This topic is lockedcould this be the problem?
Edited by UndoubledZim, 18 March 2012 - 07:42 PM.
Can't run anything [Solved]
Started by
UndoubledZim
, Mar 13 2012 11:10 AM
#16
Posted 18 March 2012 - 07:41 PM
UndoubledZim
- Topic Starter
-
- Member
-
- 38 posts
Member
could this be the problem?
#17
Posted 18 March 2012 - 07:44 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Yes rename it fixlist.txt sorry!
#18
Posted 18 March 2012 - 08:12 PM
UndoubledZim
- Topic Starter
-
- Member
-
- 38 posts
Member
Roguekiller still doesn't work
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-19 00:05:08 R:1
Running from G:\
==============================================
HKEY_USERS\Justin\Software\Microsoft\Windows\CurrentVersion\Run\\ciphSVCS Value deleted successfully.
HKEY_USERS\Justin\Software\Microsoft\Windows\CurrentVersion\Run\\sbunkmgr Value deleted successfully.
C:\Users\Justin\AppData\Local\Temp\dfrgexer.dll not found.
C:\Users\Justin\AppData\Local\Temp\dfrgexer64.dll moved successfully.
C:\Users\Justin\AppData\Local\520hi15og85k11361861fucfnu5j045lhy3vl18100j moved successfully.
C:\Users\All Users\520hi15og85k11361861fucfnu5j045lhy3vl18100j moved successfully.
C:\ProgramData\520hi15og85k11361861fucfnu5j045lhy3vl18100j not found.
The operation completed successfully.
The operation completed successfully.
========= bcdedit /enum all /v =========
Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {9532bfcd-14d4-11df-a38f-5442492bd2a9}
resumeobject {9532bfcc-14d4-11df-a38f-5442492bd2a9}
displayorder {9532bfcd-14d4-11df-a38f-5442492bd2a9}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
Windows Boot Loader
-------------------
identifier {9532bfcd-14d4-11df-a38f-5442492bd2a9}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {9532bfce-14d4-11df-a38f-5442492bd2a9}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {9532bfcc-14d4-11df-a38f-5442492bd2a9}
nx OptIn
Windows Boot Loader
-------------------
identifier {9532bfce-14d4-11df-a38f-5442492bd2a9}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{9532bfcf-14d4-11df-a38f-5442492bd2a9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{9532bfcf-14d4-11df-a38f-5442492bd2a9}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes
Resume from Hibernate
---------------------
identifier {9532bfcc-14d4-11df-a38f-5442492bd2a9}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes
EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes
Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}
Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Device options
--------------
identifier {9532bfcf-14d4-11df-a38f-5442492bd2a9}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
========= End of CMD: =========
==== End of Fixlog ====
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-19 00:05:08 R:1
Running from G:\
==============================================
HKEY_USERS\Justin\Software\Microsoft\Windows\CurrentVersion\Run\\ciphSVCS Value deleted successfully.
HKEY_USERS\Justin\Software\Microsoft\Windows\CurrentVersion\Run\\sbunkmgr Value deleted successfully.
C:\Users\Justin\AppData\Local\Temp\dfrgexer.dll not found.
C:\Users\Justin\AppData\Local\Temp\dfrgexer64.dll moved successfully.
C:\Users\Justin\AppData\Local\520hi15og85k11361861fucfnu5j045lhy3vl18100j moved successfully.
C:\Users\All Users\520hi15og85k11361861fucfnu5j045lhy3vl18100j moved successfully.
C:\ProgramData\520hi15og85k11361861fucfnu5j045lhy3vl18100j not found.
The operation completed successfully.
The operation completed successfully.
