Can't boot in any mode

View previous topic View next topic Go down

Can't boot in any mode

Post by sammy138 on Wed May 02, 2012 9:06 am

I have some kind of rootkit virus and computer has a blue screen that says "a problem has been detected and windows need to shut down to prevent damage" It also says the same thing in safe mode. It gives Tech info of OXOOOOOO7B (OxF8A2B528, OxCOOOOO34,OxOOOOOOOO, OxOOOOOOOO. I am currently working off a laptop and have already burned a CD of REATOGO used it in infected computer and ran OTLPE program. I don't have a USB to save scan info on and I can't print it out either. Question: Can I run the "Run Fix" on the OTLPE program and see what happens? Maybe those tech numbers can help for what I might need to do next. Thank You for any help!

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed May 02, 2012 9:09 am

Anything you can do to help is appreciated. So much important stuff is on the infected computer that I never backed-up!! I really don't want to wipe everything out. Thanks again!

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed May 02, 2012 10:03 am

I googled the stop error message "OxOOOOOO7B".....it looks like it's some kind of problem that will not allow me to boot the computer up,in any mode

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Wed May 02, 2012 10:38 am

ran OTLPE program. I don't have a USB to save scan info on and I can't print it out either. Question: Can I run the "Run Fix" on the OTLPE program and see what happens? Maybe those tech numbers can help for what I might need to do next.

Hi!

Will you do a Quick Scan and post a log, please?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed May 02, 2012 11:12 am

I did the "run scan", not the "quick scan".... the results are displayed on the infected computer....I don't know how to get the scan log to you. i'm working on a laptop, and infected computer has no internet. I can't even print the log...

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Wed May 02, 2012 11:29 am

Do you have a flash drive or a means of burning CD/DVDs?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed May 02, 2012 11:39 am

no flash drive. i can burn a DVD, but only from the laptop I'm working from. I have the OTL log file showing on infected computer right now. I will gladly post that file, I just don't know how to get it from infected computer to you.

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed May 02, 2012 2:34 pm

Hi again, I'm going to figure out a way to get this file burned to a DVD or I will go buy a flash drive to get the log file to you and post it. By the way, I'm a computer idiot, but I am determined to fix this myself. The free service you guys provide is invaluable. Thank you!

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Thu May 03, 2012 8:33 am

Okay..hope it works out and you can get the log to me..


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Fri May 04, 2012 9:59 am

ok....running REATOGO-X-PE on infected computer now. I see an internet explorer icon on the desktop. I click on it but can't access the internet. infected computer is correctly plugged in to a connection. Question: Is there any settings I can change to connect to internet and then post my scan results? Thanks again!

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Fri May 04, 2012 2:46 pm

Did you use the NET version?

Are you attempting to connect wirelessly?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Sat May 05, 2012 10:17 am

not sure what version it is...i downloaded off this site somewhere....Bunch of icons on the desktop, including Internet explorer. Internet connection is a hardline straight to tower....I shall search for the NET version while waiting for your reply. Thanks!

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Sat May 05, 2012 8:05 pm

It'll have to be what I referred to in Post 6, if the log can be gotten...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Sun May 06, 2012 7:44 am

just bought my first flashdrive....never used one before...wow, so easy a caveman can do it....and...wala!....here's the file you need..Thanks!






OTL logfile created on: 5/6/2012 11:50:46 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 319.00 Mb Available Physical Memory | 63.00% Memory free
462.00 Mb Paging File | 348.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 8.89 Gb Free Space | 26.01% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (servicelayer)
SRV - File not found [Auto] -- -- (se2Dnd5)
SRV - File not found [Auto] -- -- (sandradatasrv)
SRV - File not found [Auto] -- -- (RoxLiveShare9)
SRV - File not found [Auto] -- -- (mcdbus)
SRV - File not found [Auto] -- -- (maya70docserver)
SRV - File not found [Auto] -- -- (lmouflt2)
SRV - File not found [Auto] -- -- (lmimaint)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/26 06:54:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/16 07:13:28 | 000,039,528 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | System] -- -- (ssrtln)
DRV - File not found [File_System | System] -- -- (sscdbhk5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (ialm)
DRV - File not found [File_System | Auto] -- -- (drvnddm)
DRV - File not found [Kernel | Boot] -- -- (drvmcdb)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/04/30 12:19:50 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/10/08 18:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/08 18:29:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 19:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/01 06:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/16 19:03:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/19 14:32:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/19 14:32:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/30 12:19:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [You must be registered and logged in to see this link.] (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} [You must be registered and logged in to see this link.] (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: Macilai - {924F4DA2-3D4D-4BDF-A0A9-1CD87D410811} - C:\WINDOWS\system32\botekcat.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 15:03:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2012/05/02 05:12:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2012/04/30 11:45:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/30 11:45:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/30 11:45:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/30 11:45:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/30 11:44:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/30 07:39:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sam\Recent
[2012/04/29 05:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\vlc
[2012/04/29 05:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/23 21:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\TEXT MSG
[2012/04/23 06:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2012/04/10 21:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
[2012/04/10 16:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Help
[2012/04/10 16:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Help
[2012/04/10 16:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\DefaultTab
[2012/04/10 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\New Folder
[2012/04/10 13:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reincubate
[2012/04/10 13:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reincubate
[2012/04/10 12:55:17 | 000,057,344 | ---- | C] (CodeGuru) -- C:\WINDOWS\System32\CGZipLibrary.dll
[2012/04/10 12:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicBerry for Blackberry
[2012/04/10 11:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Research In Motion
[2012/04/10 10:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\BB Video
[2012/04/10 09:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\BlackBerry
[2010/10/02 09:19:53 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Sam\MSSSerif120.fon
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 12:20:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 12:19:50 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 12:19:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 11:59:11 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 11:59:11 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
[2012/04/30 11:59:03 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 11:26:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 10:57:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 09:03:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 02:17:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 02:16:11 | 000,487,904 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/30 02:10:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
[2012/04/29 06:41:40 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/04/29 04:34:38 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\MediaConverter 7.5.lnk
[2012/04/24 16:45:08 | 018,932,816 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Third 8 - shawn.zip
[2012/04/24 16:43:30 | 017,486,343 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Second 8- shawn.zip
[2012/04/24 16:41:25 | 011,923,627 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\4 th set...5 pics.zip
[2012/04/24 16:12:25 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Frank_Crivelli.vcf
[2012/04/23 21:04:57 | 004,696,137 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\65893080.zip
[2012/04/23 09:21:47 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/04/23 06:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2012/04/23 06:26:15 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2012/04/22 06:25:31 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/04/22 06:25:28 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\27F6FB4FF0.sys
[2012/04/20 09:45:31 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Shortcut to BlackBerry Curve 8330 (April 20, 2012).lnk
[2012/04/20 05:40:52 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/17 06:35:07 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\instr for unempl..dot
[2012/04/16 10:47:26 | 000,978,049 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Zi8_UG_GLB_en.pdf
[2012/04/16 08:47:26 | 002,395,922 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\internalaffairs_AG guidelines.pdf
[2012/04/16 07:55:31 | 000,060,279 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\malicious prosecution legal definition of malicious prosecution_ malicious prosecution synonyms by the Free Online Law Dictionary.htm
[2012/04/16 03:02:24 | 000,067,286 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\New Jersey Court Cases - Court Case Law from NJ - New Jersey Court Opinions.htm
[2012/04/15 21:18:07 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/13 09:37:36 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/13 07:41:55 | 000,021,051 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Arrest, Search Warrants and Probable Cause andrew sandon.htm
[2012/04/13 06:33:19 | 000,079,203 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\exculpatory evidence.pdf
[2012/04/11 18:48:38 | 000,472,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 18:48:38 | 000,084,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 18:45:15 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/10 13:08:05 | 000,001,009 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Backup Extractor.lnk
[2012/04/10 13:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reincubate
[2012/04/10 12:18:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 12:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/10 11:29:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/10 11:29:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/10 11:04:08 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2012/04/10 11:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2012/04/10 08:12:30 | 000,072,186 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\chapter2_sub2.pdf
