OTL logfile created on: 12/2/2014 8:26:54 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.48 Mb Total Physical Memory | 460.05 Mb Available Physical Memory | 48.00% Memory free
2.26 Gb Paging File | 1.70 Gb Available in Paging File | 75.35% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 160.81 Gb Free Space | 71.57% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.53 Gb Free Space | 6.47% Space Free | Partition Type: FAT32
Computer Name: PIGOTT1 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: USER32.DL_ >
[2004/08/09 15:00:00 | 000,263,547 | ---- | M] () MD5=5BF86149AB9EA650050375F25D0FA0C2 -- C:\WINDOWS\I386\USER32.DL_
< MD5 for: USER32.DLL >
[2005/03/02 12:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 09:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2007/03/08 09:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007/03/08 09:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\ERDNT\cache\user32.dll
[2004/08/09 15:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 12:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2014/03/12 04:48:50 | 000,613,376 | ---- | M] (Microsoft Corporation) MD5=E29264387E7387B977B9AF9171B12DF9 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2014/03/12 04:48:50 | 000,613,376 | ---- | M] (Microsoft Corporation) MD5=E29264387E7387B977B9AF9171B12DF9 -- C:\WINDOWS\system32\user32.dll
< MD5 for: USER32.INI >
[2014/03/12 04:48:50 | 000,578,560 | ---- | M] () MD5=DF74697FB06A25F2D119ECA1AC4AE8C2 -- C:\WINDOWS\ServicePackFiles\i386\user32.ini
[2014/03/12 04:48:50 | 000,578,560 | ---- | M] () MD5=DF74697FB06A25F2D119ECA1AC4AE8C2 -- C:\WINDOWS\system32\user32.ini
< End of report >
Your pc is locked! [Solved]
#16
Posted 02 December 2014 - 10:43 PM
#17
Posted 05 December 2014 - 01:30 AM
Step One
- Upload File(s) to Virus-Total
- I want you to upload the following suspicious file(s) to an online virus-scanner to scan.
- Please go to www.virustotal.com
- Click on Choose File
- Go to C:\WINDOWS\system32\user32.dll
- Click on Open;
- Click on Scan it;
- Copy and Paste the link of the result page in your response;
#18
Posted 05 December 2014 - 07:44 PM
unfortunately it would seem that everything has come back. had to go back to using my livecd
https://www.virustot...sis/1417830095/
#19
Posted 07 December 2014 - 04:34 PM
Step One
- Fix with FRST
This section of the fix has two parts. For the first part please peruse the following --
Make sure that you have access to a clean PC or a functioning user account and still have FRST.exe in your flash drive. If you do not have it, download the suitable version from here to your flash-drive.- Open Notepad.exe. Do not use any other text editor software;
- Copy and Paste the contents inside the code-box to your Notepad --
Start Replace: C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll C:\WINDOWS\system32\user32.dll Replace: C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll C:\WINDOWS\ServicePackFiles\i386\user32.dll End
- Click on File > Save as...
- Inside the File Name box type fixlist.txt
- From the Save as type drop down list, choose All Files
- Copy and Paste fixlist.txt to your flash drive.
- Connect your flash drive to the infected PC;
- Please run FRST.exe a second time via minixp like before. Should you have issues with this please let me know;
- Click on Fix;
- After the fix a log will be created in the flash drive named FixLog.txt;
- Copy and Paste the contents of the log in your next reply;
- Try to boot into Normal Mode.
#20
Posted 08 December 2014 - 09:20 PM
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by SYSTEM at 2014-12-08 21:11:19 Run:2
Running from J:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Start
Replace: C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll C:\WINDOWS\system32\user32.dll
Replace: C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll C:\WINDOWS\ServicePackFiles\i386\user32.dll
End
*****************
C:\WINDOWS\system32\user32.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll copied successfully to C:\WINDOWS\system32\user32.dll
C:\WINDOWS\ServicePackFiles\i386\user32.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll copied successfully to C:\WINDOWS\ServicePackFiles\i386\user32.dll
==== End of Fixlog ====
#21
Posted 08 December 2014 - 10:04 PM
now the system boots to a black screen with just the mouse cursor.
#22
Posted 09 December 2014 - 09:12 AM
Hi Tiema is away for the moment and I will be taking over, could you run a fresh FRST scan for me please
#23
Posted 11 December 2014 - 06:37 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014 (ATTENTION: ====> FRST version is 18 days old and could be outdated)
Ran by SYSTEM on MiniXP on 11-12-2014 06:32:47
Running from J:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] ()
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [DISCover] => C:\Program Files\DISC\DISCover.exe [1077248 2006-03-16] ()
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [AlwaysReady Power Message APP] => C:\Windows\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)
HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [3012816 2013-04-15] (COMODO)
HKLM\...\Run: [ioloGovernor] => C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe [771344 2013-12-03] (iolo technologies, LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\Compaq_Administrator\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\Compaq_Administrator\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * autocheck smrgdf C:\Documents and Settings\Compaq_Administrator\Application Data\iolo\
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
S2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4443912 2013-04-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127184 2013-04-15] (COMODO)
S2 HidServ; C:\Windows\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S2 ioloFileInfoList; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [92712 2009-10-28] (Authentium, Inc)
S2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [117288 2009-10-28] (Authentium, Inc)
S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [113192 2009-10-28] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S2 AMP; C:\Windows\System32\DRIVERS\amp.sys [122408 2009-10-28] (Authentium, Inc)
S2 AMPSE; C:\Windows\System32\DRIVERS\ampse.sys [1117224 2009-10-28] (Authentium, Inc)
S3 aracpi; C:\Windows\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)
S3 arhidfltr; C:\Windows\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)
S3 arkbcfltr; C:\Windows\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)
S3 armoucfltr; C:\Windows\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)
S3 ARPolicy; C:\Windows\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [18528 2013-04-15] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [592384 2013-04-15] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32816 2013-04-15] (COMODO)
S1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [9341 2008-04-17] (iolo technologies, LLC (based on original work by Bo Brantén))
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23904 2010-07-27] (Logitech Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
S0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99392 2013-04-25] (COMODO)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-07-26] (Raxco Software, Inc.)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S2 vnccom; C:\Windows\System32\Drivers\vnccom.SYS [6016 2004-06-26] (RDV Soft)
S3 vncdrv; C:\Windows\System32\DRIVERS\vncdrv.sys [4736 2004-06-26] (RDV Soft)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S0 XPacket; C:\Windows\System32\xpacket.sys [39424 2008-04-17] (iolo technologies, LLC)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-06 01:28 - 2014-12-10 14:22 - 00000448 _____ () C:\Windows\System32\iolo.ini
2014-12-06 01:25 - 2014-12-06 01:25 - 00263278 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-12-03 02:28 - 2014-12-03 02:28 - 00006002 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.Txt
2014-12-02 19:46 - 2014-10-23 17:14 - 04012982 _____ (NathanScott Apps) C:\Documents and Settings\Compaq_Administrator\Desktop\IDTool.exe
2014-11-29 06:27 - 2014-11-29 06:27 - 00000000 _____ () C:\Windows\System32\smrgdf.txt
2014-11-25 23:32 - 2014-12-08 21:11 - 00000000 ____D () C:\FRST
2014-11-19 23:12 - 2014-11-19 23:12 - 00000000 ____D () C:\_OTL
2014-11-18 00:31 - 2014-11-18 00:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Compaq_Administrator\Desktop\OTL(1).exe
2014-11-18 00:18 - 2014-11-18 00:18 - 00000075 _____ () C:\Windows\setupact.log
2014-11-18 00:18 - 2014-11-18 00:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-17 21:13 - 2014-11-17 21:13 - 00000018 ____H () C:\SYSREST
2014-11-17 19:19 - 2014-11-18 00:18 - 00006837 _____ () C:\Windows\setupapi.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 10:54 - 2010-03-22 23:42 - 00032096 _____ () C:\Windows\SchedLgU.Txt
2014-12-10 14:22 - 2010-03-25 03:44 - 00000429 _____ () C:\Windows\System32\iolo.ini.txt
2014-12-10 14:15 - 2010-03-22 23:43 - 00000157 _____ () C:\Windows\wiadebug.log
2014-12-10 14:15 - 2010-03-22 23:43 - 00000050 _____ () C:\Windows\wiaservc.log
2014-12-10 14:15 - 2005-08-30 21:06 - 00001158 _____ () C:\Windows\System32\wpa.dbl
2014-12-06 01:30 - 2010-03-24 21:22 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\temp
2014-12-06 01:29 - 2010-03-22 22:27 - 01205074 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 01:28 - 2005-11-14 18:58 - 00000000 ____D () C:\Windows\Registration
2014-12-06 01:27 - 2006-05-05 02:59 - 00043531 _____ () C:\Windows\System32\nvapps.xml
2014-12-06 01:25 - 2011-05-08 00:40 - 01048576 _____ () C:\Windows\System32\config\iolo App.evt
2014-12-06 01:25 - 2006-08-29 03:04 - 00000178 ___SH () C:\Documents and Settings\Compaq_Administrator\ntuser.ini
2014-12-06 01:24 - 2011-08-11 02:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-12-03 09:38 - 2005-11-14 18:52 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-03 09:29 - 2005-08-30 21:07 - 00613644 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-02 19:48 - 2006-05-05 03:18 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-11-29 05:39 - 2014-01-01 03:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-22 09:47 - 2013-08-14 08:04 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-22 09:07 - 2006-08-30 06:43 - 100445232 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-18 00:17 - 2005-11-14 19:17 - 00000000 ____D () C:\Windows\System32\Restore
Files to move or delete:
====================
C:\Documents and Settings\Compaq_Administrator\Application Data\skype.ini
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2004-08-09 21:00] - [2005-03-02 18:19] - 0577024 ____A (Microsoft Corporation) 1800f293bccc8ede8a70e12b88d80036
#24
Posted 11 December 2014 - 08:49 AM
fixlist.txt 196bytes 178 downloads
Start FRST and press Fix
On completion reboot and let me know if you can achieve either a normal boot or a safe mode boot
#25
Posted 11 December 2014 - 01:43 PM
unfortunately neither normal or safe boot would load.
#26
Posted 11 December 2014 - 01:48 PM
#27
Posted 11 December 2014 - 05:17 PM
A further scan, I don't see an option for that. how do I do that?
#28
Posted 12 December 2014 - 07:53 AM
Could you run a fresh FRST scan please
#29
Posted 12 December 2014 - 10:07 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014 (ATTENTION: ====> FRST version is 19 days old and could be outdated)
Ran by SYSTEM on MiniXP-850 on 12-12-2014 09:52:07
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] ()
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [DISCover] => C:\Program Files\DISC\DISCover.exe [1077248 2006-03-16] ()
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [AlwaysReady Power Message APP] => C:\Windows\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)
HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [3012816 2013-04-15] (COMODO)
HKLM\...\Run: [ioloGovernor] => C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe [771344 2013-12-03] (iolo technologies, LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\Compaq_Administrator\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\Compaq_Administrator\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
S2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4443912 2013-04-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127184 2013-04-15] (COMODO)
S2 HidServ; C:\Windows\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S2 ioloFileInfoList; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [92712 2009-10-28] (Authentium, Inc)
S2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [117288 2009-10-28] (Authentium, Inc)
S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [113192 2009-10-28] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
S2 AMP; C:\Windows\System32\DRIVERS\amp.sys [122408 2009-10-28] (Authentium, Inc)
S2 AMPSE; C:\Windows\System32\DRIVERS\ampse.sys [1117224 2009-10-28] (Authentium, Inc)
S3 aracpi; C:\Windows\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)
S3 arhidfltr; C:\Windows\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)
S3 arkbcfltr; C:\Windows\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)
S3 armoucfltr; C:\Windows\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)
S3 ARPolicy; C:\Windows\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [18528 2013-04-15] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [592384 2013-04-15] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32816 2013-04-15] (COMODO)
S1 FileDisk; C:\Windows\System32\Drivers\FileDisk.sys [9341 2008-04-17] (iolo technologies, LLC (based on original work by Bo Brantén))
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23904 2010-07-27] (Logitech Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
S0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99392 2013-04-25] (COMODO)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34176 2006-03-03] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13056 2006-03-03] (NVIDIA Corporation)
S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-07-26] (Raxco Software, Inc.)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S2 vnccom; C:\Windows\System32\Drivers\vnccom.SYS [6016 2004-06-26] (RDV Soft)
S3 vncdrv; C:\Windows\System32\DRIVERS\vncdrv.sys [4736 2004-06-26] (RDV Soft)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S0 XPacket; C:\Windows\System32\xpacket.sys [39424 2008-04-17] (iolo technologies, LLC)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-06 01:28 - 2014-12-10 14:22 - 00000448 _____ () C:\Windows\System32\iolo.ini
2014-12-06 01:25 - 2014-12-06 01:25 - 00263278 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-12-03 02:28 - 2014-12-03 02:28 - 00006002 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.Txt
2014-12-02 19:46 - 2014-10-23 17:14 - 04012982 _____ (NathanScott Apps) C:\Documents and Settings\Compaq_Administrator\Desktop\IDTool.exe
2014-11-29 06:27 - 2014-11-29 06:27 - 00000000 _____ () C:\Windows\System32\smrgdf.txt
2014-11-25 23:32 - 2014-12-11 13:32 - 00000000 ____D () C:\FRST
2014-11-19 23:12 - 2014-11-19 23:12 - 00000000 ____D () C:\_OTL
2014-11-18 00:31 - 2014-11-18 00:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Compaq_Administrator\Desktop\OTL(1).exe
2014-11-18 00:18 - 2014-11-18 00:18 - 00000075 _____ () C:\Windows\setupact.log
2014-11-18 00:18 - 2014-11-18 00:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-17 21:13 - 2014-11-17 21:13 - 00000018 ____H () C:\SYSREST
2014-11-17 19:19 - 2014-11-18 00:18 - 00006837 _____ () C:\Windows\setupapi.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 19:34 - 2010-03-22 23:43 - 00000159 _____ () C:\Windows\wiadebug.log
2014-12-11 19:34 - 2010-03-22 23:43 - 00000050 _____ () C:\Windows\wiaservc.log
2014-12-11 19:34 - 2005-08-30 21:06 - 00001158 _____ () C:\Windows\System32\wpa.dbl
2014-12-11 10:54 - 2010-03-22 23:42 - 00032096 _____ () C:\Windows\SchedLgU.Txt
2014-12-10 14:22 - 2010-03-25 03:44 - 00000429 _____ () C:\Windows\System32\iolo.ini.txt
2014-12-06 01:30 - 2010-03-24 21:22 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\temp
2014-12-06 01:29 - 2010-03-22 22:27 - 01205849 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 01:28 - 2005-11-14 18:58 - 00000000 ____D () C:\Windows\Registration
2014-12-06 01:27 - 2006-05-05 02:59 - 00043531 _____ () C:\Windows\System32\nvapps.xml
2014-12-06 01:25 - 2011-05-08 00:40 - 01048576 _____ () C:\Windows\System32\config\iolo App.evt
2014-12-06 01:25 - 2006-08-29 03:04 - 00000178 ___SH () C:\Documents and Settings\Compaq_Administrator\ntuser.ini
2014-12-06 01:24 - 2011-08-11 02:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-12-03 09:38 - 2005-11-14 18:52 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-03 09:29 - 2005-08-30 21:07 - 00613644 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-02 19:48 - 2006-05-05 03:18 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-11-29 05:39 - 2014-01-01 03:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-22 09:47 - 2013-08-14 08:04 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-22 09:07 - 2006-08-30 06:43 - 100445232 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-18 00:17 - 2005-11-14 19:17 - 00000000 ____D () C:\Windows\System32\Restore
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2004-08-09 21:00] - [2005-03-02 18:19] - 0577024 ____A (Microsoft Corporation) 1800f293bccc8ede8a70e12b88d80036
#30
Posted 12 December 2014 - 11:32 AM
Also are you using minixp to access the system
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users