========= bcdedit /enum all /v =========
Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {9532bfcd-14d4-11df-a38f-5442492bd2a9}
resumeobject {9532bfcc-14d4-11df-a38f-5442492bd2a9}
displayorder {9532bfcd-14d4-11df-a38f-5442492bd2a9}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
Windows Boot Loader
-------------------
identifier {9532bfcd-14d4-11df-a38f-5442492bd2a9}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {9532bfce-14d4-11df-a38f-5442492bd2a9}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {9532bfcc-14d4-11df-a38f-5442492bd2a9}
nx OptIn
Windows Boot Loader
-------------------
identifier {9532bfce-14d4-11df-a38f-5442492bd2a9}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{9532bfcf-14d4-11df-a38f-5442492bd2a9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{9532bfcf-14d4-11df-a38f-5442492bd2a9}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes
Resume from Hibernate
---------------------
identifier {9532bfcc-14d4-11df-a38f-5442492bd2a9}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes
EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes
Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}
Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Device options
--------------
identifier {9532bfcf-14d4-11df-a38f-5442492bd2a9}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
========= End of CMD: =========
==== End of Fixlog ====
#19
Posted 18 March 2012 - 09:28 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Step 1.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Scan button. It will produce a new FRST.txt log. Please post it in your next reply.
Step 2.
Several of your file associations were corrupted by the malware and in order to run our tools we will need to correct the registry.
On the good computer go to this site.
You will see several file association fixes for Windows 7.
To fix the associations for EXE, COM. and SCR file types:
1. Download the corresponding fix from the table. (Use Right-click – Save as option in your browser to download the fixes.)
2. Unzip the files and extract the .REG files to the Desktop of your good computer.
3. Copy the three .REG files onto your USB drive.
4. Plug the USB drive in your ailing computer and boot up as you did before but instead of running the FRST64, at the command prompt type:
regedit
5. The registry editor will appear on your screen.
6. Click File >> Import...
7. An Import Registry File window will open. Click the down arrow to the right of the Look in: window
8. Select Removable Disk (what ever drive letter yours is)
9. Click on each file and then the Open button and confirm you want to import the file. Repeat this step for all three .REG files.
10. Close the registry windows. Close the black command prompt window.
11. Restart the ailing computer in normal mode.
Step 2.
Insert the USB drive in the ailing computer and copy RogueKiller to the desktop.
Try to run it. If it does not run post the log above, skip the remaining steps, and let me know.
If it runs do these steps:
Please post:
All RKreport.txt text files located on your desktop.
Step 3.
Copy Combofix from the USB drive to the ailing computer desktop.
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the Combofix log in your next reply as well as describe how your computer is running now
Step 4.
Please post:
FRST.txt
if they can run post:
All RKreport.txt files
ComboFix.txt
Give me an update on how the computer is running
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Scan button. It will produce a new FRST.txt log. Please post it in your next reply.
Step 2.
Several of your file associations were corrupted by the malware and in order to run our tools we will need to correct the registry.
On the good computer go to this site.
You will see several file association fixes for Windows 7.
To fix the associations for EXE, COM. and SCR file types:
1. Download the corresponding fix from the table. (Use Right-click – Save as option in your browser to download the fixes.)
2. Unzip the files and extract the .REG files to the Desktop of your good computer.
3. Copy the three .REG files onto your USB drive.
4. Plug the USB drive in your ailing computer and boot up as you did before but instead of running the FRST64, at the command prompt type:
regedit
5. The registry editor will appear on your screen.
6. Click File >> Import...
7. An Import Registry File window will open. Click the down arrow to the right of the Look in: window
8. Select Removable Disk (what ever drive letter yours is)
9. Click on each file and then the Open button and confirm you want to import the file. Repeat this step for all three .REG files.
10. Close the registry windows. Close the black command prompt window.
11. Restart the ailing computer in normal mode.
Step 2.
Insert the USB drive in the ailing computer and copy RogueKiller to the desktop.
Try to run it. If it does not run post the log above, skip the remaining steps, and let me know.
If it runs do these steps:
- Quit all programs
- Start RogueKiller.exe.
- Wait until Prescan has finished ...
- Click on the Scan button Step 1 in the picture.
- Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
- Wait for the end of the scan.
- The first report will be created on the desktop.
- Click on the Delete button step 2 in the picture.
- The second report will be created on the desktop.
- Next click on ShortcutsFix step 3 in the picture.
- The third report will be created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
Step 3.
Copy Combofix from the USB drive to the ailing computer desktop.
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the Combofix log in your next reply as well as describe how your computer is running now
Step 4.
Please post:
FRST.txt
if they can run post:
All RKreport.txt files
ComboFix.txt
Give me an update on how the computer is running
#20
Posted 18 March 2012 - 09:57 PM
UndoubledZim
- Topic Starter
-
- Member
-
- 38 posts
Member
Roguekiller still won't work
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 19-03-2012 01:48:41
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [221480 2010-05-16] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [82944 2010-01-19] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKU\Justin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-08] (Google Inc.)
HKU\Justin\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-04-07] (BitTorrent, Inc.)
HKU\Justin\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
==================== Services (Whitelisted) ======
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
4 MSSQL$DDNI; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe" -sDDNI [43010392 2009-03-30] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll" /prefetch:1 [135032 2009-12-09] (Symantec Corporation)
4 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe" [49152 2011-08-13] ()
4 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [360224 2009-10-24] (Sony Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2011-07-29] ()
4 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [168448 2009-12-22] (Sony of America Corporation)
4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [108400 2010-02-24] (Sony Corporation)
4 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [422768 2010-02-24] (Sony Corporation)
4 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67952 2010-02-24] (Sony Corporation)
4 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe" [302448 2010-02-08] (Sony Corporation)
4 SQLAgent$DDNI; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE" -i DDNI [366936 2009-03-30] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [254808 2009-03-30] (Microsoft Corporation)
4 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [157720 2008-07-10] (Microsoft Corporation)
4 StumbleUponUpdateService; "C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe" [103336 2011-04-14] (stumbleupon.com)
4 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2010-04-08] (Sony Corporation)
4 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [217456 2010-03-02] (Sony Corporation)
4 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [574320 2010-03-25] (Sony Corporation)
4 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [852336 2010-03-18] (Sony Corporation)
4 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [529776 2010-02-19] (Sony Corporation)
4 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [386416 2010-02-19] (Sony Corporation)
4 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [115568 2010-02-19] (Sony Corporation)
4 VUAgent; "C:\Program Files\Sony\VAIO Update 5\VUAgent.exe" [1250160 2010-05-31] (Sony Corporation)
========================== Drivers (Whitelisted) =============
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6402560 2010-04-06] (ATI Technologies Inc.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-02-22] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
1 SRTSP; C:\Windows\System32\drivers\NISx64\1105000.07F\SRTSP64.SYS [504880 2009-12-02] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1105000.07F\SRTSPX64.SYS [32304 2009-12-02] (Symantec Corporation)
2 IAStorDataMgrSvc; [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\EX64.SYS [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-03-18 17:42 - 2012-03-19 01:49 - 0000000 ____D C:\FRST
2012-03-13 18:19 - 2012-03-13 18:19 - 158892465 ____A C:\Windows\MEMORY.DMP
2012-03-13 18:19 - 2012-03-13 18:19 - 0270768 ____A C:\Windows\Minidump\031312-29967-01.dmp
2012-03-13 17:59 - 2012-03-13 17:59 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-13 17:47 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-03-13 16:01 - 2012-03-13 16:44 - 0000000 ____D C:\eeepcfr
2012-03-13 15:47 - 2012-03-15 18:01 - 0000000 ____D C:\Users\Justin\Desktop\New folder
2012-03-13 09:04 - 2012-03-13 09:05 - 13898368 ____A C:\Users\Justin\Downloads\SAS_984A281.COM
2012-03-03 22:49 - 2012-03-13 18:19 - 0000000 ____D C:\Windows\Minidump
2012-03-01 18:55 - 2012-03-05 22:09 - 0000102 ____A C:\Users\Justin\Desktop\Great words.txt
============ 3 Months Modified Files and Folders =============
2012-03-18 20:14 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-18 20:14 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-18 20:06 - 2010-09-16 05:18 - 0021318 ____A C:\aaw7boot.log
2012-03-18 20:06 - 2010-08-19 11:16 - 3015884800 __ASH C:\hiberfil.sys
2012-03-18 13:33 - 2011-08-10 20:00 - 0782176 ____A C:\Windows\ntbtlog.txt
2012-03-15 18:01 - 2012-03-13 15:47 - 0000000 ____D C:\Users\Justin\Desktop\New folder
2012-03-15 17:56 - 2012-02-05 21:18 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-14 15:25 - 2010-07-15 05:17 - 1165844 ____A C:\Windows\WindowsUpdate.log
2012-03-13 18:19 - 2012-03-13 18:19 - 158892465 ____A C:\Windows\MEMORY.DMP
2012-03-13 18:19 - 2012-03-13 18:19 - 0270768 ____A C:\Windows\Minidump\031312-29967-01.dmp
2012-03-13 18:19 - 2012-03-03 22:49 - 0000000 ____D C:\Windows\Minidump
2012-03-13 17:59 - 2012-03-13 17:59 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-13 17:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-13 17:56 - 2009-07-13 21:13 - 0871488 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-13 17:55 - 2010-08-31 08:50 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 17:47 - 2010-08-19 11:33 - 0000000 ____D C:\users\Justin
2012-03-13 17:47 - 2010-02-08 09:50 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-13 17:47 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-13 17:46 - 2011-06-16 20:55 - 0014808 ____A C:\Windows\setupact.log
2012-03-13 16:45 - 2012-02-05 21:19 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-13 16:45 - 2012-02-05 21:19 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-13 16:45 - 2011-11-11 13:50 - 0000000 ____D C:\Users\All Users\PMB Files
2012-03-13 16:45 - 2011-11-11 13:50 - 0000000 ____D C:\ProgramData\PMB Files
2012-03-13 16:45 - 2011-08-18 19:38 - 0000000 ____D C:\Users\Justin\Desktop\terrafirma-1.7.2
2012-03-13 16:45 - 2011-04-28 11:21 - 0000000 ____D C:\Users\Justin\Downloads\Fallback plan gamma
2012-03-13 16:45 - 2010-09-27 17:52 - 0000000 ____D C:\Users\Justin\Desktop\Junk
2012-03-13 16:45 - 2010-09-25 18:56 - 0000000 ____D C:\Users\Justin\AppData\Roaming\vlc
2012-03-13 16:45 - 2010-08-27 16:03 - 0000000 ____D C:\Users\Justin\AppData\Roaming\uTorrent
2012-03-13 16:45 - 2010-02-08 10:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-13 16:45 - 2010-02-08 09:58 - 0000000 ____D C:\Users\All Users\Norton
2012-03-13 16:45 - 2010-02-08 09:58 - 0000000 ____D C:\ProgramData\Norton
2012-03-13 16:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-13 16:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-13 16:44 - 2012-03-13 16:01 - 0000000 ____D C:\eeepcfr
2012-03-13 16:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-13 16:43 - 2010-12-30 18:05 - 0000000 ____D C:\Users\Justin\AppData\Roaming\SoftGrid Client
2012-03-13 16:41 - 2010-02-08 09:26 - 0000000 ____D C:\Program Files (x86)\DDNi
2012-03-13 13:27 - 2011-08-10 20:04 - 0000000 ____D C:\Users\Justin\AppData\Local\ElevatedDiagnostics
2012-03-13 09:05 - 2012-03-13 09:04 - 13898368 ____A C:\Users\Justin\Downloads\SAS_984A281.COM
2012-03-06 16:44 - 2011-12-30 16:57 - 0000000 ____D C:\Users\Justin\AppData\Local\PMB Files
2012-03-05 22:09 - 2012-03-01 18:55 - 0000102 ____A C:\Users\Justin\Desktop\Great words.txt
2012-03-03 22:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-03-03 22:01 - 2010-09-27 17:53 - 0000000 ____D C:\Users\Justin\Desktop\Vids
2012-03-01 09:18 - 2010-08-19 13:08 - 0001883 ____A C:\test.xml
2012-02-28 07:21 - 2011-11-12 07:05 - 0000000 ____D C:\Users\Justin\riotsGamesLogs
2012-02-16 06:00 - 2010-02-08 09:50 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-15 07:54 - 2010-08-19 11:26 - 0000174 ___SH C:\Users\Justin\Start Menu\Programs\Startup\desktop.ini
2012-02-15 07:54 - 2010-08-19 11:26 - 0000174 ___SH C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 06:29 - 2009-07-13 20:45 - 0299408 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 06:05 - 2010-12-30 18:04 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-15 06:05 - 2010-02-08 09:22 - 0888184 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-13 17:25 - 2011-06-15 10:00 - 0000000 ____D C:\Program Files (x86)\Steam
2012-02-12 15:09 - 2011-04-24 14:09 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-02-12 15:09 - 2011-04-24 14:09 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-02-05 21:19 - 2012-02-05 21:19 - 0001262 ____A C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
2012-02-05 21:19 - 2012-02-05 21:19 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-05 21:18 - 2012-02-05 21:18 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-05 21:18 - 2012-02-05 21:18 - 0000000 ____D C:\Users\Justin\AppData\Roaming\Malwarebytes
2012-02-05 21:18 - 2012-02-05 21:18 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-05 21:18 - 2012-02-05 21:18 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-05 21:16 - 2012-02-05 21:15 - 16409960 ____A (Safer Networking Limited ) C:\Users\Justin\Downloads\spybotsd162.exe
2012-02-05 21:15 - 2012-02-05 21:14 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-1.60.1.1000.exe
2012-01-31 06:59 - 2011-06-29 05:17 - 0001940 ____A C:\Windows\PFRO.log
2012-01-29 13:55 - 2011-08-20 09:35 - 0000000 ____D C:\Users\Justin\Desktop\Minecraft
2012-01-26 21:52 - 2010-08-19 12:03 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-24 01:33 - 2010-02-08 09:50 - 0002358 ____A C:\Users\Justin\Desktop\Google Chrome.lnk
2012-01-19 12:27 - 2012-01-19 12:27 - 0000218 ____A C:\Users\Justin\.recently-used.xbel
2012-01-15 14:05 - 2012-01-15 14:05 - 0000720 ____A C:\Users\Justin\AppData\Local\PMB Fik?s
2012-01-13 20:02 - 2012-02-14 18:06 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-04 01:59 - 2012-02-14 18:06 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-14 18:06 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-14 18:06 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-14 18:06 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-02 22:24 - 2012-02-14 18:06 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 21:44 - 2012-02-14 18:06 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-30 21:02 - 2011-12-30 21:02 - 0306176 ____A (Symthic) C:\Users\Justin\Desktop\Plotic04.exe
2011-12-30 15:49 - 2011-11-11 13:50 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2011-12-27 19:59 - 2012-02-14 18:06 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 3834.9 MB
Available physical RAM: 3246.18 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3225.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:288.63 GB) (Free:127.59 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:9.36 GB) (Free:0.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1943 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 1024 KB
Partition 2 Primary 100 MB 9 GB
Partition 3 Primary 288 GB 9 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 9 GB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 288 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB
======================================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1907 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-02-08 21:45
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 19-03-2012 01:48:41
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [221480 2010-05-16] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [82944 2010-01-19] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKU\Justin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-08] (Google Inc.)
HKU\Justin\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-04-07] (BitTorrent, Inc.)
HKU\Justin\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
==================== Services (Whitelisted) ======
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
4 MSSQL$DDNI; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe" -sDDNI [43010392 2009-03-30] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll" /prefetch:1 [135032 2009-12-09] (Symantec Corporation)
4 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe" [49152 2011-08-13] ()
4 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [360224 2009-10-24] (Sony Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2011-07-29] ()
4 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [168448 2009-12-22] (Sony of America Corporation)
4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [108400 2010-02-24] (Sony Corporation)
4 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [422768 2010-02-24] (Sony Corporation)
4 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67952 2010-02-24] (Sony Corporation)
4 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe" [302448 2010-02-08] (Sony Corporation)
4 SQLAgent$DDNI; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE" -i DDNI [366936 2009-03-30] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [254808 2009-03-30] (Microsoft Corporation)
4 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [157720 2008-07-10] (Microsoft Corporation)
4 StumbleUponUpdateService; "C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe" [103336 2011-04-14] (stumbleupon.com)
4 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2010-04-08] (Sony Corporation)
4 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [217456 2010-03-02] (Sony Corporation)
4 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [574320 2010-03-25] (Sony Corporation)
4 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [852336 2010-03-18] (Sony Corporation)
4 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [529776 2010-02-19] (Sony Corporation)
4 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [386416 2010-02-19] (Sony Corporation)
4 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [115568 2010-02-19] (Sony Corporation)
4 VUAgent; "C:\Program Files\Sony\VAIO Update 5\VUAgent.exe" [1250160 2010-05-31] (Sony Corporation)
========================== Drivers (Whitelisted) =============
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6402560 2010-04-06] (ATI Technologies Inc.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-02-22] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
1 SRTSP; C:\Windows\System32\drivers\NISx64\1105000.07F\SRTSP64.SYS [504880 2009-12-02] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1105000.07F\SRTSPX64.SYS [32304 2009-12-02] (Symantec Corporation)
2 IAStorDataMgrSvc; [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\EX64.SYS [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-03-18 17:42 - 2012-03-19 01:49 - 0000000 ____D C:\FRST
2012-03-13 18:19 - 2012-03-13 18:19 - 158892465 ____A C:\Windows\MEMORY.DMP
2012-03-13 18:19 - 2012-03-13 18:19 - 0270768 ____A C:\Windows\Minidump\031312-29967-01.dmp
2012-03-13 17:59 - 2012-03-13 17:59 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-13 17:47 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-03-13 16:01 - 2012-03-13 16:44 - 0000000 ____D C:\eeepcfr
2012-03-13 15:47 - 2012-03-15 18:01 - 0000000 ____D C:\Users\Justin\Desktop\New folder
2012-03-13 09:04 - 2012-03-13 09:05 - 13898368 ____A C:\Users\Justin\Downloads\SAS_984A281.COM
2012-03-03 22:49 - 2012-03-13 18:19 - 0000000 ____D C:\Windows\Minidump
2012-03-01 18:55 - 2012-03-05 22:09 - 0000102 ____A C:\Users\Justin\Desktop\Great words.txt
============ 3 Months Modified Files and Folders =============
2012-03-18 20:14 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-18 20:14 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-18 20:06 - 2010-09-16 05:18 - 0021318 ____A C:\aaw7boot.log
2012-03-18 20:06 - 2010-08-19 11:16 - 3015884800 __ASH C:\hiberfil.sys
2012-03-18 13:33 - 2011-08-10 20:00 - 0782176 ____A C:\Windows\ntbtlog.txt
2012-03-15 18:01 - 2012-03-13 15:47 - 0000000 ____D C:\Users\Justin\Desktop\New folder
2012-03-15 17:56 - 2012-02-05 21:18 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-14 15:25 - 2010-07-15 05:17 - 1165844 ____A C:\Windows\WindowsUpdate.log
2012-03-13 18:19 - 2012-03-13 18:19 - 158892465 ____A C:\Windows\MEMORY.DMP
2012-03-13 18:19 - 2012-03-13 18:19 - 0270768 ____A C:\Windows\Minidump\031312-29967-01.dmp
2012-03-13 18:19 - 2012-03-03 22:49 - 0000000 ____D C:\Windows\Minidump
2012-03-13 17:59 - 2012-03-13 17:59 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-03-13 17:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-13 17:56 - 2009-07-13 21:13 - 0871488 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-13 17:55 - 2010-08-31 08:50 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 17:47 - 2010-08-19 11:33 - 0000000 ____D C:\users\Justin
2012-03-13 17:47 - 2010-02-08 09:50 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-13 17:47 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-13 17:46 - 2011-06-16 20:55 - 0014808 ____A C:\Windows\setupact.log
2012-03-13 16:45 - 2012-02-05 21:19 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-13 16:45 - 2012-02-05 21:19 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-13 16:45 - 2011-11-11 13:50 - 0000000 ____D C:\Users\All Users\PMB Files
2012-03-13 16:45 - 2011-11-11 13:50 - 0000000 ____D C:\ProgramData\PMB Files
2012-03-13 16:45 - 2011-08-18 19:38 - 0000000 ____D C:\Users\Justin\Desktop\terrafirma-1.7.2
2012-03-13 16:45 - 2011-04-28 11:21 - 0000000 ____D C:\Users\Justin\Downloads\Fallback plan gamma
2012-03-13 16:45 - 2010-09-27 17:52 - 0000000 ____D C:\Users\Justin\Desktop\Junk
2012-03-13 16:45 - 2010-09-25 18:56 - 0000000 ____D C:\Users\Justin\AppData\Roaming\vlc
2012-03-13 16:45 - 2010-08-27 16:03 - 0000000 ____D C:\Users\Justin\AppData\Roaming\uTorrent
2012-03-13 16:45 - 2010-02-08 10:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-13 16:45 - 2010-02-08 09:58 - 0000000 ____D C:\Users\All Users\Norton
2012-03-13 16:45 - 2010-02-08 09:58 - 0000000 ____D C:\ProgramData\Norton
2012-03-13 16:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-13 16:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-13 16:44 - 2012-03-13 16:01 - 0000000 ____D C:\eeepcfr
2012-03-13 16:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-13 16:43 - 2010-12-30 18:05 - 0000000 ____D C:\Users\Justin\AppData\Roaming\SoftGrid Client
2012-03-13 16:41 - 2010-02-08 09:26 - 0000000 ____D C:\Program Files (x86)\DDNi
2012-03-13 13:27 - 2011-08-10 20:04 - 0000000 ____D C:\Users\Justin\AppData\Local\ElevatedDiagnostics
2012-03-13 09:05 - 2012-03-13 09:04 - 13898368 ____A C:\Users\Justin\Downloads\SAS_984A281.COM
2012-03-06 16:44 - 2011-12-30 16:57 - 0000000 ____D C:\Users\Justin\AppData\Local\PMB Files
2012-03-05 22:09 - 2012-03-01 18:55 - 0000102 ____A C:\Users\Justin\Desktop\Great words.txt
2012-03-03 22:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-03-03 22:01 - 2010-09-27 17:53 - 0000000 ____D C:\Users\Justin\Desktop\Vids
2012-03-01 09:18 - 2010-08-19 13:08 - 0001883 ____A C:\test.xml
2012-02-28 07:21 - 2011-11-12 07:05 - 0000000 ____D C:\Users\Justin\riotsGamesLogs
2012-02-16 06:00 - 2010-02-08 09:50 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-15 07:54 - 2010-08-19 11:26 - 0000174 ___SH C:\Users\Justin\Start Menu\Programs\Startup\desktop.ini
2012-02-15 07:54 - 2010-08-19 11:26 - 0000174 ___SH C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 06:29 - 2009-07-13 20:45 - 0299408 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 06:05 - 2010-12-30 18:04 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-15 06:05 - 2010-02-08 09:22 - 0888184 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-13 17:25 - 2011-06-15 10:00 - 0000000 ____D C:\Program Files (x86)\Steam
2012-02-12 15:09 - 2011-04-24 14:09 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-02-12 15:09 - 2011-04-24 14:09 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-02-05 21:19 - 2012-02-05 21:19 - 0001262 ____A C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
2012-02-05 21:19 - 2012-02-05 21:19 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-05 21:18 - 2012-02-05 21:18 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-05 21:18 - 2012-02-05 21:18 - 0000000 ____D C:\Users\Justin\AppData\Roaming\Malwarebytes
2012-02-05 21:18 - 2012-02-05 21:18 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-05 21:18 - 2012-02-05 21:18 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-05 21:16 - 2012-02-05 21:15 - 16409960 ____A (Safer Networking Limited ) C:\Users\Justin\Downloads\spybotsd162.exe
2012-02-05 21:15 - 2012-02-05 21:14 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-1.60.1.1000.exe
2012-01-31 06:59 - 2011-06-29 05:17 - 0001940 ____A C:\Windows\PFRO.log
2012-01-29 13:55 - 2011-08-20 09:35 - 0000000 ____D C:\Users\Justin\Desktop\Minecraft
2012-01-26 21:52 - 2010-08-19 12:03 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-24 01:33 - 2010-02-08 09:50 - 0002358 ____A C:\Users\Justin\Desktop\Google Chrome.lnk
2012-01-19 12:27 - 2012-01-19 12:27 - 0000218 ____A C:\Users\Justin\.recently-used.xbel
2012-01-15 14:05 - 2012-01-15 14:05 - 0000720 ____A C:\Users\Justin\AppData\Local\PMB Fik?s
2012-01-13 20:02 - 2012-02-14 18:06 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-04 01:59 - 2012-02-14 18:06 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-14 18:06 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-14 18:06 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-14 18:06 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-02 22:24 - 2012-02-14 18:06 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 21:44 - 2012-02-14 18:06 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-30 21:02 - 2011-12-30 21:02 - 0306176 ____A (Symthic) C:\Users\Justin\Desktop\Plotic04.exe
2011-12-30 15:49 - 2011-11-11 13:50 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2011-12-27 19:59 - 2012-02-14 18:06 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 3834.9 MB
Available physical RAM: 3246.18 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3225.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:288.63 GB) (Free:127.59 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:9.36 GB) (Free:0.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1943 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 1024 KB
Partition 2 Primary 100 MB 9 GB
Partition 3 Primary 288 GB 9 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 9 GB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 288 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB
======================================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1907 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-02-08 21:45
======================= End Of Log ==========================
#21
Posted 18 March 2012 - 10:10 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Did the reg files all import OK?
Regards,
CompCav
Regards,
CompCav
#22
Posted 18 March 2012 - 10:17 PM
UndoubledZim
- Topic Starter
-
- Member
-
- 38 posts
Member
yes they all imported fine
#23
Posted 18 March 2012 - 10:18 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
I will have to get with my instructor on this issue and will post the next fix tomorrow.
Regards,
CompCav
Regards,
CompCav
#24
Posted 18 March 2012 - 10:21 PM
UndoubledZim
- Topic Starter
-
- Member
-
- 38 posts
Member
Alright thanks for the help so far, you are my hero = )
#25
Posted 18 March 2012 - 10:22 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Thanks, I hope I live up to that soon!! 
Regards,
CompCav
Regards,
CompCav
#26
Posted 19 March 2012 - 02:04 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Step 1.
On your good computer, please download scan.txt
scan.txt 617bytes
468 downloads
Copy scan.txt onto the USB flash drive.
Step 2.
Please print these instruction out so that you know what you are doing
On your good computer, please download scan.txt
scan.txt 617bytes
468 downloadsCopy scan.txt onto the USB flash drive.
Step 2.
Please print these instruction out so that you know what you are doing
- Download OTLPENet.exe to your desktop
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Insert the USB flash drive in your ailing computer
- Boot your ailing computer using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy - Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Please check Lop Check and Purity Check
- Under Extra Registry please select Use SafeList
- Drag and drop this attached scan.txt into the Custom scans and fixes box
- Press Run Scan to start the scan.
- When finished, two files will be open on the screen, OTL.txt and Extras.txt
- Save these files to your USB drive if you do not have internet connection on this system.
- Click File >> Save As... and select the USB drive as the Save in: location, then click Save.
- Confirm that it has copied both files to the USB drive by selecting them each
- Please post the contents of the C:\OTL.txt and Extras.txt files in your reply.
#27
Posted 19 March 2012 - 03:42 PM
UndoubledZim
- Topic Starter
-
- Member
-
- 38 posts
Member
this Cd has been Burning at 0% for half an hour or so now = ( not sure whats wrong
#28
Posted 19 March 2012 - 04:27 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Does the good computer show the screen for imgburn?
If it does what percent are the two bars below the percent complete?
Regards,
CompCav
If it does what percent are the two bars below the percent complete?
Regards,
CompCav
#29
Posted 19 March 2012 - 04:40 PM
UndoubledZim
- Topic Starter
-
- Member
-
- 38 posts
Member
I click on OTlpe it asks if I want to make changes to comp I hit yes then a window headed OTPle network environment pops up asking me if I want to burn the CD when I hit yes another window with one bar comes up that says 0% extracting
#30
Posted 19 March 2012 - 05:07 PM
CompCav
-
- Expert
-
- 12,454 posts
Member 5k
Ahhh!!! OK much earlier in the process.
I will get back to you with a fix once my instructor approves it.
Thank you for your patience, the computers are just wanting to make us really work at it!
CompCav
I will get back to you with a fix once my instructor approves it.
Thank you for your patience, the computers are just wanting to make us really work at it!
CompCav
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
