Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP wont boot. Hit by nasty smitfraud trojan. Logs included. Pls Help&#

Started by elmayimbe , Jul 03 2011 02:19 PM

  • Please log in to reply

#16
elmayimbe
Posted 04 July 2011 - 04:22 PM

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Still boots into blackness

OTL logfile created on: 7/4/2011 5:14:02 PM - Run
OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.77 Gb Free Space | 62.01% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 7.39 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
Drive X: | 284.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet009

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2009/07/21 18:53:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/11 00:07:24 | 000,002,560 | ---- | M] () [Auto] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/11/23 11:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (VIAAGPP)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- -- (rt2870)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (PCASp50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (InCDRm)
DRV - File not found [Kernel | System] -- -- (InCDPass)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/09/02 20:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2009/11/01 13:59:22 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/06/30 14:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/10/18 20:48:32 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/09 02:14:59 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/01/18 05:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/09/05 16:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/03/28 10:59:38 | 000,166,912 | ---- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/12 15:27:00 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/19 08:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 20:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/19 06:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 06:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 06:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/05 19:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 20:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 20:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 20:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/16 21:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 216.155.165.50:80

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\hector_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]
IE - HKU\hector_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\hector_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.80

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/04 16:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 13:36:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 00:12:09 | 000,000,000 | ---D | M]

[2008/06/18 22:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/04 17:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwwqjqn2.default\extensions
[2011/06/04 00:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 22:48:49 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{79671095-325a-9e89-21f7-be72c6fad117}
[2011/01/12 10:38:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2011/06/28 13:36:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/12 10:37:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/04 16:00:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O3 - HKU\hector_ON_C\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\hector_ON_C..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\hector_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\hector_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\hector_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1160596943484 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1165946204859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/03 03:20:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 17:11:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/07/04 17:11:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2011/07/04 17:04:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/04 17:03:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/04 17:03:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/04 17:03:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/04 17:03:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/04 17:03:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/04 17:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/04 17:02:08 | 004,130,890 | R--- | C] (Swearware) -- C:\Documents and Settings\hector\Desktop\ComboFix.exe
[2011/07/04 16:56:16 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 16:56:16 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/04 16:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/04 16:56:15 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 16:56:15 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 16:56:15 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 16:56:14 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 16:56:14 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 16:56:14 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 16:56:01 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 16:56:00 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/04 16:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/04 16:10:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\hector\Recent
[2011/07/04 16:00:24 | 002,233,856 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/07/04 16:00:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/03 15:13:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\hector\Desktop\spybotsd162.exe
[2011/07/03 15:11:10 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hector\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 03:26:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/07/03 03:18:24 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/03 03:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/03 03:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/07/03 02:28:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/02 19:58:08 | 000,000,000 | ---D | C] -- C:\old_os
[2011/06/27 00:39:10 | 000,000,000 | ---D | C] -- C:\38436b589340202a70
[2011/06/24 22:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hector\Desktop\reswayinfopacket
[2011/06/14 17:20:09 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[1 C:\Documents and Settings\hector\*.tmp files -> C:\Documents and Settings\hector\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 19:02:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 19:02:00 | 2078,912,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 17:04:56 | 000,000,353 | RHS- | M] () -- C:\boot.ini
[2011/07/04 17:00:58 | 004,130,890 | R--- | M] (Swearware) -- C:\Documents and Settings\hector\Desktop\ComboFix.exe
[2011/07/04 16:56:16 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 16:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/04 16:56:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/04 16:46:51 | 000,000,865 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/07/04 16:46:35 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/04 16:42:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/04 16:42:32 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\hector\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/04 16:25:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 16:00:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/04 13:56:45 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/07/03 15:12:53 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\hector\Desktop\spybotsd162.exe
[2011/07/03 03:20:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/03 03:20:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/03 02:05:20 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Shortcut to Downloads.lnk
[2011/07/02 19:46:04 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hector\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/02 14:58:34 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\setup_av_free.exe
[2011/07/01 23:33:14 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2420454135-1221145186-2481032034-1005UA.job
[2011/07/01 23:32:42 | 000,000,094 | ---- | M] () -- C:\WINDOWS\System32\1825969678
[2011/07/01 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FXhome
[2011/07/01 14:19:29 | 000,568,289 | ---- | M] () -- C:\Documents and Settings\hector\My Documents\comicon2.jpg
[2011/06/30 21:33:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2420454135-1221145186-2481032034-1005Core.job
[2011/06/29 01:43:51 | 000,103,578 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Chaos in Yemen Creates Opening for Islamist Gangs.pdf
[2011/06/27 18:37:06 | 002,233,856 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 19:51:51 | 000,867,182 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Sway Boutique Nightclub.pdf
[2011/06/23 13:17:22 | 000,132,892 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Comiccon1.jpg
[2011/06/22 21:30:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/22 16:14:29 | 000,237,823 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Awlaki_ The Next Bin Laden_ Newsmakers_ GQ.pdf
[2011/06/22 13:35:30 | 000,055,410 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Sway-blackBG.jpg
[2011/06/16 21:51:31 | 000,136,899 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\CA_06.jpg
[2011/06/15 17:07:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 01:47:59 | 000,028,261 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\zinjibar.MMSW
[2011/06/09 00:53:56 | 000,211,919 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Magazine - The Atlantic.pdf
[1 C:\Documents and Settings\hector\*.tmp files -> C:\Documents and Settings\hector\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/04 17:04:56 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/07/04 17:04:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/04 17:03:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/04 17:03:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/04 17:03:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/04 17:03:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/04 17:03:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/04 16:56:16 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 16:53:55 | 058,064,040 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\setup_av_free.exe
[2011/07/04 16:16:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/07/03 03:20:08 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/07/03 03:20:08 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/07/01 20:49:24 | 000,000,094 | ---- | C] () -- C:\WINDOWS\System32\1825969678
[2011/07/01 14:19:29 | 000,568,289 | ---- | C] () -- C:\Documents and Settings\hector\My Documents\comicon2.jpg
[2011/06/29 01:43:51 | 000,103,578 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Chaos in Yemen Creates Opening for Islamist Gangs.pdf
[2011/06/24 19:51:51 | 000,867,182 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Sway Boutique Nightclub.pdf
[2011/06/23 13:17:22 | 000,132,892 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Comiccon1.jpg
[2011/06/22 16:14:29 | 000,237,823 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Awlaki_ The Next Bin Laden_ Newsmakers_ GQ.pdf
[2011/06/22 13:35:30 | 000,055,410 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Sway-blackBG.jpg
[2011/06/16 21:51:31 | 000,136,899 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\CA_06.jpg
[2011/06/15 01:47:59 | 000,028,261 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\zinjibar.MMSW
[2011/06/09 00:53:56 | 000,211,919 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Magazine - The Atlantic.pdf
[2011/03/24 11:04:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/24 17:40:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2010/12/24 17:28:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/24 17:28:48 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2010/04/02 19:46:32 | 000,094,520 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/02 17:29:39 | 000,216,208 | ---- | C] () -- C:\WINDOWS\System32\bgsserv.exe
[2009/12/02 17:29:39 | 000,127,632 | ---- | C] () -- C:\WINDOWS\System32\bgsreses.dll
[2009/12/02 17:29:39 | 000,126,096 | ---- | C] () -- C:\WINDOWS\System32\bgsresfr.dll
[2009/12/02 17:29:39 | 000,119,952 | ---- | C] () -- C:\WINDOWS\System32\bgsresde.dll
[2009/12/02 17:29:39 | 000,118,416 | ---- | C] () -- C:\WINDOWS\System32\bgsresen.dll
[2009/12/02 17:29:39 | 000,062,096 | ---- | C] () -- C:\WINDOWS\System32\bgspmnt.dll
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/17 14:25:56 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/20 17:39:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/04/27 18:42:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2008/11/12 21:00:31 | 000,000,233 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/01 13:55:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/09/12 20:19:49 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/07/31 13:44:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2008/07/24 18:19:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/07/24 18:19:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/07/24 18:19:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/07/24 18:19:35 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/07/24 18:19:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 18:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/10 09:23:37 | 000,002,663 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM3.DLL
[2008/05/03 00:04:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/26 12:39:14 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/22 15:20:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\$_hpcst$.hpc
[2007/12/29 03:15:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/12/16 21:39:28 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/12 15:17:43 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/09/26 19:29:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/09/26 19:29:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/08/26 22:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2007/07/24 17:25:27 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/07/06 13:48:17 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/05/11 00:07:26 | 000,000,865 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/05/11 00:07:24 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2007/05/11 00:05:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/04/14 01:22:41 | 000,000,983 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/03/16 15:36:51 | 000,004,366 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2007/02/07 16:07:07 | 000,002,394 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/21 18:45:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\UNINSTCC.EXE
[2007/01/12 15:43:59 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/01/12 13:41:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\hector\default.pls
[2007/01/11 01:59:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/02 15:56:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\hector\Application Data\$_hpcst$.hpc
[2006/10/23 13:17:41 | 000,007,965 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/10/14 20:05:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/12 14:37:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/12 14:21:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/11 15:47:03 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\hector\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/10 06:03:00 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\hector\Local Settings\Application Data\fusioncache.dat
[2006/10/10 06:01:46 | 000,000,136 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
[2006/09/01 05:07:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 05:03:50 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/09/01 05:03:50 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 04:50:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 04:40:18 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/01 04:22:43 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/18 04:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 04:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 04:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 04:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 04:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 04:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 04:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 04:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 04:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,456,500 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,075,898 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 002,479,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4829695F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >
  • 0

Advertisements

#17
ali.B
Posted 04 July 2011 - 04:26 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

In the OTLPE go to C:\QooBox\ check if there is a file named ComboFix-quarantined-files.txt

if it exists post its contents
  • 0

#18
elmayimbe
Posted 04 July 2011 - 04:28 PM

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No the file doesn't exist.
  • 0

#19
ali.B
Posted 04 July 2011 - 04:32 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

do you have your windows installation disk?
  • 0

#20
elmayimbe
Posted 04 July 2011 - 04:35 PM

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I do have an xp pro edition installation disk and not the windows media edition one like on the notebook.
  • 0

#21
elmayimbe
Posted 04 July 2011 - 06:12 PM

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Now I do. Do I need to use the recovery console?

Please advise next steps...
  • 0

#22
ali.B
Posted 05 July 2011 - 03:11 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Boot from the CD again to the Reatogo desktop.

There should be a MBRFix.exe icon present.

Double click MBRFix.

A command prompt will be presented. Type the following commands and press Enter after each line:

C:
cd C:\
MbrFix /drive 0 fixmbr
Exit

Reboot and see if you can get into normal mode.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP