Available physical RAM: 3506.89 MB
Total Pagefile: 4092.64 MB
Available Pagefile: 3494.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:195.31 GB) (Free:38.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (TonyX) (Fixed) (Total:146.48 GB) (Free:26.51 GB) NTFS
4 Drive e: () (Fixed) (Total:48.82 GB) (Free:8.46 GB) NTFS
5 Drive f: () (Fixed) (Total:75.13 GB) (Free:16.94 GB) NTFS
6 Drive g: (Disco de reparaciˇn Windows 7 64) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
7 Drive h: (MARIPILI XD) (Removable) (Total:7.31 GB) (Free:7.31 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Núm Disco Estado TamaĄo Disp Din Gpt
---------- ---------- ------- ------- --- ---
Disco 0 En línea 465 GB 0 B
Disco 1 En línea 7504 MB 0 B

Partitions of Disk 0:
===============

Núm Partición Tipo TamaĄo Desplazamiento
------------- ---------------- ------- ---------------
Partición 1 Principal 195 GB 1024 KB
Partición 2 Principal 146 GB 195 GB
Partición 3 Principal 48 GB 341 GB
Partición 4 Principal 75 GB 390 GB

==================================================================================

Disk: 0
Partición 1
Tipo : 07
Oculta : No
Activa : Sí

Núm Volumen Ltr Etiqueta Fs Tipo TamaĄo Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 1 C NTFS Partición 195 GB Correcto

=========================================================

Disk: 0
Partición 2
Tipo : 07
Oculta : No
Activa : No

Núm Volumen Ltr Etiqueta Fs Tipo TamaĄo Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 2 D TonyX NTFS Partición 146 GB Correcto

=========================================================

Disk: 0
Partición 3
Tipo : 07
Oculta : No
Activa : No

Núm Volumen Ltr Etiqueta Fs Tipo TamaĄo Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 3 E NTFS Partición 48 GB Correcto

=========================================================

Disk: 0
Partición 4
Tipo : 07
Oculta : No
Activa : No

Núm Volumen Ltr Etiqueta Fs Tipo TamaĄo Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 4 F NTFS Partición 75 GB Correcto

=========================================================

Partitions of Disk 1:
===============

Núm Partición Tipo TamaĄo Desplazamiento
------------- ---------------- ------- ---------------
Partición 1 Principal 7502 MB 1420 KB

==================================================================================

Disk: 1
Partición 1
Tipo : 0B
Oculta : No
Activa : No

Núm Volumen Ltr Etiqueta Fs Tipo TamaĄo Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 5 H MARIPILI X FAT32 Extraíble 7502 MB Correcto

=========================================================

Last Boot: 2012-01-30 04:53

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 Tonychong

Tonychong
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 05 November 2012 - 09:20 AM

some one can help me?
Win 7 64 ultimate, cant start T_T

#3 Tonychong

Tonychong
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 05 November 2012 - 03:40 PM

no one can help me?

#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:29 PM

Posted 07 November 2012 - 03:59 AM

Hello Tonychong :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

First, FRST was run incorrectly and is an outdated version of the tool.

Since it appears you are able to boot into some sort of Safe Mode at least, follow these instructions: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:29 PM

Posted 10 November 2012 - 01:31 PM

Due to the lack of feedback, this topic will be closed.

If you need the topic re-opened, private message me or any moderator to re-open the thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users