Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit malware, ran HitmanPro, can't boot computer [Closed]

Started by Agent_J , Apr 22 2014 07:48 PM

  • This topic is locked This topic is locked

#1
Agent_J
Posted 22 April 2014 - 07:48 PM

Agent_J

    New Member

  • Member
  • Pip
  • 9 posts

Hello,
I had a malware infection, rootkit, ran *HitmanPro* to fix it and now my computer will not boot. I get a black screen after the memory and CPU diagnostics.
I can't only get into the bios, no f8 advanced recovery option. Think mbr has been deleted.
Computer is windows vista.
Thank you for help in advance.


Edited by Agent_J, 23 April 2014 - 07:24 AM.

  • 0

Advertisements

#2
Valinorum
Posted 22 April 2014 - 11:57 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Do you have your Windows installation disk?
  • 0

#3
Agent_J
Posted 23 April 2014 - 07:12 AM

Agent_J

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Windows Vista came installed on my laptop, but I will try to get a copy of the installation disk. If I'm unable to, is it still possible to restore the mbr?


  • 0

#4
Valinorum
Posted 23 April 2014 - 08:44 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Yes, there are ways. But first let's see if you can manage one. Are you sure that you cannot access the Advance Boot Option? Also, add whether it was 32-bit or 64-bit Operating System.

Edited by Valinorum, 23 April 2014 - 09:19 AM.

  • 0

#5
Agent_J
Posted 23 April 2014 - 09:59 AM

Agent_J

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Couldn't get the vista installation disc. It's 32-bit Vista. No Advance Boot Option via F8. Can only get to to bios via F1.


  • 0

#6
Agent_J
Posted 23 April 2014 - 08:07 PM

Agent_J

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Okay I was able to run the x32 (x86) bit systems Farbar Recovery Scan Tool and save it to a flash drive after burning a recovery disc. Here is the link in case any other OEM Vista users need it.

http://c4consulting....a-recovery-disc

 

I was stuck for a bit because my C:\ Drive was not recognized and spent an hour trying all the different .inf files on the (Boot) X:\

But I found out you just have to ignore it, click next and it will bring you to the System Recovery Options. So here are my results, thanks again in advance for help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by SYSTEM on MINWINPC on 23-04-2014 21:43:41
Running from F:\
WIN_VISTA (X86) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
ATTENTION: System hive is not loaded.
 
========================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
 
==================== One Month Modified Files and Folders =======
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 2549.81 MB
Available physical RAM: 2220.62 MB
Total Pagefile: 2349.67 MB
Available Pagefile: 2215.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1985.66 MB
 
==================== Drives ================================
 
Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 95F3457A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 960 MB) (Disk ID: 73696D20)
No partition Table on disk 1.
 
==================== End Of Log ============================

  • 0

#7
Valinorum
Posted 23 April 2014 - 09:54 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
This looks bad. FRST cannot read anything from your PC. I am discussing your issue with another expert. Please await my reply.
  • 0

#8
Valinorum
Posted 24 April 2014 - 08:56 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi from the recovery console select Command Prompt

At the prompt type the following command and press enter :

chkdsk c: /r
Wait for it to complete and then try a normal boot

If that fails then run an FRST scan again
  • 0

#9
Agent_J
Posted 24 April 2014 - 11:14 AM

Agent_J

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks PB! PC can now recognize hard drive after chkdsk. Ran FRST again as it still could not boot. More useful info this time:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by SYSTEM on MINWINPC on 24-04-2014 12:18:30
Running from F:\
WIN_VISTA (X86) OS Language: English(US)
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Winlogon: [Userinit] 
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\Jason\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Jason\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df --CMPID 0913b
HKU\Jason\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Jason\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df /CMPID=1213b
HKU\Jason\...\Policies\Explorer: [HideSCAVolume] 0
HKU\Jason\...\Policies\Explorer: [HideSCANetwork] 0
 