[2012/04/10 06:12:09 | 000,085,327 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\DV-Model-Policy-Final-12-11-09.pdf
[2012/04/07 09:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 12:19:50 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 11:45:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/30 11:45:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/30 11:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/30 11:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/30 11:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/30 03:58:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/29 04:04:11 | 039,694,728 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\20120322115827-20120322120700.mp4
[2012/04/29 04:02:32 | 115,501,084 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\20120322113500-20120322115826.mp4
[2012/04/26 06:54:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/24 16:45:08 | 018,932,816 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Third 8 - shawn.zip
[2012/04/24 16:43:30 | 017,486,343 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Second 8- shawn.zip
[2012/04/24 16:41:25 | 011,923,627 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\4 th set...5 pics.zip
[2012/04/24 16:11:53 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Frank_Crivelli.vcf
[2012/04/23 21:04:53 | 004,696,137 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\65893080.zip
[2012/04/20 09:45:31 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\Shortcut to BlackBerry Curve 8330 (April 20, 2012).lnk
[2012/04/17 06:35:06 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\instr for unempl..dot
[2012/04/16 10:47:25 | 000,978,049 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Zi8_UG_GLB_en.pdf
[2012/04/16 08:47:23 | 002,395,922 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\internalaffairs_AG guidelines.pdf
[2012/04/16 07:55:28 | 000,060,279 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\malicious prosecution legal definition of malicious prosecution_ malicious prosecution synonyms by the Free Online Law Dictionary.htm
[2012/04/16 03:02:24 | 000,067,286 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\New Jersey Court Cases - Court Case Law from NJ - New Jersey Court Opinions.htm
[2012/04/13 07:41:54 | 000,021,051 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Arrest, Search Warrants and Probable Cause andrew sandon.htm
[2012/04/13 06:33:19 | 000,079,203 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\exculpatory evidence.pdf
[2012/04/11 18:45:15 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/10 13:08:04 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Backup Extractor.lnk
[2012/04/10 11:29:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/10 11:29:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/10 08:12:30 | 000,072,186 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\chapter2_sub2.pdf
[2012/04/10 06:12:09 | 000,085,327 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\DV-Model-Policy-Final-12-11-09.pdf
[2012/02/16 06:21:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/15 09:49:16 | 000,487,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/23 22:41:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP120JPR.{PB
[2011/05/23 22:41:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP120JCM.{PB
[2011/05/07 06:19:37 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\n6h25172uf1fx7546axdkc78k703814ff8xse
[2011/05/07 06:19:37 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n6h25172uf1fx7546axdkc78k703814ff8xse
[2011/04/23 20:33:40 | 000,016,070 | -HS- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 20:33:40 | 000,016,070 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/03/05 22:39:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/11/03 18:04:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/04 16:14:59 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2010/10/02 11:07:16 | 000,074,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 09:58:09 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 23:07:18 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Sam\pool.bin
[2010/07/15 10:32:26 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/15 10:32:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\27F6FB4FF0.sys
[2010/07/12 20:39:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/11 08:55:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/11 08:38:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2010/07/11 08:36:37 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2010/07/11 08:36:37 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2010/07/11 08:16:42 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/07/11 08:16:42 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/07/11 07:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cfgigavi.exe
[2010/07/11 07:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\binebas.dll
[2010/07/10 23:11:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/15 02:43:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 02:36:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/15 02:31:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 02:26:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/15 02:07:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/15 02:07:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/15 02:07:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:59:28 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:30 | 006,627,328 | ---- | C] () -- C:\WINDOWS\System32\mp3ucvox.exe
[2004/08/10 14:51:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\zapitie.dll
[2004/08/10 14:51:30 | 001,318,912 | ---- | C] () -- C:\WINDOWS\System32\jobopcer.dll
[2004/08/10 14:51:30 | 000,901,120 | ---- | C] () -- C:\WINDOWS\System32\botekcat.dll
[2004/08/10 14:51:30 | 000,433,448 | ---- | C] () -- C:\WINDOWS\System32\dotipdrv32.dll
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,472,970 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,084,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2012/04/10 21:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
[2011/09/26 17:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\D7fEL8gTZjCkVNx
[2012/04/10 16:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\DefaultTab
[2012/04/12 05:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ecyxzi
[2010/07/11 09:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\FUJIFILM
[2012/03/28 06:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Icoxxi
[2011/10/15 04:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Inynab
[2010/10/02 09:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Leadertech
[2011/10/15 04:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Muapc
[2010/07/11 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\OpenOffice.org
[2012/03/05 17:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ovfutav
[2011/09/26 17:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\P0ycS1ivDoGaHsK
[2011/10/17 08:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\QuickScan
[2010/08/24 16:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Research In Motion
[2010/09/23 16:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\uTorrent
[2012/03/05 20:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Zyum
[2010/11/03 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/03 22:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/24 08:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/11 08:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2005/12/15 02:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/20 20:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========


< End of report >

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Sun May 06, 2012 10:06 am

DRV - [2012/04/30 12:19:50 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)

O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)

[2012/04/30 12:19:50 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 11:45:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/30 11:45:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/30 11:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/30 11:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/30 11:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

Why was ComboFix used in the first place? That's what was used, which made the computer unbootable.

Where was ComboFix downloaded? I must know this information so we can proceed to the best possible fix. If I know where it was downloaded, then I will know how to reverse the changes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Sun May 06, 2012 10:50 am

i downloaded comco fix from your site, like two years ago....to fix a problem back then.......I never deleted it..kept it on my infected computer....and used it again, to try a self fix for my current problem.....

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Mon May 07, 2012 5:31 am

I left combofix as an icon on my desktop for like 2 years...i know, i should have deleted it......I clicked on the icon to open it up....it then said there was an update available, would i like to update?...I answered yes, and i have no idea what site I actually went to..........

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Mon May 07, 2012 5:43 am

sorry, forgot to answer your other question........I "thought" it would be a good idea to try combofix because everytime I kept running maleware, it would show 6 or so rootkit virus....and they weren't getting removed upon rebooting......sooo, it was me, thinking I "knew" how to fix this with combofix because it was used 2 years ago for something else....yea...all this from the guy that just bought his first flash drive....

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Mon May 07, 2012 8:28 am

Please save the following instructions into Notepad and print it out as this webpage would not be available when you're carrying out the process.

1.Please reboot into Recovery Console as you did before.

2.You must enter which Windows installation to log onto. Type 1 and press Enter.

3.At the C:\Windows prompt, type the following bolded command, and press Enter:

set allowallpaths = true

4.At the next prompt type without the quotes "cd erdnt\subs" and hit Enter.

5.At the next prompt, please type in the following without the quotes: "batch erdnt.con" and hit Enter.

The erunt backups should begin copying backup files. At the next prompt after it is complete, Type exit.

kindly reboot your pc and tell me if Windows is loading now


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Mon May 07, 2012 9:32 am

i'm sorry, is recovery console the reatogo program? Or am I booting without that and just going into the f1 or f2 key?

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Tue May 08, 2012 4:58 pm

The Recovery Console should be a secondary boot option created by ComboFix in the past...is it not there?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed May 09, 2012 5:46 am

no, i don't see it. the only way i can boot up the bad computer is thru the reatogo disk

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Wed May 09, 2012 8:36 am

Do you have XP or XP-Recovery Disc?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed May 09, 2012 9:00 am

no, only reatogo

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Wed May 09, 2012 10:52 am

Please create your own Recovery Disc using this tutorial:

Download [You must be registered and logged in to see this link.] and save it somewhere you can find it.

Download [You must be registered and logged in to see this link.] and install it.

Start MagicISO. When it asks you to register, just close that window...the program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed drop-down menu, choose the top 8X setting. Format should have "Mode 1" selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart.

Once in the Recovery Console, do what's in this post please: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Thu May 10, 2012 8:30 am

Thx, I'm working on it now!

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Thu May 10, 2012 9:44 am

ok, did all instructions exactly as you said,got into windows recovery and typed all previous instructions exactly. It is not rebooting in normal mode or safe mode......I even went back to boot settings F2 and tried to boot from hard drive....still getting blue screen with error message 0x0000007B

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Thu May 10, 2012 10:33 am

Go back in to the Recovery Console as before and type: fixmbr - it will ask and confirm...once done it will reboot. See if it will boot normally into Windows.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Thu May 10, 2012 10:48 am

in here now...pressed 1 to get into windows next prompt i typed fixmbr ...it now says "are you sure you want to write a new MBR?" i hit "enter and it just repeats same question. It appears i can only put 1 letter or number in there??

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Thu May 10, 2012 10:58 am

ok...i just typed in "y" for yes and it now says the new master boot record has been successfully written.....below that it now shows

C:\WINDOWS> what do i type in this spot? Thx!!

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Thu May 10, 2012 11:08 am

Type in Exit.

It should reboot your computer. Tell me the results.

I'll be back later 3+ hours. Honored


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Thu May 10, 2012 11:11 am

ok

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Thu May 10, 2012 11:29 am

still not booting in safe, normal or last know settings...?

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Thu May 10, 2012 6:51 pm

Next command in Recovery:

fixboot


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Fri May 11, 2012 10:28 am

just did that...the new bootsector was suceddfully written
..C;\WINDOWS> what to type now? exit? reboot?? thanks again

sammy138
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-11
OS OS : windows xp
Points Points : 23718
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by Dr Jay on Fri May 11, 2012 4:02 pm

Good. Type exit and it should reboot.

Tell me if that helped to boot the computer...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum