Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of viruses and sending SPAM too

Started by LesFo , Jan 28 2011 10:39 PM

  • This topic is locked This topic is locked

#61
mitch8
Posted 18 March 2011 - 04:33 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
OK,

Please boot back into OTLPE and run OTL. Run a quick scan and post the log here.
  • 0

Advertisements

#62
LesFo
Posted 18 March 2011 - 11:08 PM

LesFo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here it is. thanks

OTL logfile created on: 3/18/2011 10:42:49 PM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 80.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 12.40 Gb Free Space | 33.48% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet008

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto] -- -- (PEVSystemStart)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [Auto] -- -- (cmdAgent)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2003/11/13 17:29:40 | 000,455,680 | ---- | M] () [Auto] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (SASENUM)
DRV - File not found [Kernel | On_Demand] -- -- (Rasirda) WAN Miniport (IrDA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (Inspect)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (cmdHlp)
DRV - File not found [File_System | System] -- -- (cmdGuard)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (CBTNDIS5)
DRV - File not found [File_System | Auto] -- -- (aswMon2)
DRV - File not found [File_System | Auto] -- -- (aswFsBlk)
DRV - File not found [Kernel | On_Demand] -- -- (AR5211)
DRV - File not found [Kernel | System] -- -- (a2util)
DRV - File not found [File_System | System] -- -- (a2injectiondriver)
DRV - File not found [File_System | On_Demand] -- -- (a2acc)
DRV - [2011/02/23 20:43:23 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\utexntqz.sys -- (utexntqz)
DRV - [2011/02/08 22:30:33 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/01/13 04:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 04:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 04:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 04:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/22 16:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\06660172.sys -- (06660172)
DRV - [2009/10/10 02:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\0666017.sys -- (setup_9.0.0.722_13.02.2011_00-10drv)
DRV - [2009/09/25 20:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\WINDOWS\system32\drivers\06660171.sys -- (06660171)
DRV - [2008/08/12 17:06:17 | 000,022,328 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/05/08 23:00:45 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/02/12 09:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/10 20:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/01/10 20:13:00 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/01/10 20:12:12 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/17 17:52:58 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/12/14 18:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/14 18:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/14 18:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 12:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/22 06:41:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/09/25 03:36:44 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2004/04/14 10:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/10/01 14:54:46 | 000,184,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8180.sys -- (LSWPCv4)
DRV - [2003/06/06 14:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg2.mail.y...d=35lp8p4bps3ti
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Leslie_Schooling_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 03:23:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 03:23:54 | 000,000,000 | ---D | M]

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Leslie_Schooling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Leslie_Schooling_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://download.game...itched/main.cab (BewitchedGameClass Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 00:46:04 | 000,000,671 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2011/03/17 23:58:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\##192.168.2.1#My Book\Shell - "" = AutoRun
O33 - MountPoints2\##192.168.2.1#My Book\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##192.168.2.1#My Book\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{557fc16f-9844-11dc-95af-001c10202a60}\Shell\AutoRun\command - "" = E:\Programs\Pstart\PStart.exe
O33 - MountPoints2\{aed293f2-ead5-11db-9551-00163612f211}\Shell - "" = AutoRun
O33 - MountPoints2\{aed293f2-ead5-11db-9551-00163612f211}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aed293f2-ead5-11db-9551-00163612f211}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{e7fc6c0e-48cd-11de-9645-00163612f211}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/18 00:09:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/18 00:02:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/03/18 00:02:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/03/18 00:02:39 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/03/18 00:00:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/03/17 16:12:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/03/17 16:12:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/03/16 20:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leslie Schooling\Application Data\Microsoft
[2011/03/16 20:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leslie Schooling\Application Data
[2011/03/15 19:21:41 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/02/26 21:13:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/17 22:12:23 | 000,000,000 | ---D | C] -- C:\_OTL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/18 01:14:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/03/18 00:48:05 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/18 00:32:52 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/18 00:19:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/18 00:17:01 | 000,293,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/18 00:17:01 | 000,034,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/18 00:09:24 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/03/18 00:09:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/18 00:08:42 | 000,450,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/18 00:08:40 | 1332,203,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/18 00:07:01 | 000,000,314 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/17 23:58:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/17 23:58:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/17 23:58:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/17 23:58:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/17 23:58:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/17 23:58:10 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/17 23:55:07 | 000,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/17 23:52:28 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2011/02/26 17:39:28 | 000,414,230 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/02/24 22:37:13 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/02/23 20:43:23 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utexntqz.sys
[2011/02/23 01:05:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/18 00:08:40 | 1332,203,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/18 00:02:14 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2011/03/18 00:00:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/03/17 23:58:35 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/03/17 23:58:35 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/03/17 23:32:09 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/03/17 23:32:05 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/03/17 23:31:54 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/03/17 23:31:50 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/03/17 23:31:43 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/03/17 23:31:42 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/03/17 23:31:42 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/03/17 23:31:41 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/03/17 23:31:19 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/03/17 23:31:19 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/03/17 23:31:19 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/03/17 23:31:19 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/03/17 23:31:18 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/03/17 23:31:18 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/03/17 23:31:18 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/03/17 23:31:18 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/03/17 23:31:18 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/03/17 23:31:18 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/03/17 23:31:18 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/03/17 23:31:17 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/03/17 23:31:17 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/03/17 23:31:17 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/03/17 23:31:17 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/03/17 23:30:59 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/03/17 23:30:58 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/03/17 23:30:57 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/03/17 23:30:48 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/03/17 23:30:47 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/03/17 23:30:10 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/03/17 23:28:02 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/03/17 23:28:02 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/03/17 23:28:02 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2011/03/17 23:28:02 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/03/17 23:28:02 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/03/17 23:28:02 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/03/17 23:28:02 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/03/17 23:28:02 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/03/17 23:28:02 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/03/17 23:28:02 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/03/17 23:28:02 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/03/17 23:28:02 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/03/17 23:28:02 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/03/17 23:28:02 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/03/17 23:28:01 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/03/17 23:28:00 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/03/17 23:28:00 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/03/16 20:36:33 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 20:43:11 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utexntqz.sys
[2011/02/11 22:18:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/11 22:18:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/11 22:18:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/11 22:18:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/11 22:18:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/28 18:54:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Administrator\secedit.INTEG.RAW
[2010/11/14 11:15:00 | 000,104,253 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/04/30 23:07:01 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/02/27 14:08:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/23 00:41:23 | 000,089,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/26 01:06:41 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008/08/08 15:43:28 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Leslie Schooling\pbuser.htm
[2008/08/08 15:43:24 | 000,009,407 | ---- | C] () -- C:\Documents and Settings\Leslie Schooling\pbgame.htm
[2008/08/08 15:18:19 | 000,674,600 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2007/12/23 05:40:07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007/12/23 05:40:01 | 000,852,042 | ---- | C] () -- C:\WINDOWS\System32\Lemmings Revolution.exe
[2007/12/03 20:13:57 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/12/03 20:13:53 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/12/03 20:13:45 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/11/22 22:37:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2007/10/21 00:09:11 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/09/25 04:54:16 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/08/25 19:53:32 | 000,000,932 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/06/09 12:44:07 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Leslie Schooling\presets.ini
[2007/03/24 20:09:19 | 000,086,477 | ---- | C] () -- C:\WINDOWS\hpiins01.dat.temp
[2007/03/24 20:09:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat.temp
[2006/12/16 02:29:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\LANG.INI
[2006/11/23 15:14:33 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/07/21 22:59:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/04/15 23:29:48 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/04/15 23:29:48 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/04/15 22:58:34 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/18 15:26:36 | 000,000,098 | ---- | C] () -- C:\WINDOWS\NAVPRESS.INI
[2006/01/16 03:22:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/01/16 02:49:29 | 000,086,473 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/16 02:49:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/16 01:57:55 | 000,104,100 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/01/16 01:57:55 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/01/10 15:28:44 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Leslie Schooling\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/10 15:25:01 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Leslie Schooling\secedit.INTEG.RAW
[2006/01/10 15:24:58 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\Leslie Schooling\NTUSER.bak
[2006/01/10 15:23:40 | 000,002,510 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\secedit.INTEG.RAW
[2005/04/10 12:36:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/10 12:36:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/10 12:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/10 12:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/10 12:36:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/10 12:36:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/10 12:22:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/10 11:53:56 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.bak
[2005/04/10 11:53:54 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.bak
[2005/02/12 04:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 09:02:54 | 000,450,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 08:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 08:54:58 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,293,046 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 14:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========


========== Purity Check ==========


< End of report >
  • 0

#63
mitch8
Posted 19 March 2011 - 02:50 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Boot into OTLPE.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - [2011/02/23 20:43:23 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\utexntqz.sys -- (utexntqz)

:Services

:Reg

:Files
C:\WINDOWS\SYSTEM32\DLLCACHE\userinit.exe|C:\WINDOWS\system32\userinit.exe /replace

:Commands
[emptytemp]
[EMPTYFLASH]
  • Then click the Run Fix button at the top

Try to reboot your commuter.
  • 0

#64
LesFo
Posted 19 March 2011 - 06:23 PM

LesFo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
still getting same results. vanguard..exe error and welcome screen login log off problem. here is the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\utexntqz deleted successfully.
C:\WINDOWS\system32\drivers\utexntqz.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\userinit.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 29583005 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34046 bytes

Total Files Cleaned = 28.00 mb


[EMPTYFLASH]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

Total Flash Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.45.0 log created on 03192011_181740
  • 0

#65
mitch8
Posted 20 March 2011 - 10:20 AM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi LesFo,

Oops, I gave you the command wrong. You can try moving C:\WINDOWS\SYSTEM32\DLLCACHE\userinit.exe to C:\WINDOWS\system32\userinit.exe and to see if your computer will boot.

But, since your computer is not working after a repair install and your drive was corrupted, my advice is to backup everything, format your hard drive, and reinstall windows. Your computer may be too messed up to fix. It would probably be the easiest thing as of now.

-Mitch8
  • 0

#66
LesFo
Posted 20 March 2011 - 08:05 PM

LesFo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Mitch. I moved that userinit file and it worked. Windows loaded into Leslie to the desktop. There is nothing on the desktop except for the recycle bin though. so some stuff is missing but it is great to be working again. should we go back and try running some of the programs you wanted us to? and is there anyway that i can get the files i had saved to the desktop back?
  • 0

#67
mitch8
Posted 21 March 2011 - 04:44 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

That's good news! :D

I would recommend using recuva. Your corrupted hard drive may be the reason for your missing files. When you run recuva sure you follow all of the instructions here because your hard drive was corrupted.
  • 0

#68
mitch8
Posted 25 March 2011 - 09:56 AM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP