how-to block ads
|
|
Share Topic
 |
 |
|
Syco C
join:2009-05-19
Nicholasville, KY | reply to Syco C
Re: Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES, etc. here is the log from normal startup.. that I thought crashed cause when I came in 3 boxes were up saying that "is not a valid win32 application" but here it is if it helps.. im going to bed.. tomorrow im goign to follow the guide u posted and post back with all the details of how that went.. this other process took all night, and I didnt get anything fixed.
appreciate the help | |
Syco C
join:2009-05-19
Nicholasville, KY | LOL my bad.. here it is
Start Time= Fri 05/22/2009 0:24:59.35
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-05-22 00:20:06 389120 ( A.... ) "C:\WINDOWS\system32\cmd.execf"
2009-05-22 00:06:36 64512 ( A..H. ) "C:\Documents and Settings\Owner\Application Data\dach100.dll"
2009-05-21 21:37:00 2969300 ( A...R ) "C:\ComboFix.exe"
2009-05-21 21:26:42 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Malwarebytes"
2009-05-21 21:25:22 ( .D... ) "C:\Program Files\Malwarebytes' Anti-Malware"
2009-05-21 21:18:20 ( .D... ) "C:\Program Files\SUPERAntiSpyware"
2009-05-21 21:18:20 ( .D... ) "C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com"
2009-05-20 20:37:04 130048 ( A.... ) "C:\WINDOWS\PEV.exe"
2009-05-05 18:57:52 148888 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\java.exe"
2009-05-05 18:57:50 410984 ( A.... ) "C:\WINDOWS\system32\deploytk.dll"
2009-04-20 12:56:28 31232 ( A.... ) "C:\WINDOWS\NIRCMD.exe"
2009-04-17 18:15:12 156672 ( A.... ) "C:\WINDOWS\system32\rmc_fixasf.exe"
2009-04-17 18:15:10 237568 ( A.... ) "C:\WINDOWS\system32\rmc_rtspdl.dll"
2009-04-17 18:14:06 323584 ( A.... ) "C:\WINDOWS\system32\AUDIOGENIE2.DLL"
2009-04-15 11:34:56 ( .D... ) "C:\Program Files\AskBarDis"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\DVDVideoSoft"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\Common Files\DVDVideoSoft"
2009-04-07 14:47:54 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2009-04-06 10:57:24 24921544 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2009-03-21 10:06:58 989696 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2009-03-16 15:38:20 2528 ( A.... ) "C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc"
2009-03-06 10:22:18 284160 ( A.... ) "C:\WINDOWS\system32\pdh.dll"
2009-03-02 20:18:26 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"LTMSG"="LTMSG.exe 7"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe\" /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\COMODO\\Firewall\\cfp.exe\" -s"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"egui"="\"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Battery Doubler.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Battery Doubler.lnk"
"backup"="C:\\WINDOWS\\pss\\Battery Doubler.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\DACHSH~1\\BATTER~1\\BATTER~1.EXE "
"item"="Battery Doubler"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: Fri 05/22/2009 0:29:03.25
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt | |
|