========================== Services (Whitelisted) =================
 
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-04-21] ()
S4 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [0 2006-10-04] ()
S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [0 2014-04-21] ()
S3 IPSSVC; C:\Windows\system32\IPSSVC.EXE [0 2007-01-29] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [0 2014-04-03] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [0 2014-04-03] ()
S4 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [0 2006-12-15] ()
S3 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [0 2007-01-08] ()
S2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM)
S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
S4 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [0 2007-01-08] ()
S4 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [X]
S4 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [X]
S3 ALG; %SystemRoot%\System32\alg.exe [X]
S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X]
S4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]
S2 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X]
S2 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [X]
S2 BFE; %SystemRoot%\System32\bfe.dll [X]
S3 BITS; %systemroot%\system32\qmgr.dll [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X]
S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X]
S2 CscService; %SystemRoot%\System32\cscsvc.dll [X]
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S3 DFSR; %SystemRoot%\system32\DFSR.exe [X]
S2 Dhcp; %SystemRoot%\System32\dhcpcsvc.dll [X]
S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]
S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X]
S2 DPS; %SystemRoot%\system32\dps.dll [X]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X]
S2 EMDMgmt; %systemroot%\system32\emdmgmt.dll [X]
S2 Eventlog; %SystemRoot%\System32\wevtsvc.dll [X]
S2 EventSystem; %systemroot%\system32\es.dll [X]
S4 Fax; %systemroot%\system32\fxssvc.exe [X]
S3 fdPHost; %SystemRoot%\system32\fdPHost.dll [X]
S2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [X]
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X]
S2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [X]
S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 HitmanPro37CrusaderBoot; "C:\Users\Jason\Desktop\HitmanPro.exe" /crusader:boot [X]
S3 hkmsvc; %SystemRoot%\system32\kmsvc.dll [X]
S4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S3 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]
S3 IPBusEnum; %SystemRoot%\system32\ipbusenum.dll [X]
S4 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X]
S2 KtmRm; %systemroot%\system32\msdtckrm.dll [X]
S2 LanmanServer; %SystemRoot%\System32\srvsvc.dll [X]
S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X]
S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S2 MMCSS; %SystemRoot%\system32\mmcss.dll [X]
S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X]
S3 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X]
S3 MSIServer; %systemroot%\system32\msiexec.exe /V [X]
S3 napagent; %SystemRoot%\system32\qagentRT.dll [X]
S3 Netman; %SystemRoot%\System32\netman.dll [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S2 netprofm; %SystemRoot%\System32\netprofm.dll [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 nsi; %systemroot%\system32\nsisvc.dll [X]
S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 p2pimsvc; %SystemRoot%\system32\p2psvc.dll [X]
S3 p2psvc; %SystemRoot%\system32\p2psvc.dll [X]
S2 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X]
S3 pla; %systemroot%\system32\pla.dll [X]
S2 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X]
S3 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [X]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\p2psvc.dll [X]
S3 PNRPsvc; %SystemRoot%\system32\p2psvc.dll [X]
S2 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]
S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]
S3 QWAVE; %windir%\system32\qwave.dll [X]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [X]
S4 RasMan; %SystemRoot%\System32\rasmans.dll [X]
S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X]
S3 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X]
S2 rpcnet; C:\Windows\system32\rpcnet.exe [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
S4 SandraDataSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe [X]
S4 SandraTheSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe [X]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X]
S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]
S2 seclogon; %windir%\system32\seclogon.dll [X]
S2 SENS; %SystemRoot%\system32\sens.dll [X]
S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]
S2 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X]
S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X]
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
S2 slsvc; %SystemRoot%\system32\SLsvc.exe [X]
S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]
S4 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X]
S3 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X]
S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]
S3 swprv; %Systemroot%\System32\swprv.dll [X]
S2 SysMain; %systemroot%\system32\sysmain.dll [X]
S3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X]
S2 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S4 TermService; %SystemRoot%\System32\termsrv.dll [X]
S4 Themes; %SystemRoot%\system32\shsvcs.dll [X]
S3 THREADORDER; %SystemRoot%\system32\mmcss.dll [X]
S4 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [X]
S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [X]
S3 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X]
S3 UmRdpService; %SystemRoot%\System32\umrdp.dll [X]
S2 upnphost; %SystemRoot%\System32\upnphost.dll [X]
S4 UxSms; %SystemRoot%\System32\uxsms.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
S3 VSS; %systemroot%\system32\vssvc.exe [X]
S2 W32Time; %systemroot%\system32\w32time.dll [X]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]
S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X]
S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X]
S2 WebClient; %SystemRoot%\System32\webclnt.dll [X]
S2 WebrootSpySweeperService; "C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe" [X]
S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]
S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X]
S4 WerSvc; %SystemRoot%\System32\WerSvc.dll [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]
S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]
S2 Wlansvc; %SystemRoot%\System32\wlansvc.dll [X]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]
S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X]
S4 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [X]
S2 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]
S2 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
S4 adpahci; C:\Windows\system32\drivers\adpahci.sys [0 2006-11-02] ()
S4 adpu320; C:\Windows\system32\drivers\adpu320.sys [0 2006-11-02] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [0 2006-11-02] ()
S4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [0 2006-11-02] ()
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [0 2006-11-02] ()
S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [0 2006-11-02] ()
S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [0 2006-11-02] ()
S4 arc; C:\Windows\system32\drivers\arc.sys [0 2006-11-02] ()
S4 arcsas; C:\Windows\system32\drivers\arcsas.sys [0 2006-11-02] ()
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [0 2006-11-02] ()
S4 Brserid; C:\Windows\system32\drivers\brserid.sys [0 2006-11-02] ()
S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [0 2006-11-02] ()
S4 elxstor; C:\Windows\system32\drivers\elxstor.sys [0 2006-11-02] ()
S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [0 2006-11-02] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [0 2006-11-02] ()
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [0 2009-04-10] ()
S4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [0 2006-11-02] ()
S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [0 2006-11-02] ()
S4 isapnp; C:\Windows\system32\drivers\isapnp.sys [0 2006-11-02] ()
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [0 2006-11-02] ()
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [0 2006-11-02] ()
S4 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [0 2006-11-02] ()
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [0 2014-04-03] ()
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [0 2014-04-03] ()
S4 megasas; C:\Windows\system32\drivers\megasas.sys [0 2006-11-02] ()
S4 msdsm; C:\Windows\system32\drivers\msdsm.sys [0 2006-11-02] ()
S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [0 2006-11-02] ()
S4 nvraid; C:\Windows\system32\drivers\nvraid.sys [0 2006-11-02] ()
S4 nvstor; C:\Windows\system32\drivers\nvstor.sys [0 2006-11-02] ()
S2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S4 ql2300; C:\Windows\system32\drivers\ql2300.sys [0 2006-11-02] ()
S4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [0 2006-11-02] ()
S4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [0 2006-11-02] ()
S3 Serial; C:\Windows\System32\DRIVERS\serial.sys [0 2006-11-02] ()
S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [0 2006-11-02] ()
S0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider)
S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [0 2006-11-02] ()
S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [0 2006-11-02] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [0 2006-11-02] ()
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [0 2006-11-02] ()
S4 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [0 2006-11-02] ()
S4 usbprint; C:\Windows\system32\drivers\usbprint.sys [0 2006-11-02] ()
S4 viaide; C:\Windows\system32\drivers\viaide.sys [0 2006-11-02] ()
S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [0 2006-11-02] ()
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [0 2006-11-02] ()
S0 ACPI; system32\drivers\acpi.sys [X]
S1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S1 Avgldx86; system32\DRIVERS\avgldx86.sys [X]
S0 Avglogx; system32\DRIVERS\avglogx.sys [X]
S0 Avgmfx86; system32\DRIVERS\avgmfx86.sys [X]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
S1 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S1 Beep; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 bowser; system32\DRIVERS\bowser.sys [X]
S4 cdfs; system32\DRIVERS\cdfs.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S0 CLFS; System32\CLFS.sys [X]
S3 CmBatt; system32\DRIVERS\CmBatt.sys [X]
S0 Compbatt; system32\DRIVERS\compbatt.sys [X]
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S1 CSC; system32\drivers\csc.sys [X]
S1 DfsC; System32\Drivers\dfsc.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 disk; system32\drivers\disk.sys [X]
S3 drmkaud; system32\drivers\drmkaud.sys [X]
S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S0 Ecache; System32\drivers\ecache.sys [X]
S2 EGATHDRV; \??\C:\Windows\system32\EGATHDRV.SYS [X]
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 exfat; No ImagePath
S3 fastfat; No ImagePath
S0 FileInfo; system32\drivers\fileinfo.sys [X]
S3 Filetrace; system32\drivers\filetrace.sys [X]
S0 FltMgr; system32\drivers\fltmgr.sys [X]
S1 Fs_Rec; No ImagePath
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S1 i8042prt; system32\DRIVERS\i8042prt.sys [X]
S3 ialm; system32\DRIVERS\igdkmd32.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S0 intelide; system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 IPNAT; system32\DRIVERS\ipnat.sys [X]
S3 IRENUM; system32\drivers\irenum.sys [X]
S3 iScsiPrt; system32\DRIVERS\msiscsi.sys [X]
S1 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S0 KSecDD; System32\Drivers\ksecdd.sys [X]
S2 lltdio; system32\DRIVERS\lltdio.sys [X]
S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Modem; system32\drivers\modem.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S1 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S0 MountMgr; System32\drivers\mountmgr.sys [X]
S3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]
S3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]
S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]
S1 Msfs; No ImagePath
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]
S3 MSPQM; system32\drivers\MSPQM.sys [X]
S3 MsRPC; No ImagePath
S3 mssmbios; system32\DRIVERS\mssmbios.sys [X]
S3 MSTEE; system32\drivers\MSTEE.sys [X]
S0 Mup; System32\Drivers\mup.sys [X]
S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]
S0 NDIS; system32\drivers\ndis.sys [X]
S3 NdisTapi; system32\DRIVERS\ndistapi.sys [X]
S3 Ndisuio; system32\DRIVERS\ndisuio.sys [X]
S3 NdisWan; system32\DRIVERS\ndiswan.sys [X]
S3 NDProxy; No ImagePath
S1 NetBIOS; system32\DRIVERS\netbios.sys [X]
S1 netbt; System32\DRIVERS\netbt.sys [X]
S3 NETw4v32; system32\DRIVERS\NETw4v32.sys [X]
S1 Npfs; No ImagePath
S1 nsiproxy; system32\drivers\nsiproxy.sys [X]
S3 Ntfs; No ImagePath
S1 Null; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ohci1394; system32\DRIVERS\ohci1394.sys [X]
S3 P1130VID; system32\DRIVERS\P1130Vid.sys [X]
S0 partmgr; System32\drivers\partmgr.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 PptpMiniport; system32\DRIVERS\raspptp.sys [X]
S1 PSched; system32\DRIVERS\pacer.sys [X]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]
S1 RasAcd; System32\DRIVERS\rasacd.sys [X]
S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]
S3 RasPppoe; system32\DRIVERS\raspppoe.sys [X]
S3 RasSstp; system32\DRIVERS\rassstp.sys [X]
S1 rdbss; system32\DRIVERS\rdbss.sys [X]
S1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X]
S3 rdpdr; system32\DRIVERS\rdpdr.sys [X]
S1 RDPENCDD; system32\drivers\rdpencdd.sys [X]
S3 RDPWD; No ImagePath
S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]
S2 rspndr; system32\DRIVERS\rspndr.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
S3 sdbus; system32\DRIVERS\sdbus.sys [X]
S4 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X]
S1 Smb; system32\DRIVERS\smb.sys [X]
S0 spldr; No ImagePath
S0 sptd; System32\Drivers\sptd.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srv2; System32\DRIVERS\srv2.sys [X]
S3 srvnet; System32\DRIVERS\srvnet.sys [X]
S0 ssfs0bbc; system32\DRIVERS\ssfs0bbc.sys [X]
S0 sshrmd; system32\DRIVERS\sshrmd.sys [X]
S0 ssidrv; system32\DRIVERS\ssidrv.sys [X]
S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
S1 StarOpen; No ImagePath
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S0 Tcpip; System32\drivers\tcpip.sys [X]
S3 Tcpip6; system32\DRIVERS\tcpip.sys [X]
S2 tcpipreg; System32\drivers\tcpipreg.sys [X]
S3 TDPIPE; system32\drivers\tdpipe.sys [X]
S3 TDTCP; system32\drivers\tdtcp.sys [X]
S1 tdx; system32\DRIVERS\tdx.sys [X]
S1 TermDD; system32\DRIVERS\termdd.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X]
S3 tunmp; system32\DRIVERS\tunmp.sys [X]
S3 tunnel; system32\DRIVERS\tunnel.sys [X]
S4 udfs; system32\DRIVERS\udfs.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbser; system32\drivers\usbser.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volmgrx; System32\drivers\volmgrx.sys [X]
S0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsbus; system32\DRIVERS\vsb.sys [X]
S3 vserial; System32\DRIVERS\vserial.sys [X]
S3 Wanarp; system32\DRIVERS\wanarp.sys [X]
S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]
S0 Wdf01000; system32\drivers\Wdf01000.sys [X]
S3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [X]
S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X]
S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]
S3 WudfPf; system32\drivers\WudfPf.sys [X]
S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST
2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001
2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst
2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader
2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log
2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-21 21:58 - 2014-04-21 22:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 21:18 - 2014-04-03 05:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-21 21:18 - 2014-04-03 05:51 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST
2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001
2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 22:30 - 2007-05-26 15:46 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst
2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader
2014-04-21 22:28 - 2014-04-21 21:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log
2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Malwarebytes
2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 18:53 - 2006-11-02 03:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-21 18:01 - 2014-03-22 08:28 - 00000000 ____D () C:\Program Files\iPod
2014-04-21 17:27 - 2012-07-28 07:43 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\Local Settings\Application Data\Adobe
2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe
2014-04-21 16:57 - 2006-11-02 05:00 - 00489160 _____ () C:\Windows\PFRO.log
2014-04-16 18:12 - 2007-05-26 16:10 - 00000000 ____D () C:\Program Files\Java
2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 08:56 - 2006-11-02 02:24 - 00000000 _____ () C:\Windows\System32\mrt.exe
2014-04-08 16:46 - 2006-11-02 02:33 - 00763586 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-03 05:51 - 2014-04-21 21:18 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 05:51 - 2014-04-21 21:18 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys
2014-04-03 05:50 - 2010-11-21 16:48 - 00000000 _____ () C:\Windows\System32\Drivers\mbam.sys
 
==================== Known DLLs (Whitelisted) ============
 
C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IMM32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\NSI.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION!.
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 2549.81 MB
Available physical RAM: 2194.38 MB
Total Pagefile: 2349.67 MB
Available Pagefile: 2218.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1981.66 MB
 
==================== Drives ================================
 
Drive c: (SW_Preload) (Fixed) (Total:6.92 GB) (Free:4.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 95F3457A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 960 MB) (Disk ID: 73696D20)
No partition Table on disk 1.
 
 
LastRegBack: 2014-04-21 17:04
 
==================== End Of Log ============================

Edited by Agent_J, 24 April 2014 - 11:24 AM.

  • 0

#10
Valinorum
Posted 24 April 2014 - 10:58 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Agent_J, :)

One or more of the identified infections is a rootkit.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the rootkit has been identified and can be killed, because of how it exploits your system, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards. If you want to proceed with the cleansing process, follow the instruction below.

 
  • Step #1 Fix with FRST
    This section of the fix has two parts. For the first part please peruse the following --

    Make sure that you have access to a clean PC or a functioning user account and still have FRST.exe in your flash drive. If you do not have it, download the suitable version from here to your flash-drive.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
cmd: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows 
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt
      • From the Save as type drop down list, choose All Files
    • Copy and Paste fixlist.txt to your flash drive.
    You are ready to move on to the second part. Please peruse --
    • Connect your flash drive to the infected PC;
    • Enter the System Recovery Options and select Command Prompt;
    • Run FRST.exe( or FRST64.exe for 64-bit machine) again as outlined in the previous post;
    • Click on Fix;
    • After the fix a log will be created in the flash drive named FixLog.txt;
    • Copy and Paste the contents of the log in your next reply;
    • Try to boot into Normal Mode.
 
  • Required Log(s):
    • FRST Fix Log
Regards,
Valinorum
  • 0

Advertisements

#11
Agent_J
Posted 25 April 2014 - 07:33 AM

Agent_J

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Oops I thought your Pirate Bot, that's why I said thanks PB before, meant to say Valinorum :)

 

I will try the FRST fix as soon as I get home. I did not realize how serious a rootkit infection is. Would it be safe again after reformatting and re-installing the OS? If not, what if I replaced the hard drive?


  • 0

#12
Valinorum
Posted 25 April 2014 - 12:11 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Rootkits are designed to hide from anti-virus and other security software. We can remove them by hindsight of their previous known locations but there is always a chance of a new variant. Since reformatting and re-installation of OS wipes the whole system drive it is safe to say that you are safe. Always make sure to make backups of your important non-executable files such as images, documents et cetera. Do not backup executable files such as .exe, .scr, .com et cetera.

what if I replaced the hard drive?

Effective but unnecessary. It is like using a sledgehammer to break a walnut.
  • 0

#13
Agent_J
Posted 25 April 2014 - 08:04 PM

Agent_J

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Ahh very insightful :) Fixlog attached as requested. I tried to booting the computer normally with the hard drive, but it brings me to the notebook manufacturer's rescue and recovery software (Lenovo). I think that may be stored on the e:\ drive. What should I do now?

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-04-2014
Ran by SYSTEM at 2014-04-25 21:57:27 Run:2
Running from F:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
Start
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
cmd: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows 
End
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\.exe\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\DefaultIcon\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\shell\open\command\\Default => Value was restored successfully.
 
=========  sfc /scannow /offbootdir=c:\ /offwindir=c:\windows =========
 
 
 
Windows Resource Protection could not start the repair service.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog ====

  • 0

#14
Valinorum
Posted 25 April 2014 - 10:12 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi from the recovery console select Command Prompt

At the prompt type the following command and press enter :

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows
Wait for it to complete and then try a normal boot

If that fails then run an FRST scan again
  • 0

#15
Agent_J
Posted 26 April 2014 - 09:34 AM

Agent_J

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

It failed, got the same message as FRST from cmd prompt:

"Windows Resource Protection could not start the repair service."

 

I read an article on:

http://mikemstech.bl...-integrity.html

 

And I changed the entry to:

sfc /scannow /offbootdir=e:\ /offwindir=c:\windows

 

As I believe the E:\ is where my boot volume is partitioned.

"Windows Resource Protection could not start the repair service."

 

I also tried to run sfc /scannow from c:/

"Beginning system scan. This process will take some time.

Windows Resource Protection could not start the repair service."

 

New FRST log attached.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by SYSTEM on MINWINPC on 26-04-2014 11:09:29
Running from F:\
WIN_VISTA (X86) OS Language: English(US)
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Winlogon: [Userinit] \system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKU\Jason\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Jason\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df --CMPID 0913b
HKU\Jason\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Jason\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df /CMPID=1213b
 
========================== Services (Whitelisted) =================
 
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-04-21] ()
S4 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [0 2006-10-04] ()
S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [0 2014-04-21] ()
S3 IPSSVC; C:\Windows\system32\IPSSVC.EXE [0 2007-01-29] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [0 2014-04-03] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [0 2014-04-03] ()
S4 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [0 2006-12-15] ()
S3 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [0 2007-01-08] ()
S2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM)
S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
S4 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [0 2007-01-08] ()
S4 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [X]
S4 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [X]
S3 ALG; %SystemRoot%\System32\alg.exe [X]
S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X]
S4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]
S2 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X]
S2 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [X]
S2 BFE; %SystemRoot%\System32\bfe.dll [X]
S3 BITS; %systemroot%\system32\qmgr.dll [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X]
S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X]
S2 CscService; %SystemRoot%\System32\cscsvc.dll [X]
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S3 DFSR; %SystemRoot%\system32\DFSR.exe [X]
S2 Dhcp; %SystemRoot%\System32\dhcpcsvc.dll [X]
S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]
S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X]
S2 DPS; %SystemRoot%\system32\dps.dll [X]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X]
S2 EMDMgmt; %systemroot%\system32\emdmgmt.dll [X]
S2 Eventlog; %SystemRoot%\System32\wevtsvc.dll [X]
S2 EventSystem; %systemroot%\system32\es.dll [X]
S4 Fax; %systemroot%\system32\fxssvc.exe [X]
S3 fdPHost; %SystemRoot%\system32\fdPHost.dll [X]
S2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [X]
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X]
S2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [X]
S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 HitmanPro37CrusaderBoot; "C:\Users\Jason\Desktop\HitmanPro.exe" /crusader:boot [X]
S3 hkmsvc; %SystemRoot%\system32\kmsvc.dll [X]
S4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S3 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]
S3 IPBusEnum; %SystemRoot%\system32\ipbusenum.dll [X]
S4 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X]
S2 KtmRm; %systemroot%\system32\msdtckrm.dll [X]
S2 LanmanServer; %SystemRoot%\System32\srvsvc.dll [X]
S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X]
S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S2 MMCSS; %SystemRoot%\system32\mmcss.dll [X]
S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X]
S3 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X]
S3 MSIServer; %systemroot%\system32\msiexec.exe /V [X]
S3 napagent; %SystemRoot%\system32\qagentRT.dll [X]
S3 Netman; %SystemRoot%\System32\netman.dll [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S2 netprofm; %SystemRoot%\System32\netprofm.dll [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 nsi; %systemroot%\system32\nsisvc.dll [X]
S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 p2pimsvc; %SystemRoot%\system32\p2psvc.dll [X]
S3 p2psvc; %SystemRoot%\system32\p2psvc.dll [X]
S2 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X]
S3 pla; %systemroot%\system32\pla.dll [X]
S2 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X]
S3 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [X]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\p2psvc.dll [X]
S3 PNRPsvc; %SystemRoot%\system32\p2psvc.dll [X]
S2 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]
S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]
S3 QWAVE; %windir%\system32\qwave.dll [X]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [X]
S4 RasMan; %SystemRoot%\System32\rasmans.dll [X]
S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X]
S3 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X]
S2 rpcnet; C:\Windows\system32\rpcnet.exe [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
S4 SandraDataSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe [X]
S4 SandraTheSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe [X]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X]
S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]
S2 seclogon; %windir%\system32\seclogon.dll [X]
S2 SENS; %SystemRoot%\system32\sens.dll [X]
S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]
S2 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X]
S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X]
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
S2 slsvc; %SystemRoot%\system32\SLsvc.exe [X]
S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]
S4 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X]
S3 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X]
S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]
S3 swprv; %Systemroot%\System32\swprv.dll [X]
S2 SysMain; %systemroot%\system32\sysmain.dll [X]
S3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X]
S2 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S4 TermService; %SystemRoot%\System32\termsrv.dll [X]
S4 Themes; %SystemRoot%\system32\shsvcs.dll [X]
S3 THREADORDER; %SystemRoot%\system32\mmcss.dll [X]
S4 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [X]
S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [X]
S3 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X]
S3 UmRdpService; %SystemRoot%\System32\umrdp.dll [X]
S2 upnphost; %SystemRoot%\System32\upnphost.dll [X]
S4 UxSms; %SystemRoot%\System32\uxsms.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
S3 VSS; %systemroot%\system32\vssvc.exe [X]
S2 W32Time; %systemroot%\system32\w32time.dll [X]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]
S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X]
S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X]
S2 WebClient; %SystemRoot%\System32\webclnt.dll [X]
S2 WebrootSpySweeperService; "C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe" [X]
S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]
S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X]
S4 WerSvc; %SystemRoot%\System32\WerSvc.dll [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]
S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]
S2 Wlansvc; %SystemRoot%\System32\wlansvc.dll [X]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]
S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X]
S4 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [X]
S2 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]
S2 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
S4 adpahci; C:\Windows\system32\drivers\adpahci.sys [0 2006-11-02] ()
S4 adpu320; C:\Windows\system32\drivers\adpu320.sys [0 2006-11-02] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [0 2006-11-02] ()
S4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [0 2006-11-02] ()
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [0 2006-11-02] ()
S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [0 2006-11-02] ()
S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [0 2006-11-02] ()
S4 arc; C:\Windows\system32\drivers\arc.sys [0 2006-11-02] ()
S4 arcsas; C:\Windows\system32\drivers\arcsas.sys [0 2006-11-02] ()
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [0 2006-11-02] ()
S4 Brserid; C:\Windows\system32\drivers\brserid.sys [0 2006-11-02] ()
S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [0 2006-11-02] ()
S4 elxstor; C:\Windows\system32\drivers\elxstor.sys [0 2006-11-02] ()
S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [0 2006-11-02] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [0 2006-11-02] ()
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [0 2009-04-10] ()
S4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [0 2006-11-02] ()
S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [0 2006-11-02] ()
S4 isapnp; C:\Windows\system32\drivers\isapnp.sys [0 2006-11-02] ()
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [0 2006-11-02] ()
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [0 2006-11-02] ()
S4 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [0 2006-11-02] ()
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [0 2014-04-03] ()
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [0 2014-04-03] ()
S4 megasas; C:\Windows\system32\drivers\megasas.sys [0 2006-11-02] ()
S4 msdsm; C:\Windows\system32\drivers\msdsm.sys [0 2006-11-02] ()
S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [0 2006-11-02] ()
S4 nvraid; C:\Windows\system32\drivers\nvraid.sys [0 2006-11-02] ()
S4 nvstor; C:\Windows\system32\drivers\nvstor.sys [0 2006-11-02] ()
S2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S4 ql2300; C:\Windows\system32\drivers\ql2300.sys [0 2006-11-02] ()
S4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [0 2006-11-02] ()
S4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [0 2006-11-02] ()
S3 Serial; C:\Windows\System32\DRIVERS\serial.sys [0 2006-11-02] ()
S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [0 2006-11-02] ()
S0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider)
S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [0 2006-11-02] ()
S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [0 2006-11-02] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [0 2006-11-02] ()
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [0 2006-11-02] ()
S4 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [0 2006-11-02] ()
S4 usbprint; C:\Windows\system32\drivers\usbprint.sys [0 2006-11-02] ()
S4 viaide; C:\Windows\system32\drivers\viaide.sys [0 2006-11-02] ()
S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [0 2006-11-02] ()
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [0 2006-11-02] ()
S0 ACPI; system32\drivers\acpi.sys [X]
S1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S1 Avgldx86; system32\DRIVERS\avgldx86.sys [X]
S0 Avglogx; system32\DRIVERS\avglogx.sys [X]
S0 Avgmfx86; system32\DRIVERS\avgmfx86.sys [X]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
S1 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S1 Beep; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 bowser; system32\DRIVERS\bowser.sys [X]
S4 cdfs; system32\DRIVERS\cdfs.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S0 CLFS; System32\CLFS.sys [X]
S3 CmBatt; system32\DRIVERS\CmBatt.sys [X]
S0 Compbatt; system32\DRIVERS\compbatt.sys [X]
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S1 CSC; system32\drivers\csc.sys [X]
S1 DfsC; System32\Drivers\dfsc.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 disk; system32\drivers\disk.sys [X]
S3 drmkaud; system32\drivers\drmkaud.sys [X]
S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S0 Ecache; System32\drivers\ecache.sys [X]
S2 EGATHDRV; \??\C:\Windows\system32\EGATHDRV.SYS [X]
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 exfat; No ImagePath
S3 fastfat; No ImagePath
S0 FileInfo; system32\drivers\fileinfo.sys [X]
S3 Filetrace; system32\drivers\filetrace.sys [X]
S0 FltMgr; system32\drivers\fltmgr.sys [X]
S1 Fs_Rec; No ImagePath
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S1 i8042prt; system32\DRIVERS\i8042prt.sys [X]
S3 ialm; system32\DRIVERS\igdkmd32.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S0 intelide; system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 IPNAT; system32\DRIVERS\ipnat.sys [X]
S3 IRENUM; system32\drivers\irenum.sys [X]
S3 iScsiPrt; system32\DRIVERS\msiscsi.sys [X]
S1 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S0 KSecDD; System32\Drivers\ksecdd.sys [X]
S2 lltdio; system32\DRIVERS\lltdio.sys [X]
S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Modem; system32\drivers\modem.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S1 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S0 MountMgr; System32\drivers\mountmgr.sys [X]
S3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]
S3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]
S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]
S1 Msfs; No ImagePath
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]
S3 MSPQM; system32\drivers\MSPQM.sys [X]
S3 MsRPC; No ImagePath
S3 mssmbios; system32\DRIVERS\mssmbios.sys [X]
S3 MSTEE; system32\drivers\MSTEE.sys [X]
S0 Mup; System32\Drivers\mup.sys [X]
S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]
S0 NDIS; system32\drivers\ndis.sys [X]
S3 NdisTapi; system32\DRIVERS\ndistapi.sys [X]
S3 Ndisuio; system32\DRIVERS\ndisuio.sys [X]
S3 NdisWan; system32\DRIVERS\ndiswan.sys [X]
S3 NDProxy; No ImagePath
S1 NetBIOS; system32\DRIVERS\netbios.sys [X]
S1 netbt; System32\DRIVERS\netbt.sys [X]
S3 NETw4v32; system32\DRIVERS\NETw4v32.sys [X]
S1 Npfs; No ImagePath
S1 nsiproxy; system32\drivers\nsiproxy.sys [X]
S3 Ntfs; No ImagePath
S1 Null; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ohci1394; system32\DRIVERS\ohci1394.sys [X]
S3 P1130VID; system32\DRIVERS\P1130Vid.sys [X]
S0 partmgr; System32\drivers\partmgr.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 PptpMiniport; system32\DRIVERS\raspptp.sys [X]
S1 PSched; system32\DRIVERS\pacer.sys [X]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]
S1 RasAcd; System32\DRIVERS\rasacd.sys [X]
S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]
S3 RasPppoe; system32\DRIVERS\raspppoe.sys [X]
S3 RasSstp; system32\DRIVERS\rassstp.sys [X]
S1 rdbss; system32\DRIVERS\rdbss.sys [X]
S1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X]
S3 rdpdr; system32\DRIVERS\rdpdr.sys [X]
S1 RDPENCDD; system32\drivers\rdpencdd.sys [X]
S3 RDPWD; No ImagePath
S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]
S2 rspndr; system32\DRIVERS\rspndr.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
S3 sdbus; system32\DRIVERS\sdbus.sys [X]
S4 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X]
S1 Smb; system32\DRIVERS\smb.sys [X]
S0 spldr; No ImagePath
S0 sptd; System32\Drivers\sptd.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srv2; System32\DRIVERS\srv2.sys [X]
S3 srvnet; System32\DRIVERS\srvnet.sys [X]
S0 ssfs0bbc; system32\DRIVERS\ssfs0bbc.sys [X]
S0 sshrmd; system32\DRIVERS\sshrmd.sys [X]
S0 ssidrv; system32\DRIVERS\ssidrv.sys [X]
S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
S1 StarOpen; No ImagePath
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S0 Tcpip; System32\drivers\tcpip.sys [X]
S3 Tcpip6; system32\DRIVERS\tcpip.sys [X]
S2 tcpipreg; System32\drivers\tcpipreg.sys [X]
S3 TDPIPE; system32\drivers\tdpipe.sys [X]
S3 TDTCP; system32\drivers\tdtcp.sys [X]
S1 tdx; system32\DRIVERS\tdx.sys [X]
S1 TermDD; system32\DRIVERS\termdd.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X]
S3 tunmp; system32\DRIVERS\tunmp.sys [X]
S3 tunnel; system32\DRIVERS\tunnel.sys [X]
S4 udfs; system32\DRIVERS\udfs.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbser; system32\drivers\usbser.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volmgrx; System32\drivers\volmgrx.sys [X]
S0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsbus; system32\DRIVERS\vsb.sys [X]
S3 vserial; System32\DRIVERS\vserial.sys [X]
S3 Wanarp; system32\DRIVERS\wanarp.sys [X]
S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]
S0 Wdf01000; system32\drivers\Wdf01000.sys [X]
S3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [X]
S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X]
S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]
S3 WudfPf; system32\drivers\WudfPf.sys [X]
S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-24 12:18 - 2014-04-25 21:57 - 00000000 ____D () C:\FRST
2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001
2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst
2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader
2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log
2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-21 21:58 - 2014-04-21 22:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 21:18 - 2014-04-03 05:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-21 21:18 - 2014-04-03 05:51 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\Users\Jason\Downloads\Microsoft.Windows.XP.Professional.SP3.x86.Integrated.April.2014-Maherz
 
==================== One Month Modified Files and Folders =======
 
2014-04-26 10:51 - 2007-05-26 16:06 - 00000000 ____D () C:\SWSHARE
2014-04-25 21:57 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST
2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001
2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 22:30 - 2007-05-26 15:46 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst
2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader
2014-04-21 22:28 - 2014-04-21 21:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log
2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Malwarebytes
2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 18:53 - 2006-11-02 03:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-21 18:01 - 2014-03-22 08:28 - 00000000 ____D () C:\Program Files\iPod
2014-04-21 17:27 - 2012-07-28 07:43 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\Local Settings\Application Data\Adobe
2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe
2014-04-21 16:57 - 2006-11-02 05:00 - 00489160 _____ () C:\Windows\PFRO.log
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\Users\Jason\Downloads\Microsoft.Windows.XP.Professional.SP3.x86.Integrated.April.2014-Maherz
2014-04-16 18:12 - 2007-05-26 16:10 - 00000000 ____D () C:\Program Files\Java
2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 08:56 - 2006-11-02 02:24 - 00000000 _____ () C:\Windows\System32\mrt.exe
2014-04-08 16:46 - 2006-11-02 02:33 - 00763586 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-03 05:51 - 2014-04-21 21:18 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 05:51 - 2014-04-21 21:18 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys
2014-04-03 05:50 - 2010-11-21 16:48 - 00000000 _____ () C:\Windows\System32\Drivers\mbam.sys
 
==================== Known DLLs (Whitelisted) ============
 
C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IMM32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\NSI.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION!.
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 2549.81 MB
Available physical RAM: 2194.5 MB
Total Pagefile: 2349.67 MB
Available Pagefile: 2216.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.3 MB
 
==================== Drives ================================
 
Drive c: (SW_Preload) (Fixed) (Total:6.92 GB) (Free:4.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 95F3457A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 960 MB) (Disk ID: 73696D20)
No partition Table on disk 1.
 
 
LastRegBack: 2014-04-21 17:04
 
==================== End Of Log ============================

Edited by Agent_J, 26 April 2014 - 09:49 AM.

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP