Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer won't startup - #2


  • This topic is locked This topic is locked

#1
ckb0118

ckb0118

    Member

  • Member
  • PipPip
  • 75 posts
here is my scan for the computer that won't startup. Thanks!

OTL logfile created on: 1/10/2011 10:30:01 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.00 Mb Total Physical Memory | 239.00 Mb Available Physical Memory | 50.00% Memory free
382.00 Mb Paging File | 288.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.68 Gb Total Space | 30.06 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
Drive D: | 7.81 Mb Total Space | 5.33 Mb Free Space | 68.25% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/08 11:11:18 | 003,020,888 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/07/07 15:50:42 | 000,176,408 | ---- | M] (iWin Inc.) [Auto] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/05/14 11:59:44 | 000,455,944 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/09/11 11:59:00 | 000,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/09/11 11:58:59 | 000,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2003/09/11 09:22:44 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
SRV - [2002/10/17 07:30:02 | 000,607,232 | ---- | M] (Macrovision Corporation) [Auto] -- C:\Program Files\Autodesk Network License Manager\lmgrd.exe -- (viz 2005)
SRV - [2002/10/17 07:30:02 | 000,607,232 | ---- | M] (Macrovision Corporation) [Auto] -- C:\Program Files\Autodesk Network License Manager\lmgrd.exe -- (FLEXlm Service 1)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - File not found [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - File not found [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - File not found [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto] -- C:\WINDOWS\System32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/21 14:00:40 | 000,177,152 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\XRNBO.sys -- (XRNBO)
DRV - [2010/02/07 20:30:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/18 18:26:19 | 000,107,272 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/04 12:46:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/04 12:46:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/31 13:14:10 | 000,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/01/31 13:14:09 | 000,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2007/02/06 14:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/12/21 06:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/01/24 20:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 20:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/08/24 15:23:14 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/09 14:39:56 | 000,099,712 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/07 15:09:24 | 000,048,224 | ---- | M] (Panasonic Communications CO.,LTD.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccusbd.sys -- (PanasonicKX-TG5576USBD)
DRV - [2004/10/01 14:51:46 | 000,017,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/10/01 14:48:30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/10/01 14:47:06 | 000,147,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/10/01 14:44:32 | 000,044,003 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2004/10/01 14:44:22 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/10/01 14:44:00 | 000,017,516 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2004/10/01 14:43:44 | 000,054,488 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/08/04 03:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/28 14:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 14:03:02 | 000,292,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/05/26 19:10:36 | 000,182,720 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/22 11:27:34 | 001,657,344 | R--- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2004/03/10 13:40:28 | 000,199,552 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/03/10 13:37:26 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/03/10 13:35:48 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/12/31 06:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2003/02/27 18:50:02 | 000,102,272 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\axvodka.sys -- (axvodka)
DRV - [2003/02/25 20:43:34 | 000,008,672 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\axvdkbus.sys -- (axvdkbus)
DRV - [2003/01/20 11:47:22 | 000,054,488 | ---- | M] (Sharp Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\SE0CLPT.SYS -- (SE0CLPT)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 02:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Cindy__Blunt_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Cindy__Blunt_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Cindy__Blunt_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Cindy__Blunt_ON_C\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
IE - HKU\Cindy__Blunt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Cindy__Blunt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local




FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/02/03 12:21:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/17 17:30:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/07/15 21:55:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 13:38:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/05 16:50:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/05 16:50:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\PROGRA~1\Mozilla Thunderbird\components [2010/05/19 08:38:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\PROGRA~1\Mozilla Thunderbird\plugins [2010/09/09 16:02:23 | 000,000,000 | ---D | M]

[2010/10/22 14:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/06 07:59:08 | 000,192,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\mhxpcom.dll
[2007/09/05 10:11:14 | 000,081,920 | ---- | M] (MeadCo Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npmeadax.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/02/09 09:40:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O3 - HKU\Cindy__Blunt_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Cindy__Blunt_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Cindy__Blunt_ON_C\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Cindy__Blunt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Cindy__Blunt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Cindy__Blunt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll ()
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Lounge.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2003/02/27 18:50:02 | 000,102,272 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axvodka.sys
[2003/02/25 20:43:34 | 000,008,672 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axvdkbus.sys
[2 C:\Documents and Settings\Cindy Blunt\Desktop\*.tmp files -> C:\Documents and Settings\Cindy Blunt\Desktop\*.tmp -> ]
[12 C:\Documents and Settings\Cindy Blunt\My Documents\*.tmp files -> C:\Documents and Settings\Cindy Blunt\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2 C:\Documents and Settings\Cindy Blunt\Desktop\*.tmp files -> C:\Documents and Settings\Cindy Blunt\Desktop\*.tmp -> ]
[12 C:\Documents and Settings\Cindy Blunt\My Documents\*.tmp files -> C:\Documents and Settings\Cindy Blunt\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 14:00:40 | 000,177,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\XRNBO.sys
[2010/05/24 16:56:23 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\.jalbum-defaults.jap
[2010/01/31 11:01:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\WRKVersion.ini
[2009/12/23 11:56:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2009/12/15 21:07:59 | 000,000,610 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/11/05 13:08:16 | 000,163,936 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2008/11/05 13:07:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2008/09/26 10:05:53 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/26 10:05:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/26 10:05:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/16 14:22:30 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\rnd_husk.dll
[2008/08/16 14:22:30 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\part.dll
[2008/08/16 14:22:29 | 001,710,592 | ---- | C] () -- C:\WINDOWS\System32\intersct.dll
[2008/08/16 14:22:29 | 000,725,504 | ---- | C] () -- C:\WINDOWS\System32\constrct.dll
[2008/08/16 14:22:29 | 000,414,720 | ---- | C] () -- C:\WINDOWS\System32\faceter.dll
[2008/08/16 14:22:29 | 000,357,376 | ---- | C] () -- C:\WINDOWS\System32\gihusk.dll
[2008/08/16 14:22:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\u25store.dll
[2008/08/16 14:22:20 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2008/08/16 14:22:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\fdi.dll
[2008/08/16 14:22:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\fci.dll
[2008/08/10 15:09:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\.exe
[2005/09/14 12:17:11 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/07/28 09:04:19 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\QTPlayerSession.xml
[2005/06/10 12:17:36 | 000,107,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2005/05/05 16:36:28 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\.jalbum-ftp-accounts.xml
[2005/03/10 01:33:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2005/03/02 01:38:45 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\LuResult.txt
[2005/02/21 21:45:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
[2005/02/12 09:15:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/01/30 19:58:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/31 19:29:40 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/28 02:36:06 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\.gtk-bookmarks
[2004/12/27 00:54:24 | 000,382,685 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\.fonts.cache-1
[2004/12/27 00:48:55 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\Local Settings\Application Data\fusioncache.dat
[2004/12/26 14:20:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2004/12/26 05:20:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/11/29 08:43:20 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2004/11/29 08:42:26 | 000,050,243 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2004/11/29 08:42:26 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2004/11/20 13:34:09 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/10/15 08:36:41 | 000,003,649 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2004/10/10 21:43:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2004/10/01 15:01:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/28 09:53:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 07:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 03:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/07/13 16:47:37 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\.jalbum-recent-projects.properties
[2004/07/13 16:37:09 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Cindy Blunt\.jalbum-sharing.xml
[2004/04/26 21:19:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/28 14:14:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\render.ini
[2004/01/13 13:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/09/26 16:24:46 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/05/04 02:34:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2003/05/04 02:34:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2003/05/04 02:34:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2003/05/04 02:34:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2003/05/04 02:34:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2003/05/04 02:34:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003/05/04 02:33:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/04 02:11:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/04 02:05:50 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/18 16:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 08:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2005/01/13 10:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\.gaim
[2005/09/13 18:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Aim
[2004/07/13 17:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Autodesk
[2004/12/27 22:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Common Files
[2005/02/04 11:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\eFax Messenger
[2004/02/19 11:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\iMesh
[2005/01/11 10:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\InterVideo
[2010/05/24 16:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\JAlbum
[2004/12/26 12:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Leadertech
[2005/06/04 20:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\LimeWire
[2004/05/04 06:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Microcad
[2010/06/16 18:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\PhotoScape
[2008/11/05 13:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Sharp
[2010/06/27 22:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2008/09/22 09:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Stick
[2008/09/22 09:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Stick Tabs
[2005/04/06 10:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Template
[2005/03/27 14:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cindy Blunt\Application Data\Thunderbird

========== Purity Check ==========


< End of report >
  • 0

Advertisements


#2
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi ckb0118,

I don't see anything that bad. I see iWinGames and Celebrity Toolbar which are both reported as unwanted, do you want these?

What happens when you try to turn your computer on?
  • 0

#3
ckb0118

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Neither of those are the problem and I have had them for a while. Right before my computer didn't start, one of those fake looking anti-virus things popped up and looked like it was scanning my computer. (I alt+ctrl+del, and tried to end and restart, but by that point everything froze up).

Since that point, when I start the computer, it gets to the screen where you can choose to start normally or go to the safe-mode, etc. After that the screen just sits there blank (black) and no processor movement, no matter what I select.

I have recovery console installed, but don't have any idea how to use it.

Edited by ckb0118, 10 January 2011 - 01:38 PM.

  • 0

#4
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Try to get into last known good configuration, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Last Known Good Configuration" and press your Enter key.
  • 0

#5
ckb0118

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
nope :D
  • 0

#6
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Boot into the OTLPE. Go to your hard drive and post C:\ComboFix.txt here. Maybe this will show more clues.

edit: I see a leftover of ComboFix but it says file is not found. Did you remove ComboFix? Is the log still there?
  • 0

#7
ckb0118

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
ComboFix 10-02-08.09 - Cindy Blunt 02/09/2010 9:25.19.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.152 [GMT -5:00]
Running from: c:\documents and settings\Cindy Blunt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cindy Blunt\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: C:\9d31xd.exe
file zipped: C:\tam8sx.exe
file zipped: c:\windows\Fnupiko.bin
file zipped: c:\windows\Xciki.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\9d31xd.exe
c:\documents and settings\All Users\Application Data\sysReserve.ini
C:\tam8sx.exe
c:\windows\Fnupiko.bin
c:\windows\Xciki.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kchdshmye
-------\Service_trsbkqbrn
-------\Service_ynetrsjil


((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-05 22:02 . 2010-02-05 22:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-02 00:11 . 2010-02-02 00:12 -------- d-----w- c:\program files\Celebrity Toolbar
2010-01-31 16:03 . 2010-01-31 16:03 916822 ----a-w- c:\windows\system32\WRKUpdates.zip
2010-01-31 15:57 . 2010-01-31 17:12 -------- d-----w- c:\program files\WindowsRepairKit
2010-01-26 21:13 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 21:13 . 2010-01-26 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 21:13 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 14:48 . 2010-01-26 14:48 -------- d-----w- C:\_OTL
2010-01-25 13:54 . 2010-01-25 13:54 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-01-16 19:12 . 2010-02-07 20:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-16 19:12 . 2010-01-25 14:44 -------- d-----w- c:\program files\SpywareBlaster
2010-01-16 17:10 . 2010-01-16 17:10 -------- d-----w- c:\documents and settings\Cindy Blunt\Application Data\AVG8
2010-01-16 16:46 . 2010-01-19 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-01-16 16:36 . 2010-02-08 01:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-16 16:36 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-16 16:36 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-16 16:36 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-16 16:36 . 2010-01-16 16:36 -------- d-----w- c:\program files\Avira
2010-01-16 16:36 . 2010-01-16 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 16:47 . 2004-12-26 19:07 110128 -c--a-w- c:\documents and settings\Cindy Blunt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 22:47 . 2005-06-10 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-25 22:46 . 2004-12-26 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-22 17:16 . 2004-12-26 19:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-19 20:46 . 2008-12-16 19:09 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-19 20:46 . 2008-12-16 19:09 -------- d-----w- c:\program files\AVS4YOU
2010-01-19 20:39 . 2003-05-04 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 20:35 . 2008-08-16 19:18 -------- d-----w- c:\program files\AdGen
2010-01-19 20:35 . 2005-01-20 05:33 -------- d-----w- c:\program files\Autodesk Architectural Desktop 3
2010-01-18 23:26 . 2005-06-10 17:17 107272 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-16 19:45 . 2008-09-22 16:33 -------- d-----w- c:\program files\MeadCo Neptune
2010-01-16 16:44 . 2008-08-09 18:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-23 16:57 . 2005-02-08 14:35 -------- d-----w- c:\program files\CONEXANT
2009-12-12 02:03 . 2009-12-12 02:03 80792 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-12 01:18 . 2004-12-26 09:45 -------- d-----w- c:\documents and settings\Cindy Blunt\Application Data\Apple Computer
2009-12-11 21:25 . 2009-12-11 21:23 -------- d-----w- c:\program files\iTunes
2009-12-11 21:25 . 2009-12-11 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-11 21:23 . 2009-12-11 21:23 -------- d-----w- c:\program files\iPod
2009-12-11 21:23 . 2005-02-03 01:32 -------- d-----w- c:\program files\Common Files\Apple
2009-12-11 21:19 . 2005-02-03 01:41 -------- d-----w- c:\program files\Bonjour
2009-12-11 21:18 . 2009-12-11 21:16 -------- d-----w- c:\program files\QuickTime
2009-12-11 21:04 . 2009-12-11 21:04 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-01 19:45 . 2004-08-07 13:10 84046 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
1998-08-03 15:36 . 2005-01-11 23:08 112640 -c--a-w- c:\program files\internet explorer\plugins\PATCHW32.DLL
2009-12-06 12:59 . 2010-02-02 00:11 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
1997-06-23 17:06 . 1997-06-23 17:06 287504 -csha-w- c:\windows\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2009-12-06 12:59 217088 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 18:14 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
backup=c:\windows\pss\eFax 4.2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
2003-09-11 14:22 1720320 -c--a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-01-31 18:12 1601304 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 17:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-04-30 15:32 208958 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-07-30 13:33 286720 -c--a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GigaRangeApp]
2005-03-08 01:29 3432448 -c--a-w- c:\program files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-23 03:18 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 -csha-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-05-27 00:15 536576 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-05-27 00:15 98304 -c--a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2005-07-04 21:47 184320 -c--a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"upnphost"=3 (0x3)
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh6\\iMesh6.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\JAlbum7.1\\JAlbumWin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3957:TCP"= 3957:TCP:zyjmfhh

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/10/2005 12:17 PM 325128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/16/2010 11:36 AM 108289]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/10/2005 12:16 PM 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/10/2005 12:16 PM 231704]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\program files\Autodesk Network License Manager\lmgrd.exe [10/17/2002 7:30 AM 607232]
R3 axvdkbus;axvdkbus;c:\windows\system32\drivers\axvdkbus.sys [2/25/2003 8:43 PM 8672]
R3 axvodka;axvodka;c:\windows\system32\drivers\axvodka.sys [2/27/2003 6:50 PM 102272]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/10/2005 12:17 PM 107272]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c91fdfb3b259c2;Google Update Service (gupdate1c91fdfb3b259c2);c:\program files\Google\Update\GoogleUpdate.exe [9/26/2008 8:56 AM 133104]
S2 SE0CLPT;SE0CLPT;c:\windows\system32\SE0CLPT.SYS [11/5/2008 1:08 PM 54488]
S2 viz 2005;viz 2005;c:\program files\Autodesk Network License Manager\lmgrd.exe [10/17/2002 7:30 AM 607232]
S3 PanasonicKX-TG5576USBD;Panasonic KX-TG55 USB;c:\windows\system32\drivers\pccusbd.sys [12/25/2003 1:50 PM 48224]
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 13:56]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-26 13:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: aol.com\free
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll
FF - ProfilePath - c:\documents and settings\Cindy Blunt\Application Data\Mozilla\Firefox\Profiles\ukods5n5.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\mhxpcom.dll
FF - plugin: c:\documents and settings\Cindy Blunt\Application Data\Mozilla\Firefox\Profiles\ukods5n5.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmeadax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 09:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85BC41F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75f4fc3
\Driver\ACPI -> ACPI.sys @ 0xf7547cb8
\Driver\atapi -> 0x85bc41f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876
ParseProcedure -> ntoskrnl.exe @ 0x8057016c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876
ParseProcedure -> ntoskrnl.exe @ 0x8057016c
NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf73eeba0
PacketIndicateHandler -> NDIS.sys @ 0xf73fbb21
SendHandler -> NDIS.sys @ 0xf73d987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
malicious code @ sector 0x6fc79ab size 0x1fd !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\shdoclc.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Autodesk Network License Manager\adskflex.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-09 09:50:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 14:50
ComboFix2.txt 2010-02-07 23:06

Pre-Run: 40,442,777,600 bytes free
Post-Run: 40,414,482,432 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 24D355B95CEAC37B075DF241984554FE
  • 0

#8
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
That is from a year ago, it is no good. What exactly happens when you try to turn on your computer? Does it show a blue screen or does it just stay black?

Do you have your XP install disc?
  • 0

#9
ckb0118

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
black. I don't, I lost my restore/recovery cd, which usually works. I can borrow one, but it's gonna be a while before I can get me hands on it.
  • 0

#10
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
OK, I am going download OTLPE and see what other tools are on there. Maybe there is something else that can help you. I will post back later.
  • 0

Advertisements


#11
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Logon to the Recovery Console.

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.

Posted Image

Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entry, and press 'Enter':

fixmbr

Try to reboot your machine.

If you can, run ComboFix.
  • 0

#12
ckb0118

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Once the Recovery Console has been chosen , it comes to a screen where it is black, and says Starting Windows Recovery Console. Once the bar loads, nothing happens and the screen stays there.
  • 0

#13
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

There something wrong with your Symantec install. It might be causing problems with startup. I see you have three anti-virus programs on your PC. What one do you use?

Start your computer with the burned CD and open up OTLPE.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - File not found [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - File not found [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/01/24 20:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/01/24 20:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top

Wait until OTLPE is finished and try to restart your computer. Does it work now?
  • 0

#14
ckb0118

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
No :D , didn't work.
I had been using AVG but think I ran into a problem with that too. I think the Symantec had been a problem for a while, I havn't used it for years.

Edited by ckb0118, 11 January 2011 - 04:31 PM.

  • 0

#15
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Start your computer with the burned CD. When the system has rebooted your system should now display a REATOGO-X-PE desktop.
Double-click on the MBRFix icon, a command window will open
Posted Image

In the command window type in the following lines and press enter after each:

MbrFix /drive 0 savembr C:\Backup_MBR_0.bin
MbrFix /drive 0 fixmbr /yes

Try and reboot normally into your computer.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP