Inactive [InActive] No Wifi, no sound, unable to reset to factory condition.

No, nothing has changed. I pasted the code into the cmd window, the program ran, restarted the computer, adapters were installed, but no connection. I went into Network Connection to create a new connection but I still can't advance past the type of connection window.

So... the mini notebook can not run Help and Support, create new connections, or reset to factory conditions, and there is no sound. What could have caused this chaos? Hmmm...**** those little faeries...

oh btw Happy New Year!

 

Please download this tool and run it on the affected PC. Save the log and post it here please.

 

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP1\snapshot

10/26/2008 11:30 AM 24,576 _REGISTRY_MACHINE_SAM
10/26/2008 11:30 AM 45,056 _REGISTRY_MACHINE_SECURITY
10/26/2008 11:30 AM 18,432,000 _REGISTRY_MACHINE_SOFTWARE
10/26/2008 11:30 AM 4,554,752 _REGISTRY_MACHINE_SYSTEM
10/26/2008 11:30 AM 253,952 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP10\snapshot

10/28/2008 08:37 PM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 08:37 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 08:37 PM 20,160,512 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 08:37 PM 5,197,824 _REGISTRY_MACHINE_SYSTEM
10/28/2008 08:37 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 08:37 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 08:37 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 08:37 PM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 08:37 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 08:37 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 08:37 PM 20,480 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP11\snapshot

10/28/2008 08:41 PM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 08:41 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 08:41 PM 20,549,632 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 08:41 PM 5,210,112 _REGISTRY_MACHINE_SYSTEM
10/28/2008 08:41 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 08:41 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 08:41 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 08:41 PM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 08:41 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 08:41 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 08:41 PM 20,480 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP12\snapshot

10/28/2008 10:01 PM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 10:01 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 10:01 PM 20,557,824 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 10:01 PM 5,214,208 _REGISTRY_MACHINE_SYSTEM
10/28/2008 10:01 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 10:01 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 10:01 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 10:01 PM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 10:01 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 10:01 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 10:01 PM 20,480 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP13\snapshot

10/28/2008 10:03 PM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 10:03 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 10:03 PM 20,590,592 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 10:03 PM 5,214,208 _REGISTRY_MACHINE_SYSTEM
10/28/2008 10:03 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 10:03 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 10:03 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 10:03 PM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 10:03 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 10:03 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 10:03 PM 159,744 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP14\snapshot

10/29/2008 08:27 PM 24,576 _REGISTRY_MACHINE_SAM
10/29/2008 08:26 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/29/2008 08:27 PM 21,471,232 _REGISTRY_MACHINE_SOFTWARE
10/29/2008 08:27 PM 5,283,840 _REGISTRY_MACHINE_SYSTEM
10/29/2008 08:26 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/29/2008 08:26 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/29/2008 08:26 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/29/2008 08:26 PM 1,384,448 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/29/2008 08:26 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/29/2008 08:26 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/29/2008 08:26 PM 163,840 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP15\snapshot

11/02/2008 10:00 PM 24,576 _REGISTRY_MACHINE_SAM
11/02/2008 10:00 PM 49,152 _REGISTRY_MACHINE_SECURITY
11/02/2008 10:00 PM 21,512,192 _REGISTRY_MACHINE_SOFTWARE
11/02/2008 10:00 PM 5,312,512 _REGISTRY_MACHINE_SYSTEM
11/02/2008 10:00 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/02/2008 10:00 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
11/02/2008 10:00 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
11/02/2008 10:00 PM 1,650,688 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
11/02/2008 10:00 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/02/2008 10:00 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
11/02/2008 10:00 PM 163,840 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP16\snapshot

11/03/2008 08:51 PM 24,576 _REGISTRY_MACHINE_SAM
11/03/2008 08:51 PM 49,152 _REGISTRY_MACHINE_SECURITY
11/03/2008 08:51 PM 22,847,488 _REGISTRY_MACHINE_SOFTWARE
11/03/2008 08:51 PM 5,337,088 _REGISTRY_MACHINE_SYSTEM
11/03/2008 08:51 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/03/2008 08:50 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
11/03/2008 08:50 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
11/03/2008 08:50 PM 1,650,688 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
11/03/2008 08:50 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/03/2008 08:50 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
11/03/2008 08:50 PM 163,840 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP17\snapshot

11/05/2008 05:01 PM 24,576 _REGISTRY_MACHINE_SAM
11/05/2008 05:01 PM 49,152 _REGISTRY_MACHINE_SECURITY
11/05/2008 05:01 PM 23,400,448 _REGISTRY_MACHINE_SOFTWARE
11/05/2008 05:01 PM 5,390,336 _REGISTRY_MACHINE_SYSTEM
11/05/2008 05:01 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/05/2008 05:01 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
11/05/2008 05:01 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
11/05/2008 05:01 PM 2,179,072 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
11/05/2008 05:01 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/05/2008 05:01 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
11/05/2008 05:01 PM 163,840 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP18\snapshot

11/06/2008 05:18 PM 24,576 _REGISTRY_MACHINE_SAM
11/06/2008 05:18 PM 49,152 _REGISTRY_MACHINE_SECURITY
11/06/2008 05:18 PM 23,400,448 _REGISTRY_MACHINE_SOFTWARE
11/06/2008 05:18 PM 5,394,432 _REGISTRY_MACHINE_SYSTEM
11/06/2008 05:18 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/06/2008 05:18 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
11/06/2008 05:18 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
11/06/2008 05:18 PM 2,179,072 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
11/06/2008 05:18 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/06/2008 05:18 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
11/06/2008 05:18 PM 163,840 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP19\snapshot

11/10/2008 12:09 AM 24,576 _REGISTRY_MACHINE_SAM
11/10/2008 12:09 AM 49,152 _REGISTRY_MACHINE_SECURITY
11/10/2008 12:09 AM 23,404,544 _REGISTRY_MACHINE_SOFTWARE
11/10/2008 12:09 AM 5,402,624 _REGISTRY_MACHINE_SYSTEM
11/10/2008 12:09 AM 524,288 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/10/2008 12:09 AM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
11/10/2008 12:09 AM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
11/10/2008 12:09 AM 2,179,072 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
11/10/2008 12:09 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/10/2008 12:09 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
11/10/2008 12:09 AM 163,840 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP2\snapshot

10/25/2008 08:42 PM 24,576 _REGISTRY_MACHINE_SAM
10/25/2008 08:42 PM 45,056 _REGISTRY_MACHINE_SECURITY
10/25/2008 08:42 PM 19,591,168 _REGISTRY_MACHINE_SOFTWARE
10/25/2008 08:42 PM 5,038,080 _REGISTRY_MACHINE_SYSTEM
10/25/2008 08:42 PM 253,952 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/25/2008 08:42 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/25/2008 08:42 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/25/2008 08:42 PM 749,568 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/25/2008 08:42 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/25/2008 08:42 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/25/2008 08:42 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP20\snapshot

11/11/2008 06:31 PM 24,576 _REGISTRY_MACHINE_SAM
11/11/2008 06:31 PM 49,152 _REGISTRY_MACHINE_SECURITY
11/11/2008 06:31 PM 23,400,448 _REGISTRY_MACHINE_SOFTWARE
11/11/2008 06:31 PM 5,402,624 _REGISTRY_MACHINE_SYSTEM
11/11/2008 06:31 PM 524,288 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/11/2008 06:31 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
11/11/2008 06:31 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
11/11/2008 06:31 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/11/2008 06:31 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP21\snapshot

11/16/2008 12:50 AM 24,576 _REGISTRY_MACHINE_SAM
11/16/2008 12:50 AM 49,152 _REGISTRY_MACHINE_SECURITY
11/16/2008 12:50 AM 23,400,448 _REGISTRY_MACHINE_SOFTWARE
11/16/2008 12:50 AM 5,406,720 _REGISTRY_MACHINE_SYSTEM
11/16/2008 12:50 AM 524,288 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/16/2008 12:50 AM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
11/16/2008 12:50 AM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
11/16/2008 12:50 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/16/2008 12:50 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP3\snapshot

10/25/2008 08:43 PM 24,576 _REGISTRY_MACHINE_SAM
10/25/2008 08:43 PM 45,056 _REGISTRY_MACHINE_SECURITY
10/25/2008 08:43 PM 19,595,264 _REGISTRY_MACHINE_SOFTWARE
10/25/2008 08:43 PM 5,038,080 _REGISTRY_MACHINE_SYSTEM
10/25/2008 08:43 PM 253,952 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/25/2008 08:43 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/25/2008 08:43 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/25/2008 08:43 PM 749,568 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/25/2008 08:43 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/25/2008 08:43 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/25/2008 08:43 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP4\snapshot

10/25/2008 08:46 PM 24,576 _REGISTRY_MACHINE_SAM
10/25/2008 08:46 PM 45,056 _REGISTRY_MACHINE_SECURITY
10/25/2008 08:46 PM 19,595,264 _REGISTRY_MACHINE_SOFTWARE
10/25/2008 08:46 PM 5,046,272 _REGISTRY_MACHINE_SYSTEM
10/25/2008 08:46 PM 253,952 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/25/2008 08:46 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/25/2008 08:46 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/25/2008 08:46 PM 749,568 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/25/2008 08:46 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/25/2008 08:46 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/25/2008 08:46 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP5\snapshot

10/27/2008 02:24 PM 24,576 _REGISTRY_MACHINE_SAM
10/27/2008 02:24 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/27/2008 02:24 PM 19,795,968 _REGISTRY_MACHINE_SOFTWARE
10/27/2008 02:24 PM 5,120,000 _REGISTRY_MACHINE_SYSTEM
10/27/2008 02:24 PM 258,048 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/27/2008 02:24 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/27/2008 02:24 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/27/2008 02:24 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/27/2008 02:24 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP6\snapshot

10/28/2008 06:20 AM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 06:20 AM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 06:20 AM 19,804,160 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 06:20 AM 5,144,576 _REGISTRY_MACHINE_SYSTEM
10/28/2008 06:20 AM 258,048 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 06:20 AM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 06:20 AM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 06:20 AM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 06:20 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 06:20 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 06:20 AM 20,480 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP7\snapshot

10/28/2008 07:54 PM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 07:54 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 07:54 PM 19,812,352 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 07:54 PM 5,169,152 _REGISTRY_MACHINE_SYSTEM
10/28/2008 07:54 PM 258,048 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 07:54 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 07:54 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 07:54 PM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 07:54 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 07:54 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 07:54 PM 20,480 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP8\snapshot

10/28/2008 08:33 PM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 08:33 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 08:33 PM 20,148,224 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 08:33 PM 5,197,824 _REGISTRY_MACHINE_SYSTEM
10/28/2008 08:33 PM 258,048 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 08:33 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 08:33 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 08:33 PM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 08:33 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 08:33 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 08:33 PM 20,480 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006

Directory of C:\system volume information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP9\snapshot

10/28/2008 08:36 PM 24,576 _REGISTRY_MACHINE_SAM
10/28/2008 08:36 PM 49,152 _REGISTRY_MACHINE_SECURITY
10/28/2008 08:36 PM 20,160,512 _REGISTRY_MACHINE_SOFTWARE
10/28/2008 08:36 PM 5,197,824 _REGISTRY_MACHINE_SYSTEM
10/28/2008 08:36 PM 262,144 _REGISTRY_USER_.DEFAULT
10/26/2008 11:22 AM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/28/2008 08:36 PM 245,760 _REGISTRY_USER_NTUSER_S-1-5-19
10/28/2008 08:36 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
10/28/2008 08:36 PM 1,314,816 _REGISTRY_USER_NTUSER_S-1-5-21-1618656104-1170644015-4075408155-1006
10/28/2008 08:36 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/28/2008 08:36 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/28/2008 08:36 PM 20,480 _REGISTRY_USER_USRCLASS_S-1-5-21-1618656104-1170644015-4075408155-1006


Directory of C:\WINDOWS\erdnt

12/01/2008 03:00 AM <DIR> .
12/01/2008 03:00 AM <DIR> ..
12/01/2008 02:15 AM 110 CFrecovery.bat
12/01/2008 03:00 AM <DIR> Hiv-backup
12/01/2008 02:49 AM <DIR> subs

Directory of C:\WINDOWS\erdnt\Hiv-backup

12/01/2008 03:00 AM <DIR> .
12/01/2008 03:00 AM <DIR> ..
12/01/2008 03:00 AM 524,288 default
12/01/2008 03:00 AM 673 ERDNT.CON
10/20/2005 08:02 PM 163,328 ERDNT.EXE
12/01/2008 03:00 AM 1,010 ERDNT.INF
08/31/2000 08:00 AM 2,815 ERDNTDOS.LOC
08/31/2000 08:00 AM 3,275 ERDNTWIN.LOC
12/01/2008 03:00 AM 24,576 SAM
12/01/2008 03:00 AM 49,152 SECURITY
12/01/2008 03:00 AM 23,486,464 software
12/01/2008 03:00 AM 5,402,624 system
12/01/2008 03:00 AM <DIR> Users

Directory of C:\WINDOWS\erdnt\Hiv-backup\Users

12/01/2008 03:00 AM <DIR> .
12/01/2008 03:00 AM <DIR> ..
12/01/2008 03:00 AM <DIR> 00000001
12/01/2008 03:00 AM <DIR> 00000002
12/01/2008 03:00 AM <DIR> 00000003
12/01/2008 03:00 AM <DIR> 00000004

Directory of C:\WINDOWS\erdnt\Hiv-backup\Users\00000001

12/01/2008 03:00 AM <DIR> .
12/01/2008 03:00 AM <DIR> ..
12/01/2008 03:00 AM 241,664 NTUSER.DAT

Directory of C:\WINDOWS\erdnt\Hiv-backup\Users\00000002

12/01/2008 03:00 AM <DIR> .
12/01/2008 03:00 AM <DIR> ..
12/01/2008 03:00 AM 8,192 UsrClass.dat

Directory of C:\WINDOWS\erdnt\Hiv-backup\Users\00000003

12/01/2008 03:00 AM <DIR> .
12/01/2008 03:00 AM <DIR> ..
12/01/2008 03:00 AM 3,231,744 NTUSER.DAT

Directory of C:\WINDOWS\erdnt\Hiv-backup\Users\00000004

12/01/2008 03:00 AM <DIR> .
12/01/2008 03:00 AM <DIR> ..
12/01/2008 03:00 AM 163,840 UsrClass.dat

Directory of C:\WINDOWS\erdnt\subs

12/01/2008 02:49 AM <DIR> .
12/01/2008 02:49 AM <DIR> ..
12/01/2008 02:49 AM 524,288 default
12/01/2008 02:49 AM 673 ERDNT.CON
10/20/2005 08:02 PM 163,328 ERDNT.EXE
12/01/2008 02:49 AM 460 ERDNT.INF
08/31/2000 08:00 AM 2,815 ERDNTDOS.LOC
08/31/2000 08:00 AM 3,275 ERDNTWIN.LOC
12/01/2008 02:49 AM 24,576 SAM
12/01/2008 02:49 AM 49,152 SECURITY
12/01/2008 02:49 AM 23,486,464 software
12/01/2008 02:49 AM 5,402,624 system

 

First I'd like you to download the latest version of ComboFix and transfer to the machine. Then, install the Recovery Console as outlined below.


You need to download the installation package for the Setup Disks for Floppy Boot Install from Microsoft so that we can use it to install the Recovery Console on your computer. No validation required! Please select the download link below that's appropriate for your Operating System then download and save the setup package to your desktop. If necessary, change the language version to match your installation. Do NOT change the name of the downloaded file!

• Microsoft Windows XP Home Edition
  • Without Service Packs
    http://www.microsoft.com/downloads/details.aspx?FamilyID=E8FE6868-6E4F-471C-B455-BD5AFEE126D8
    
    
  • Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?FamilyID=FBE5E4FC-695F-43E5-AF05-719F45C382A4
    
    
  • Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464
  
  
  
• Microsoft Windows XP Professional
  • Without Service Packs
    http://www.microsoft.com/downloads/details.aspx?FamilyID=55820EDB-5039-4955-BCB7-4FED408EA73F
    
    
  • Service Pack 1
    http://www.microsoft.com/downloads/details.aspx?FamilyID=83F53BE9-28FA-40E8-8EC2-631504EF5E26
    
    
  • Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124

If Service Pack 3 is installed, use the appropriate Service Pack 2 download


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, no need to continue the scan. ComboFix will exit and a log will open that should show the Recovery Console was successfully installed.

Click here to see an image of how to install the Recovery Console using ComboFix.


Please do not reboot your machine until we have reviewed the log.


Once that's done, I propose trying to use a SYSTEM registry hive from a previous System Restore point to see if this problem can be corrected. If you're game, continue as described below.

Disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

FMove::
C:\WINDOWS\erdnt\Hiv-backup\system|C:\WINDOWS\erdnt\Hiv-backup\system.old
SCopy::
{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP21\snapshot\_REGISTRY_MACHINE_SYSTEM|C:\WINDOWS\erdnt\Hiv-backup\system

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

The Log after installation:

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

Looks great

 

ComboFix 08-12-31.01 - Kimberly 2009-01-02 5:27:24.3 - NTFSx86

Running from: c:\documents and settings\Kimberly\Desktop\ComboFix.exe
Command switches used :: e:\documents\Downloads\cfscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\autorun.ini
E:\AUTORUN.INF

.
--------------- FMove ---------------

c:\windows\erdnt\Hiv-backup\system --> c:\windows\erdnt\Hiv-backup\system.old
.
--------------- SCopy ---------------

{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP21\snapshot\_REGISTRY_MACHINE_SYSTEM --> c:\windows\erdnt\Hiv-backup\system
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-02 05:18 . 2005-05-03 18:43 69,632 --a------ c:\windows\Alcmtr.exe
2009-01-02 05:13 . 2009-01-02 05:14 <DIR> d-------- c:\windows\system32\autorun
2008-12-29 12:30 . 2008-12-29 12:30 <DIR> d-------- c:\program files\Windows Resource Kits
2008-12-11 04:06 . 2008-12-11 04:06 <DIR> d-------- c:\program files\Uniblue
2008-12-11 04:06 . 2008-12-11 04:06 <DIR> d-------- c:\documents and settings\Kimberly\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 10:30 516,128 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-02 10:19 6,380 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-28 22:30 4,259,851 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-28 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-28 07:13 --------- d-----w c:\program files\ZoneAlarmSB
2008-11-28 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-28 07:09 --------- d-----w c:\program files\Zone Labs
2008-11-28 06:51 --------- d-----w c:\program files\Trend Micro
2008-11-28 05:11 --------- d-----w c:\program files\Recuva
2008-11-28 04:52 --------- d-----w c:\program files\Yahoo!
2008-11-28 04:52 --------- d-----w c:\program files\CCleaner
2008-11-28 03:49 --------- d-----w c:\program files\Microsoft Works
2008-11-28 03:49 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-28 02:49 --------- d-----w c:\program files\Google
2008-11-16 16:19 --------- d-----w c:\documents and settings\NetworkService\Application Data\SACore
2008-11-16 05:52 14,336 ----a-w c:\windows\system32\svchost.exe
2008-11-04 17:02 --------- d-----w c:\program files\Ares
2008-11-04 02:21 --------- d-----w c:\documents and settings\Kimberly\Application Data\LimeWire
2008-11-04 01:52 --------- d-----w c:\program files\iTunes
2008-11-04 01:52 --------- d-----w c:\documents and settings\Kimberly\Application Data\Apple Computer
2008-11-04 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-04 01:51 --------- d-----w c:\program files\iPod
2008-11-04 01:50 --------- d-----w c:\program files\QuickTime
2008-11-04 01:50 --------- d-----w c:\program files\Bonjour
2008-11-04 01:49 --------- d-----w c:\program files\Common Files\Apple
2008-11-04 01:48 --------- d-----w c:\program files\Apple Software Update
2008-11-04 01:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-04 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-03 19:57 --------- d-----w c:\program files\SiteAdvisor
2008-11-03 04:17 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-03 02:01 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-03 01:59 --------- d-----w c:\program files\McAfee
2008-10-30 00:35 0 ----a-w c:\documents and settings\Kimberly\Application Data\wklnhst.dat
2008-08-15 17:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Uniblue RegistryBooster 2 "= "c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 1927448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" [X]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel "= "c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"LManager "= "c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"PLFSetL "= "c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService "= "c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"RTHDCPL "= "RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]

c:\documents and settings\Kimberly\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-06-04 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-08-15 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1008&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1008&m=aoa150
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kimberly\Application Data\Mozilla\Firefox\Profiles\zn7gc23p.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 05:30:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-02 5:31:48
ComboFix-quarantined-files.txt 2009-01-02 10:31:44
ComboFix2.txt 2008-12-01 08:00:53
ComboFix3.txt 2008-12-01 07:34:20

Pre-Run: 102,582,542,336 bytes free
Post-Run: 102,569,590,784 bytes free

148 --- E O F --- 2008-11-03 03:03:08

 

Now open c:\windows\erdnt\Hiv-backup and double click erdnt.exe
Select ONLY the System registry then click OK.
Reboot when prompted.
If you suffer any hiccups upon reboot, do nothing and let me know.
If all goes well, let me know if the network connection works again.

 

no, i can not create a network connection.

 

Any chance you know what date (even approximate) the network connection went missing?

 

I'm going to say not until after October of 2008.

 

Reviewing the available registry backups here, it appears the oldest one available is 10-25
The one I used previously was from 11-16
Would you like to try another?
Is it possible to zip up some of those backups and email to me for a closer look? If so, I will post instructions for obtaining them.

 

Yes, I'm going to need help with that.

 

Disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

FMove::
C:\WINDOWS\erdnt\Hiv-backup\system|C:\WINDOWS\erdnt\Hiv-backup\11_16system.old
SCopy::
{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP2\snapshot\_REGISTRY_MACHINE_SYSTEM|C:\WINDOWS\erdnt\Hiv-backup\system

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

ComboFix 08-12-31.01 - Kimberly 2009-01-09 3:28:49.3 - NTFSx86

Running from: c:\documents and settings\Kimberly\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kimberly\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FMove ---------------

c:\windows\erdnt\Hiv-backup\system --> c:\windows\erdnt\Hiv-backup\11_16system.old
.
--------------- SCopy ---------------

{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP2\snapshot\_REGISTRY_MACHINE_SYSTEM --> c:\windows\erdnt\Hiv-backup\system
.
((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-02 05:18 . 2005-05-03 18:43 69,632 --a------ c:\windows\ALCMTR.EXE
2009-01-02 05:13 . 2009-01-02 05:14 <DIR> d-------- c:\windows\system32\autorun
2008-12-29 12:30 . 2008-12-29 12:30 <DIR> d-------- c:\program files\Windows Resource Kits
2008-12-11 04:06 . 2008-12-11 04:06 <DIR> d-------- c:\program files\Uniblue
2008-12-11 04:06 . 2008-12-11 04:06 <DIR> d-------- c:\documents and settings\Kimberly\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 08:29 596,000 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-04 02:00 7,724 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-28 22:30 4,259,851 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-28 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-28 07:13 --------- d-----w c:\program files\ZoneAlarmSB
2008-11-28 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-28 07:09 --------- d-----w c:\program files\Zone Labs
2008-11-28 06:51 --------- d-----w c:\program files\Trend Micro
2008-11-28 05:11 --------- d-----w c:\program files\Recuva
2008-11-28 04:52 --------- d-----w c:\program files\Yahoo!
2008-11-28 04:52 --------- d-----w c:\program files\CCleaner
2008-11-28 03:49 --------- d-----w c:\program files\Microsoft Works
2008-11-28 03:49 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-28 02:49 --------- d-----w c:\program files\Google
2008-11-16 16:19 --------- d-----w c:\documents and settings\NetworkService\Application Data\SACore
2008-11-16 05:52 14,336 ----a-w c:\windows\system32\svchost.exe
2008-10-30 00:35 0 ----a-w c:\documents and settings\Kimberly\Application Data\wklnhst.dat
2008-08-15 17:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Uniblue RegistryBooster 2 "= "c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 1927448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" [X]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel "= "c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"LManager "= "c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"PLFSetL "= "c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService "= "c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"RTHDCPL "= "RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]

c:\documents and settings\Kimberly\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-06-04 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-08-15 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1008&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1008&m=aoa150
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kimberly\Application Data\Mozilla\Firefox\Profiles\zn7gc23p.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 03:29:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-09 3:31:00
ComboFix-quarantined-files.txt 2009-01-09 08:30:55
ComboFix2.txt 2009-01-02 10:31:50
ComboFix3.txt 2008-12-01 08:00:53
ComboFix4.txt 2008-12-01 07:34:20

Pre-Run: 102,625,820,672 bytes free
Post-Run: 102,615,883,776 bytes free

133 --- E O F --- 2008-11-03 03:03:08

 

Great! Navigate to c:\windows\erdnt\Hiv-backup and run ERDNT.exe
Select to restore the System registry only and process it.
Reboot when prompted and test the network connection.

 

Before I progress, these prompts appeared:

Unable to create a backup of the current registry file C:\WINDOWS\system32\config\SECURITY! Clicked Yes

Error restoring C:\WINDOWS\ERDNT\Hiv-backups\system to C:\WINDOWS\system32\config\system! Clicked No.

So I'm not going to go any further until it's safe. XD

 

Reboot and try once more.

 

Unsuccessful.

 

Unsuccessful.