Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD %hs file is missing [Solved]


  • This topic is locked This topic is locked

#1
BKuke

BKuke

    Member

  • Member
  • PipPip
  • 13 posts
A neighbor of mine could not get their laptop to boot up. They brought it to me to see if I could find the problem.
Startup repair, Windows repair disk, and system restore have not worked. I even tried Kaspersky Rescue 10.

I did a scan with the Farbar Recovery Scan Tool.

I have attached the results.


Attached File  FRST.txt   12.17KB   292 downloads

Edited by BKuke, 14 December 2013 - 12:14 AM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello BKuke,

Welcome to Geekstogo.

In future please copy and paste logs into the thread. :)

Now

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
After that
  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
    LPK.dll
  • Now press the search button
  • When the search is complete, search.txt will also be written to your USB
  • Type exit and reboot the computer normally
  • Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

  • 0

#3
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok I am doing that now
  • 0

#4
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have attached both files that you require.

I tried to reboot the laptop and it still shows the same error.

(STOP: c0000135 The program can't start because %hs is missing from your computer. Try installing the program to fix this problem)

Attached Files


Edited by BKuke, 14 December 2013 - 03:23 PM.

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I tried to reboot the laptop and it still shows the same error.


Yes we have yet to replace the missing file.

I am posting the logs in the thread in terms of my request at my last post.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013 01
Ran by SYSTEM at 2013-12-14 13:59:54 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$86a5dcb24eedf9369d27e77b70010620\n. ATTENTION! ====> ZeroAccess?
HKU\Penwitt\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
C:\$Recycle.Bin\S-1-5-18\$86a5dcb24eedf9369d27e77b70010620
C:\$Recycle.Bin\S-1-5-21-471084762-3375877555-2118701254-1006\$86a5dcb24eedf9369d27e77b70010620
C:\Users\Public\AlexaNSISPlugin.8348.dll
C:\Users\Penwitt\AppData\Local\Temp\_unps.exe
C:\Users\Penwitt\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_12185.exe
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Penwitt\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$86a5dcb24eedf9369d27e77b70010620 => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-471084762-3375877555-2118701254-1006\$86a5dcb24eedf9369d27e77b70010620 => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.8348.dll => Moved successfully.
C:\Users\Penwitt\AppData\Local\Temp\_unps.exe => Moved successfully.
C:\Users\Penwitt\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_12185.exe => Moved successfully.

==== End of Fixlog ====

Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by SYSTEM at 2013-12-14 14:00:50
Running from G:\
Boot Mode: Recovery

================== Search: "lpk.dll" ===================

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_12ab04c4bec5c79d\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____N (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____N (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_12360787a598d69a\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_11f44f93a5ca31a7\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____N (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____N (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_08565a728a6505a2\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____N (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____N (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_07e15d357138149f\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_079fa54171696fac\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____N (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____N (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

X:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

X:\Windows\System32\lpk.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

====== End Of Search ======

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by SYSTEM on MININT-PSUUL52 on 13-12-2013 22:56:53
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$86a5dcb24eedf9369d27e77b70010620\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\Penwitt\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\Penwitt\...\Run: [Elbserver] - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2011-04-02] (Sony Corporation)
HKU\Penwitt\...\Run: [SmileboxTray] - C:\Users\Penwitt\AppData\Roaming\Smilebox\SmileboxTray.exe [309544 2013-07-23] (Smilebox, Inc.)
HKU\Penwitt\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Penwitt\...\Run: [SearchProtect] - C:\Users\Penwitt\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Penwitt\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(4).dll [88376 2013-07-24] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KE96AA~1.DLL [81160 2013-07-24] (Zemana Ltd.)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-13] (Zemana Ltd.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
S4 ccSet_N360; \SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131001.002\IDSvia64.sys [x]
S4 SRTSPX; \SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [x]
S4 SymDS; system32\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S4 SymEFA; system32\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-13 22:56 - 2013-12-13 22:56 - 00000000 ____D C:\FRST
2013-12-13 14:05 - 2013-12-13 14:05 - 02237968 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2013-12-09 04:36 - 2013-12-09 04:36 - 00000000 ____D C:\Users\Penwitt\AppData\Local\SearchProtect

==================== One Month Modified Files and Folders =======

2013-12-13 22:56 - 2013-12-13 22:56 - 00000000 ____D C:\FRST
2013-12-13 14:05 - 2013-12-13 14:05 - 02237968 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2013-12-11 16:12 - 2012-02-11 21:43 - 00000000 ____D C:\users\Penwitt
2013-12-11 16:11 - 2013-08-19 15:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-11 16:11 - 2013-08-19 15:59 - 00000000 ____D C:\Program Files\iTunes
2013-12-11 16:11 - 2013-05-19 13:31 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-12-11 16:11 - 2013-03-13 17:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-11 16:11 - 2013-03-13 17:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-11 16:11 - 2013-01-13 08:36 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-12-11 16:11 - 2013-01-13 08:08 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-12-11 16:11 - 2012-04-13 07:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-11 16:11 - 2012-04-13 07:58 - 00000000 ____D C:\ProgramData\Skype
2013-12-11 16:11 - 2012-04-12 15:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 16:11 - 2012-03-15 06:02 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-12-11 16:11 - 2012-03-05 14:39 - 00000000 ____D C:\Windows\System32\Macromed
2013-12-11 16:11 - 2012-02-19 00:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-11 16:11 - 2012-02-12 11:06 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-11 16:11 - 2012-02-12 11:06 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-12-11 16:11 - 2011-05-03 23:33 - 00000000 ____D C:\ProgramData\Norton
2013-12-11 16:11 - 2011-05-03 22:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-11 16:11 - 2011-05-03 22:44 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-12-11 16:11 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 16:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-12-11 16:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-11 16:11 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-11 16:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-12-11 16:04 - 2012-04-13 07:59 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\Skype
2013-12-11 16:04 - 2012-02-12 11:20 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\SoftGrid Client
2013-12-11 16:03 - 2012-03-15 06:04 - 00000000 ____D C:\Users\Penwitt\AppData\Local\ID Vault
2013-12-11 16:02 - 2013-04-19 21:18 - 00000000 ____D C:\Users\Penwitt\AppData\Local\Conduit
2013-12-11 16:02 - 2012-02-19 00:32 - 00000000 ____D C:\Program Files\iPod
2013-12-11 16:01 - 2012-02-12 11:25 - 00000000 __RHD C:\MSOCache
2013-12-11 15:58 - 2012-03-15 06:04 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\ID Vault
2013-12-11 15:58 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 15:58 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 04:36 - 2013-12-09 04:36 - 00000000 ____D C:\Users\Penwitt\AppData\Local\SearchProtect
2013-11-30 18:52 - 2012-04-28 00:16 - 00005618 _____ C:\test.xml
2013-11-13 09:39 - 2013-08-15 11:49 - 00000000 ____D C:\Windows\System32\MRT

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$86a5dcb24eedf9369d27e77b70010620

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-471084762-3375877555-2118701254-1006\$86a5dcb24eedf9369d27e77b70010620

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.8348.dll


Some content of TEMP:
====================
C:\Users\Penwitt\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Penwitt\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Penwitt\AppData\Local\Temp\_unps.exe
C:\Users\Penwitt\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_12185.exe


==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

12
Restore point made on: 2013-10-09 04:50:42
Restore point made on: 2013-11-13 09:38:21
Restore point made on: 2013-12-04 18:18:46
Restore point made on: 2013-12-11 01:00:44
Restore point made on: 2013-12-11 15:49:33
Restore point made on: 2013-12-11 15:49:37
Restore point made on: 2013-12-11 15:49:37
Restore point made on: 2013-12-11 15:49:37
Restore point made on: 2013-12-11 15:49:41
Restore point made on: 2013-12-11 15:49:43
Restore point made on: 2013-12-11 15:49:44
Restore point made on: 2013-12-11 15:57:55

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4043.86 MB
Available physical RAM: 3401.48 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3442.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.34 GB) (Free:348.98 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:10.32 GB) (Free:0.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:30.23 GB) (Free:30.14 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A338678A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 6E697373)
No partition Table on disk 1.


LastRegBack: 2013-09-23 15:50

==================== End Of Log ============================
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello BKuke,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

replace: X:\Windows\System32\lpk.dll C:\Windows\System32\LPK.dll
replace: C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll C:\Windows\SysWOW64\LPK.dll


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Tell me if you can boot up the machine now. :)
  • 0

#7
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
success!!

I can boot up to the desktop now

Attached Files


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013 01
Ran by SYSTEM at 2013-12-14 16:06:33 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
replace: X:\Windows\System32\lpk.dll C:\Windows\System32\LPK.dll
replace: C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll C:\Windows\SysWOW64\LPK.dll
*****************

Could not find C:\Windows\System32\LPK.dll.
X:\Windows\System32\lpk.dll copied successfully to C:\Windows\System32\LPK.dll
Could not find C:\Windows\SysWOW64\LPK.dll.
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll copied successfully to C:\Windows\SysWOW64\LPK.dll

==== End of Fixlog ====
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the ComboFix log

Attached Files


  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I ask you once again.

Please copy and paste the logs in the thread. It is easier for analysis and because this is a teaching site it helps the students. A simple thing to do and not a big ask I would have thought...

Now

Please run FRST again

Type the following in the edit box after "Search:".

atapi.sys

Click Search button and copy and paste the log (Search.txt) it makes in your reply.
  • 0

#12
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok

Sorry about that. Will do it now.
  • 0

#13
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by SYSTEM at 2013-12-14 21:56:38
Running from G:\
Boot Mode: Recovery

================== Search: "atapi.sys" ===================

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\System32\drivers\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\erdnt\cache64\atapi.sys
[2013-12-14 19:31] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

X:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009-07-13 19:01] - [2009-07-13 19:01] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

X:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-13 19:01] - [2009-07-13 19:01] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

X:\Windows\System32\drivers\atapi.sys
[2009-07-13 19:01] - [2009-07-13 19:01] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

====== End Of Search ======
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello BKuke,

Thank you for posting in the thread. Much better. :thumbsup:

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\erdnt\cache64\atapi.sys | c:\windows\SysWow64\Drivers\atapi.sys


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#15
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 13-12-13.01 - Penwitt 12/14/2013 22:39:46.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2673 [GMT -6:00]
Running from: c:\users\Penwitt\Desktop\ComboFix.exe
Command switches used :: c:\users\Penwitt\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-15 to 2013-12-15 )))))))))))))))))))))))))))))))
.
.
2013-12-15 04:54 . 2013-12-15 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-15 02:50 . 2013-12-15 02:50 -------- dc-h--w- c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
2013-12-15 02:36 . 2013-12-15 02:50 -------- d-----w- c:\program files (x86)\DDNi
2013-12-15 02:36 . 2013-12-15 02:50 -------- d-----w- c:\programdata\DDNi
2013-12-15 02:36 . 2013-12-15 02:36 -------- d-----w- c:\users\Penwitt\AppData\Local\PackageAware
2013-12-15 01:40 . 2013-12-15 01:40 -------- d-----w- c:\windows\Migration
2013-12-15 01:38 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-14 23:25 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-12-14 23:16 . 2013-12-14 23:16 -------- d-----w- c:\users\Penwitt\AppData\Roaming\Malwarebytes
2013-12-14 23:16 . 2013-12-14 23:16 -------- d-----w- c:\programdata\Malwarebytes
2013-12-14 23:16 . 2013-12-14 23:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-14 23:16 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-14 23:16 . 2013-12-14 23:16 -------- d-----w- c:\program files\CCleaner
2013-12-14 06:56 . 2013-12-14 06:56 -------- d-----w- C:\FRST
2013-12-09 12:36 . 2013-12-09 12:36 -------- d-----w- c:\users\Penwitt\AppData\Local\SearchProtect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 01:41 . 2012-04-18 14:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-15 01:41 . 2012-04-18 14:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 23:47 . 2013-01-13 16:08 49240 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2013-12-01 20:42 . 2012-03-28 16:40 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-10-16 19:03 . 2013-01-13 16:08 10674488 ----a-w- c:\windows\SysWow64\ZALSDKCore.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 2676584]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2011-04-02 83344]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"BackgroundContainer"="c:\users\Penwitt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2013-10-31 3859008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(4).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-15 01:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:41]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 21:08]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 21:08]
.
2013-12-15 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-03-03 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418328]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(4).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh06182013
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 4.2.2.1 4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-14 23:11:43
ComboFix-quarantined-files.txt 2013-12-15 05:11
ComboFix2.txt 2013-12-15 03:32
.
Pre-Run: 374,788,431,872 bytes free
Post-Run: 374,618,419,200 bytes free
.
- - End Of File - - D82BCA1B6D8BA9FD526063B6D3C82C75
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP