Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C0000135 Cannot boot Antivirus removed desktop.ini


  • This topic is locked This topic is locked
24 replies to this topic

#1 Almightyjimbo

Almightyjimbo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 05:50 AM

My antivirus removed desktop.ini and now my computer does not boot.

Here is my checklist file.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
Ran by SYSTEM at 18-10-2012 14:58:12
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-03-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-30] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.)
HKU\jabba\...\Run: [Google Update] "C:\Users\jabba\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-03-17] (Google Inc.)
HKU\jabba\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\jabba\...\Run: [Akamai NetSession Interface] "C:\Users\jabba\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\jabba\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\jabba\...\Run: [PlayNC Launcher] [x]
HKU\jabba\...\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2012-08-07] (NEXON Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ===================

3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 RadeonPro Support Service; "C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe" [12800 2011-02-09] (Mr. John aka japamd)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) =====================

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-15] (DT Soft Ltd)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-11-20] (Duplex Secure Ltd.)
3 dump_wmimmc; \??\C:\gPotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 sj; \??\C:\AeriaGames\EdenEternal\sjcs64.sys [x]
3 X6va001; \??\C:\Users\jabba\AppData\Local\Temp\0019717.tmp [x]
3 X6va002; \??\C:\Users\jabba\AppData\Local\Temp\002F9B9.tmp [x]
3 X6va003; \??\C:\Users\jabba\AppData\Local\Temp\003F351.tmp [x]
3 X6va005; \??\C:\Users\jabba\AppData\Local\Temp\005F843.tmp [x]
3 X6va007; \??\C:\Users\jabba\AppData\Local\Temp\007435C.tmp [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-18 14:58 - 2012-10-18 14:58 - 00000000 ____D C:\FRST
2012-10-16 22:39 - 2012-10-16 22:40 - 76999744 ____A (Microsoft Corporation) C:\Users\jabba\Downloads\msert.exe
2012-10-09 14:47 - 2012-08-30 10:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 14:47 - 2012-08-30 09:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 14:47 - 2012-08-30 09:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 14:47 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 14:47 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 14:46 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 14:46 - 2012-09-14 10:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 14:46 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 14:46 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 14:45 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 14:45 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 14:45 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 14:45 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 14:45 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 14:45 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 12:43 - 2012-10-09 13:38 - 75481270 ____A C:\Users\jabba\Downloads\Last Scenario v122.zip
2012-10-02 14:23 - 2012-10-02 14:27 - 00000000 ____D C:\Users\jabba\Desktop\exit fate
2012-10-02 09:15 - 2012-10-02 09:15 - 00002125 ____A C:\Users\jabba\Desktop\Fantasy Tales Online.lnk
2012-10-02 09:12 - 2012-10-02 09:13 - 00002609 ____A C:\Users\jabba\Downloads\client.jnlp
2012-10-02 07:44 - 2012-10-02 08:42 - 152764237 ____A C:\Users\jabba\Downloads\Exit Fate v102.zip
2012-09-25 17:41 - 2012-09-25 17:41 - 00007431 ____A C:\Users\jabba\Desktop\jabbatxtfb.txt
2012-09-23 15:19 - 2012-09-23 15:16 - 00004132 ____A C:\Users\jabba\Desktop\settings.txt
2012-09-23 08:35 - 2012-10-16 15:32 - 00000000 ____D C:\Users\jabba\AppData\Local\LogMeIn Hamachi
2012-09-23 08:34 - 2012-09-23 08:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-09-23 08:33 - 2012-09-23 08:33 - 03881472 ____A C:\Users\jabba\Downloads\hamachi.msi
2012-09-22 04:25 - 2012-08-24 10:05 - 01501696 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 04:25 - 2012-08-24 10:05 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 04:25 - 2012-08-24 10:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 04:25 - 2012-08-24 10:03 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-09-22 04:25 - 2012-08-24 10:02 - 09375744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 04:25 - 2012-08-24 10:02 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 04:25 - 2012-08-24 10:02 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 04:25 - 2012-08-24 10:02 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-22 04:25 - 2012-08-24 10:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 04:25 - 2012-08-24 10:02 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-22 04:25 - 2012-08-24 10:01 - 12404736 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 04:25 - 2012-08-24 10:01 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 04:25 - 2012-08-24 10:01 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-22 04:25 - 2012-08-24 10:01 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-22 04:25 - 2012-08-24 10:01 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 04:25 - 2012-08-24 09:59 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-09-22 04:25 - 2012-08-24 09:10 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 04:25 - 2012-08-24 09:10 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 04:25 - 2012-08-24 09:10 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 04:25 - 2012-08-24 09:09 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 04:25 - 2012-08-24 09:09 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 04:25 - 2012-08-24 09:09 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-09-22 04:25 - 2012-08-24 09:09 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 04:25 - 2012-08-24 09:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-09-22 04:25 - 2012-08-24 09:08 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 04:25 - 2012-08-24 09:08 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 04:25 - 2012-08-24 09:08 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-09-22 04:25 - 2012-08-24 09:08 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-09-22 04:25 - 2012-08-24 09:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-22 04:25 - 2012-08-24 09:08 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 04:25 - 2012-08-24 09:08 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-09-22 04:25 - 2012-08-24 09:06 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-09-22 04:25 - 2012-08-24 08:45 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-22 04:25 - 2012-08-24 08:02 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 04:25 - 2012-08-24 08:01 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-09-22 04:25 - 2012-08-24 07:27 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-20 09:09 - 2012-09-20 09:10 - 00018473 ____A C:\Windows\DirectX.log
2012-09-20 08:44 - 2012-09-20 08:44 - 00000208 ____A C:\Users\jabba\Desktop\Torchlight II.url

==================== 3 Months Modified Files ==================

2012-10-17 01:09 - 2010-11-25 23:17 - 02078165 ____A C:\Windows\WindowsUpdate.log
2012-10-17 00:52 - 2012-03-17 05:31 - 00001160 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830549897-3049806926-201021190-1000UA.job
2012-10-17 00:49 - 2012-04-20 00:40 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-16 23:52 - 2012-08-09 05:53 - 00711286 ___AH C:\Windows\MEMORY.DMP
2012-10-16 22:40 - 2012-10-16 22:39 - 76999744 ____A (Microsoft Corporation) C:\Users\jabba\Downloads\msert.exe
2012-10-16 15:37 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-16 15:37 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-16 15:32 - 2012-08-08 13:02 - 00008451 ____A C:\Windows\setupact.log
2012-10-16 15:32 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-16 01:52 - 2012-03-17 05:31 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830549897-3049806926-201021190-1000Core.job
2012-10-09 17:02 - 2010-10-11 05:21 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 13:38 - 2012-10-09 12:43 - 75481270 ____A C:\Users\jabba\Downloads\Last Scenario v122.zip
2012-10-08 10:49 - 2012-04-20 00:40 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 10:49 - 2011-05-18 05:11 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-06 07:33 - 2010-09-08 16:01 - 00007595 ____A C:\Users\jabba\AppData\Local\Resmon.ResmonCfg
2012-10-02 09:15 - 2012-10-02 09:15 - 00002125 ____A C:\Users\jabba\Desktop\Fantasy Tales Online.lnk
2012-10-02 09:13 - 2012-10-02 09:12 - 00002609 ____A C:\Users\jabba\Downloads\client.jnlp
2012-10-02 08:42 - 2012-10-02 07:44 - 152764237 ____A C:\Users\jabba\Downloads\Exit Fate v102.zip
2012-09-25 17:41 - 2012-09-25 17:41 - 00007431 ____A C:\Users\jabba\Desktop\jabbatxtfb.txt
2012-09-24 02:33 - 2012-08-16 04:29 - 00016350 ____A C:\Windows\PFRO.log
2012-09-23 15:16 - 2012-09-23 15:19 - 00004132 ____A C:\Users\jabba\Desktop\settings.txt
2012-09-23 08:33 - 2012-09-23 08:33 - 03881472 ____A C:\Users\jabba\Downloads\hamachi.msi
2012-09-22 17:09 - 2009-07-14 02:53 - 00711394 ____A C:\Windows\System32\perfh010.dat
2012-09-22 17:09 - 2009-07-14 02:53 - 00134042 ____A C:\Windows\System32\perfc010.dat
2012-09-22 17:09 - 2009-07-13 21:13 - 01578288 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-20 09:10 - 2012-09-20 09:09 - 00018473 ____A C:\Windows\DirectX.log
2012-09-20 08:44 - 2012-09-20 08:44 - 00000208 ____A C:\Users\jabba\Desktop\Torchlight II.url
2012-09-17 14:23 - 2012-09-15 19:03 - 00196608 ____A C:\Users\jabba\fbchathistory.dat
2012-09-14 11:23 - 2012-10-09 14:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:30 - 2012-10-09 14:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-05 02:01 - 2012-09-05 01:55 - 55205239 ____A C:\Users\jabba\Downloads\5574 - Radiant Historia (U).zip
2012-09-03 04:22 - 2009-07-13 21:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-31 11:32 - 2012-08-15 14:53 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-08-30 10:11 - 2012-10-09 14:47 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:18 - 2012-10-09 14:47 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:18 - 2012-10-09 14:47 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-29 15:15 - 2012-08-29 15:15 - 03782214 ____A C:\chatzum_nt.exe
2012-08-24 10:05 - 2012-10-09 14:47 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 10:05 - 2012-09-22 04:25 - 01501696 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 10:05 - 2012-09-22 04:25 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 10:05 - 2012-09-22 04:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 10:03 - 2012-09-22 04:25 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-24 10:02 - 2012-09-22 04:25 - 09375744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 10:02 - 2012-09-22 04:25 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 10:02 - 2012-09-22 04:25 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 10:02 - 2012-09-22 04:25 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-24 10:02 - 2012-09-22 04:25 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 10:02 - 2012-09-22 04:25 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-24 10:01 - 2012-09-22 04:25 - 12404736 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 10:01 - 2012-09-22 04:25 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 10:01 - 2012-09-22 04:25 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-24 10:01 - 2012-09-22 04:25 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-24 10:01 - 2012-09-22 04:25 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 09:59 - 2012-09-22 04:25 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-24 09:10 - 2012-10-09 14:47 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 09:10 - 2012-09-22 04:25 - 01230848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 09:10 - 2012-09-22 04:25 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 09:10 - 2012-09-22 04:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 09:09 - 2012-09-22 04:25 - 06029824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 09:09 - 2012-09-22 04:25 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 09:09 - 2012-09-22 04:25 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-08-24 09:09 - 2012-09-22 04:25 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 09:09 - 2012-09-22 04:25 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-24 09:08 - 2012-09-22 04:25 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 09:08 - 2012-09-22 04:25 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 09:08 - 2012-09-22 04:25 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-24 09:08 - 2012-09-22 04:25 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-24 09:08 - 2012-09-22 04:25 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 09:08 - 2012-09-22 04:25 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 09:08 - 2012-09-22 04:25 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-24 09:06 - 2012-09-22 04:25 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-24 08:45 - 2012-09-22 04:25 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-24 08:02 - 2012-09-22 04:25 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 08:01 - 2012-09-22 04:25 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-24 07:27 - 2012-09-22 04:25 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 15:53 - 2009-07-13 20:45 - 00259520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 14:53 - 2012-08-15 14:53 - 00000003 ____A C:\Windows\System32\HRUPPROG.DIE.NOW
2012-08-11 16:34 - 2012-08-11 16:03 - 281483359 ____A C:\Users\jabba\Downloads\Sexy_Luna_La_Cena_Di_Natale.rar
2012-08-10 16:53 - 2012-10-09 14:46 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:54 - 2012-10-09 14:46 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-09 03:44 - 2012-08-09 03:44 - 00000725 ____A C:\Users\Public\Desktop\Launch RaiderZ.lnk
2012-08-09 03:43 - 2012-08-09 01:54 - 3455620581 ____A (Perfect World Entertainment) C:\Users\jabba\Desktop\Raiderz_201208061644_Setup.exe
2012-08-09 02:08 - 2012-08-09 02:08 - 00001938 ____A C:\Users\Public\Desktop\Babel Rising.lnk
2012-08-09 01:52 - 2012-08-09 01:51 - 02162600 ____A C:\Users\jabba\Downloads\RaiderZ_downloader_201208061644.exe
2012-08-08 13:02 - 2012-08-08 13:02 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 09:24 - 2011-10-09 04:10 - 00446464 ____A (NEXON Inc.) C:\Windows\NEXON_EU_DownloaderUpdater.exe
2012-08-07 09:24 - 2011-10-09 04:10 - 00000235 ____A C:\Windows\SysWOW64\nxEuUninstall.bat
2012-08-03 05:38 - 2012-08-03 05:38 - 00000943 ____A C:\Users\jabba\Desktop\CDisplay.lnk
2012-08-01 16:49 - 2012-08-01 11:56 - 1469667328 ____A C:\Users\jabba\Desktop\(ITA) - Ichi The Killer (Uncut Edition-Takashi Miike2001) DvdRip ByVedovaNera858.avi
2012-07-31 14:08 - 2012-07-31 14:08 - 00002350 ____A C:\Users\Public\Desktop\Kung Fu Strike - The Warriors Rise.lnk
2012-07-24 01:38 - 2012-07-24 01:38 - 00002033 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2012-07-24 01:38 - 2012-07-24 01:38 - 00002024 ____A C:\Users\Public\Desktop\Smite.lnk


ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 2046.49 MB
Available physical RAM: 1531.62 MB
Total Pagefile: 2046.49 MB
Available Pagefile: 1519.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:465.66 GB) (Free:143.13 GB) NTFS
4 Drive f: () (Removable) (Total:3.61 GB) (Free:2.12 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3701 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Riservato p NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3701 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-10-08 03:06

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:37 AM

Posted 13 January 2013 - 06:24 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Almightyjimbo

Almightyjimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 06:37 AM

Ran the Fix and here is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2013
Ran by SYSTEM at 2013-01-13 06:36:11 Run:1
Running from Y:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet00\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.

==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:37 AM

Posted 13 January 2013 - 06:40 AM

is the computer booting now?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Almightyjimbo

Almightyjimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 06:45 AM

No the computer receives the same error. Should the checkboxes below the search bar be checked in frst?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:37 AM

Posted 13 January 2013 - 06:48 AM

now I see what happened



I need you to run the script and this time hit the fix button not the search button
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Almightyjimbo

Almightyjimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 06:49 AM

I hit the fix button the first time. I just noticed that all the checkboxes were selected for items to be whitelisted.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:37 AM

Posted 13 January 2013 - 06:56 AM

OK send me a new scan from frst please
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Almightyjimbo

Almightyjimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 07:14 AM

I figured out the problem I just do not know how to fix it. When I select fix it tells me an error like cannot find the file then it cannot find the drive. I then change the drive to y which is the flash drive and it cannot scan the registy of the c drive. I believe that is the problem. I have a pretty good idea about computers by the way. I just do not know this and programming. I know what happened just trying to fix the computer.

C: Drive


It does not save a FRST file to check. I have tried it multiple times.


Flash Drive

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 13-01-2013 06:59:14
Running from Y:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry ================================

Attention: Software hive is missing.

ATTENTION: Unable to load Software hive.


==================== Services =============================


==================== Drivers ===============================


========================== Drivers MD5 =======================


==================== NetSvcs (Whitelisted) ====================


==================== Known DLLs ==============================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================


==================== End Of Log =============================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:37 AM

Posted 13 January 2013 - 07:34 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Last Boot: 2012-10-08 03:06


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Almightyjimbo

Almightyjimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 07:47 AM

Did not work. Would not fix says file not available

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:37 AM

Posted 13 January 2013 - 08:04 AM

there is something we are not doing right



the first report says you are running from F and the last one says we are running from Y


how did you run it the first time?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Almightyjimbo

Almightyjimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 08:09 AM

I do not understand what is happening. I try to run it from C which is what the computer gives my flash drive but it doesnt save. I then look again and the flash drive is given the letter y and the hard drive has disappeared. This does not make any sense!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:37 AM

Posted 13 January 2013 - 08:46 AM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run[/b then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the [b]report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Almightyjimbo

Almightyjimbo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 January 2013 - 09:23 AM

does not boot correctly will not run. shows loading in dos then it gets an error that it cannot detect the display and says USB_submit)urb(ctrl) failed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users