Can't boot in any mode

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Can't boot in any mode

Post by sammy138 on Wed 02 May 2012, 8:06 pm

I have some kind of rootkit virus and computer has a blue screen that says "a problem has been detected and windows need to shut down to prevent damage" It also says the same thing in safe mode. It gives Tech info of OXOOOOOO7B (OxF8A2B528, OxCOOOOO34,OxOOOOOOOO, OxOOOOOOOO. I am currently working off a laptop and have already burned a CD of REATOGO used it in infected computer and ran OTLPE program. I don't have a USB to save scan info on and I can't print it out either. Question: Can I run the "Run Fix" on the OTLPE program and see what happens? Maybe those tech numbers can help for what I might need to do next. Thank You for any help!

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed 02 May 2012, 8:09 pm

Anything you can do to help is appreciated. So much important stuff is on the infected computer that I never backed-up!! I really don't want to wipe everything out. Thanks again!

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed 02 May 2012, 9:03 pm

I googled the stop error message "OxOOOOOO7B".....it looks like it's some kind of problem that will not allow me to boot the computer up,in any mode

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Wed 02 May 2012, 9:38 pm

ran OTLPE program. I don't have a USB to save scan info on and I can't print it out either. Question: Can I run the "Run Fix" on the OTLPE program and see what happens? Maybe those tech numbers can help for what I might need to do next.

Hi!

Will you do a Quick Scan and post a log, please?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed 02 May 2012, 10:12 pm

I did the "run scan", not the "quick scan".... the results are displayed on the infected computer....I don't know how to get the scan log to you. i'm working on a laptop, and infected computer has no internet. I can't even print the log...

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Wed 02 May 2012, 10:29 pm

Do you have a flash drive or a means of burning CD/DVDs?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed 02 May 2012, 10:39 pm

no flash drive. i can burn a DVD, but only from the laptop I'm working from. I have the OTL log file showing on infected computer right now. I will gladly post that file, I just don't know how to get it from infected computer to you.

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Thu 03 May 2012, 1:34 am

Hi again, I'm going to figure out a way to get this file burned to a DVD or I will go buy a flash drive to get the log file to you and post it. By the way, I'm a computer idiot, but I am determined to fix this myself. The free service you guys provide is invaluable. Thank you!

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Thu 03 May 2012, 7:33 pm

Okay..hope it works out and you can get the log to me..


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Fri 04 May 2012, 8:59 pm

ok....running REATOGO-X-PE on infected computer now. I see an internet explorer icon on the desktop. I click on it but can't access the internet. infected computer is correctly plugged in to a connection. Question: Is there any settings I can change to connect to internet and then post my scan results? Thanks again!

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Sat 05 May 2012, 1:46 am

Did you use the NET version?

Are you attempting to connect wirelessly?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Sat 05 May 2012, 9:17 pm

not sure what version it is...i downloaded off this site somewhere....Bunch of icons on the desktop, including Internet explorer. Internet connection is a hardline straight to tower....I shall search for the NET version while waiting for your reply. Thanks!

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Sun 06 May 2012, 7:05 am

It'll have to be what I referred to in Post 6, if the log can be gotten...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Sun 06 May 2012, 6:44 pm

just bought my first flashdrive....never used one before...wow, so easy a caveman can do it....and...wala!....here's the file you need..Thanks!






OTL logfile created on: 5/6/2012 11:50:46 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 319.00 Mb Available Physical Memory | 63.00% Memory free
462.00 Mb Paging File | 348.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 8.89 Gb Free Space | 26.01% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (servicelayer)
SRV - File not found [Auto] -- -- (se2Dnd5)
SRV - File not found [Auto] -- -- (sandradatasrv)
SRV - File not found [Auto] -- -- (RoxLiveShare9)
SRV - File not found [Auto] -- -- (mcdbus)
SRV - File not found [Auto] -- -- (maya70docserver)
SRV - File not found [Auto] -- -- (lmouflt2)
SRV - File not found [Auto] -- -- (lmimaint)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/26 06:54:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/16 07:13:28 | 000,039,528 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | System] -- -- (ssrtln)
DRV - File not found [File_System | System] -- -- (sscdbhk5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (ialm)
DRV - File not found [File_System | Auto] -- -- (drvnddm)
DRV - File not found [Kernel | Boot] -- -- (drvmcdb)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/04/30 12:19:50 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/10/08 18:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/08 18:29:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 19:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/01 06:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/16 19:03:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/19 14:32:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/19 14:32:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/30 12:19:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [You must be registered and logged in to see this link.] (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} [You must be registered and logged in to see this link.] (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: Macilai - {924F4DA2-3D4D-4BDF-A0A9-1CD87D410811} - C:\WINDOWS\system32\botekcat.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 15:03:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2012/05/02 05:12:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2012/04/30 11:45:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/30 11:45:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/30 11:45:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/30 11:45:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/30 11:44:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/30 07:39:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sam\Recent
[2012/04/29 05:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\vlc
[2012/04/29 05:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/23 21:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\TEXT MSG
[2012/04/23 06:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2012/04/10 21:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
[2012/04/10 16:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Help
[2012/04/10 16:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Help
[2012/04/10 16:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\DefaultTab
[2012/04/10 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\New Folder
[2012/04/10 13:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reincubate
[2012/04/10 13:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reincubate
[2012/04/10 12:55:17 | 000,057,344 | ---- | C] (CodeGuru) -- C:\WINDOWS\System32\CGZipLibrary.dll
[2012/04/10 12:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicBerry for Blackberry
[2012/04/10 11:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Research In Motion
[2012/04/10 10:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\BB Video
[2012/04/10 09:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\BlackBerry
[2010/10/02 09:19:53 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Sam\MSSSerif120.fon
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 12:20:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 12:19:50 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 12:19:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 11:59:11 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 11:59:11 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
[2012/04/30 11:59:03 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 11:26:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 10:57:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 09:03:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 02:17:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 02:16:11 | 000,487,904 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/30 02:10:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
[2012/04/29 06:41:40 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/04/29 04:34:38 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\MediaConverter 7.5.lnk
[2012/04/24 16:45:08 | 018,932,816 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Third 8 - shawn.zip
[2012/04/24 16:43:30 | 017,486,343 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Second 8- shawn.zip
[2012/04/24 16:41:25 | 011,923,627 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\4 th set...5 pics.zip
[2012/04/24 16:12:25 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Frank_Crivelli.vcf
[2012/04/23 21:04:57 | 004,696,137 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\65893080.zip
[2012/04/23 09:21:47 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/04/23 06:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2012/04/23 06:26:15 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2012/04/22 06:25:31 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/04/22 06:25:28 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\27F6FB4FF0.sys
[2012/04/20 09:45:31 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Shortcut to BlackBerry Curve 8330 (April 20, 2012).lnk
[2012/04/20 05:40:52 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/17 06:35:07 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\instr for unempl..dot
[2012/04/16 10:47:26 | 000,978,049 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Zi8_UG_GLB_en.pdf
[2012/04/16 08:47:26 | 002,395,922 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\internalaffairs_AG guidelines.pdf
[2012/04/16 07:55:31 | 000,060,279 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\malicious prosecution legal definition of malicious prosecution_ malicious prosecution synonyms by the Free Online Law Dictionary.htm
[2012/04/16 03:02:24 | 000,067,286 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\New Jersey Court Cases - Court Case Law from NJ - New Jersey Court Opinions.htm
[2012/04/15 21:18:07 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/13 09:37:36 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/13 07:41:55 | 000,021,051 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Arrest, Search Warrants and Probable Cause andrew sandon.htm
[2012/04/13 06:33:19 | 000,079,203 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\exculpatory evidence.pdf
[2012/04/11 18:48:38 | 000,472,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 18:48:38 | 000,084,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 18:45:15 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/10 13:08:05 | 000,001,009 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Backup Extractor.lnk
[2012/04/10 13:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reincubate
[2012/04/10 12:18:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 12:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/10 11:29:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/10 11:29:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/10 11:04:08 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2012/04/10 11:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2012/04/10 08:12:30 | 000,072,186 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\chapter2_sub2.pdf
[2012/04/10 06:12:09 | 000,085,327 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\DV-Model-Policy-Final-12-11-09.pdf
[2012/04/07 09:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 12:19:50 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 11:45:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/30 11:45:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/30 11:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/30 11:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/30 11:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/30 03:58:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/29 04:04:11 | 039,694,728 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\20120322115827-20120322120700.mp4
[2012/04/29 04:02:32 | 115,501,084 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\20120322113500-20120322115826.mp4
[2012/04/26 06:54:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/24 16:45:08 | 018,932,816 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Third 8 - shawn.zip
[2012/04/24 16:43:30 | 017,486,343 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Second 8- shawn.zip
[2012/04/24 16:41:25 | 011,923,627 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\4 th set...5 pics.zip
[2012/04/24 16:11:53 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Frank_Crivelli.vcf
[2012/04/23 21:04:53 | 004,696,137 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\65893080.zip
[2012/04/20 09:45:31 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\Shortcut to BlackBerry Curve 8330 (April 20, 2012).lnk
[2012/04/17 06:35:06 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\instr for unempl..dot
[2012/04/16 10:47:25 | 000,978,049 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Zi8_UG_GLB_en.pdf
[2012/04/16 08:47:23 | 002,395,922 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\internalaffairs_AG guidelines.pdf
[2012/04/16 07:55:28 | 000,060,279 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\malicious prosecution legal definition of malicious prosecution_ malicious prosecution synonyms by the Free Online Law Dictionary.htm
[2012/04/16 03:02:24 | 000,067,286 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\New Jersey Court Cases - Court Case Law from NJ - New Jersey Court Opinions.htm
[2012/04/13 07:41:54 | 000,021,051 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Arrest, Search Warrants and Probable Cause andrew sandon.htm
[2012/04/13 06:33:19 | 000,079,203 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\exculpatory evidence.pdf
[2012/04/11 18:45:15 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/10 13:08:04 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Backup Extractor.lnk
[2012/04/10 11:29:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/10 11:29:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/10 08:12:30 | 000,072,186 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\chapter2_sub2.pdf
[2012/04/10 06:12:09 | 000,085,327 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\DV-Model-Policy-Final-12-11-09.pdf
[2012/02/16 06:21:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/15 09:49:16 | 000,487,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/23 22:41:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP120JPR.{PB
[2011/05/23 22:41:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP120JCM.{PB
[2011/05/07 06:19:37 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\n6h25172uf1fx7546axdkc78k703814ff8xse
[2011/05/07 06:19:37 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n6h25172uf1fx7546axdkc78k703814ff8xse
[2011/04/23 20:33:40 | 000,016,070 | -HS- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 20:33:40 | 000,016,070 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/03/05 22:39:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/11/03 18:04:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/04 16:14:59 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2010/10/02 11:07:16 | 000,074,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 09:58:09 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 23:07:18 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Sam\pool.bin
[2010/07/15 10:32:26 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/15 10:32:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\27F6FB4FF0.sys
[2010/07/12 20:39:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/11 08:55:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/11 08:38:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2010/07/11 08:36:37 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2010/07/11 08:36:37 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2010/07/11 08:16:42 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/07/11 08:16:42 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/07/11 07:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cfgigavi.exe
[2010/07/11 07:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\binebas.dll
[2010/07/10 23:11:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/15 02:43:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 02:36:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/15 02:31:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 02:26:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/15 02:07:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/15 02:07:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/15 02:07:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:59:28 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:30 | 006,627,328 | ---- | C] () -- C:\WINDOWS\System32\mp3ucvox.exe
[2004/08/10 14:51:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\zapitie.dll
[2004/08/10 14:51:30 | 001,318,912 | ---- | C] () -- C:\WINDOWS\System32\jobopcer.dll
[2004/08/10 14:51:30 | 000,901,120 | ---- | C] () -- C:\WINDOWS\System32\botekcat.dll
[2004/08/10 14:51:30 | 000,433,448 | ---- | C] () -- C:\WINDOWS\System32\dotipdrv32.dll
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,472,970 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,084,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2012/04/10 21:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
[2011/09/26 17:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\D7fEL8gTZjCkVNx
[2012/04/10 16:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\DefaultTab
[2012/04/12 05:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ecyxzi
[2010/07/11 09:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\FUJIFILM
[2012/03/28 06:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Icoxxi
[2011/10/15 04:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Inynab
[2010/10/02 09:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Leadertech
[2011/10/15 04:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Muapc
[2010/07/11 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\OpenOffice.org
[2012/03/05 17:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ovfutav
[2011/09/26 17:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\P0ycS1ivDoGaHsK
[2011/10/17 08:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\QuickScan
[2010/08/24 16:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Research In Motion
[2010/09/23 16:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\uTorrent
[2012/03/05 20:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Zyum
[2010/11/03 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/03 22:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/24 08:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/11 08:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2005/12/15 02:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/20 20:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========


< End of report >

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Sun 06 May 2012, 9:06 pm

DRV - [2012/04/30 12:19:50 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)

O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)

[2012/04/30 12:19:50 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 11:45:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/30 11:45:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/30 11:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/30 11:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/30 11:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

Why was ComboFix used in the first place? That's what was used, which made the computer unbootable.

Where was ComboFix downloaded? I must know this information so we can proceed to the best possible fix. If I know where it was downloaded, then I will know how to reverse the changes.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Sun 06 May 2012, 9:50 pm

i downloaded comco fix from your site, like two years ago....to fix a problem back then.......I never deleted it..kept it on my infected computer....and used it again, to try a self fix for my current problem.....

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Mon 07 May 2012, 4:31 pm

I left combofix as an icon on my desktop for like 2 years...i know, i should have deleted it......I clicked on the icon to open it up....it then said there was an update available, would i like to update?...I answered yes, and i have no idea what site I actually went to..........

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Mon 07 May 2012, 4:43 pm

sorry, forgot to answer your other question........I "thought" it would be a good idea to try combofix because everytime I kept running maleware, it would show 6 or so rootkit virus....and they weren't getting removed upon rebooting......sooo, it was me, thinking I "knew" how to fix this with combofix because it was used 2 years ago for something else....yea...all this from the guy that just bought his first flash drive....

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Mon 07 May 2012, 7:28 pm

Please save the following instructions into Notepad and print it out as this webpage would not be available when you're carrying out the process.

1.Please reboot into Recovery Console as you did before.

2.You must enter which Windows installation to log onto. Type 1 and press Enter.

3.At the C:\Windows prompt, type the following bolded command, and press Enter:

set allowallpaths = true

4.At the next prompt type without the quotes "cd erdnt\subs" and hit Enter.

5.At the next prompt, please type in the following without the quotes: "batch erdnt.con" and hit Enter.

The erunt backups should begin copying backup files. At the next prompt after it is complete, Type exit.

kindly reboot your pc and tell me if Windows is loading now


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Mon 07 May 2012, 8:32 pm

i'm sorry, is recovery console the reatogo program? Or am I booting without that and just going into the f1 or f2 key?

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Wed 09 May 2012, 3:58 am

The Recovery Console should be a secondary boot option created by ComboFix in the past...is it not there?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed 09 May 2012, 4:46 pm

no, i don't see it. the only way i can boot up the bad computer is thru the reatogo disk

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Wed 09 May 2012, 7:36 pm

Do you have XP or XP-Recovery Disc?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by sammy138 on Wed 09 May 2012, 8:00 pm

no, only reatogo

sammy138

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2010-07-11
Operating System : windows xp

View user profile

Back to top Go down

Re: Can't boot in any mode

Post by DragonMaster Jay on Wed 09 May 2012, 9:52 pm

Please create your own Recovery Disc using this tutorial:

Download RC.ISO and save it somewhere you can find it.

Download MagicISO and install it.

Start MagicISO. When it asks you to register, just close that window...the program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed drop-down menu, choose the top 8X setting. Format should have "Mode 1" selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart.

Once in the Recovery Console, do what's in this post please: [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Can't boot in any mode

Post by Sponsored content Today at 4:36 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum