Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP wont boot. Hit by nasty smitfraud trojan. Logs included. Pls Help&#


  • Please log in to reply

#16
elmayimbe

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Still boots into blackness

OTL logfile created on: 7/4/2011 5:14:02 PM - Run
OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 57.77 Gb Free Space | 62.01% Space Free | Partition Type: NTFS
Drive D: | 7.46 Gb Total Space | 7.39 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
Drive X: | 284.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet009

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2009/07/21 18:53:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Auto] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/11 00:07:24 | 000,002,560 | ---- | M] () [Auto] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/11/23 11:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (VIAAGPP)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- -- (rt2870)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (PCASp50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (InCDRm)
DRV - File not found [Kernel | System] -- -- (InCDPass)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/09/02 20:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2009/11/01 13:59:22 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/06/30 14:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/10/18 20:48:32 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/09 02:14:59 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/01/18 05:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/09/05 16:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/03/28 10:59:38 | 000,166,912 | ---- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/12 15:27:00 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/19 08:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 20:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/19 06:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 06:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 06:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/05 19:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 20:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 20:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 20:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/16 21:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 216.155.165.50:80

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\hector_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]
IE - HKU\hector_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\hector_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A8 F5 5E 06 4E 57 8C 40 84 73 42 8E 14 DA 9C DF [binary data]


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.80

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/04 16:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 13:36:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 00:12:09 | 000,000,000 | ---D | M]

[2008/06/18 22:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/04 17:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwwqjqn2.default\extensions
[2011/06/04 00:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 22:48:49 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{79671095-325a-9e89-21f7-be72c6fad117}
[2011/01/12 10:38:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2011/06/28 13:36:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/12 10:37:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/04 16:00:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O3 - HKU\hector_ON_C\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll (Broadgun Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\hector_ON_C..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\hector_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\hector_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\hector_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1160596943484 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1165946204859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/03 03:20:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 17:11:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/07/04 17:11:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2011/07/04 17:04:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/04 17:03:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/04 17:03:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/04 17:03:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/04 17:03:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/04 17:03:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/04 17:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/04 17:02:08 | 004,130,890 | R--- | C] (Swearware) -- C:\Documents and Settings\hector\Desktop\ComboFix.exe
[2011/07/04 16:56:16 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 16:56:16 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/04 16:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/04 16:56:15 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 16:56:15 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 16:56:15 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 16:56:14 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 16:56:14 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 16:56:14 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 16:56:01 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 16:56:00 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/04 16:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/04 16:10:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\hector\Recent
[2011/07/04 16:00:24 | 002,233,856 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/07/04 16:00:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/03 15:13:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\hector\Desktop\spybotsd162.exe
[2011/07/03 15:11:10 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hector\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 03:26:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/07/03 03:18:24 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/03 03:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/03 03:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/07/03 02:28:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/02 19:58:08 | 000,000,000 | ---D | C] -- C:\old_os
[2011/06/27 00:39:10 | 000,000,000 | ---D | C] -- C:\38436b589340202a70
[2011/06/24 22:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hector\Desktop\reswayinfopacket
[2011/06/14 17:20:09 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[1 C:\Documents and Settings\hector\*.tmp files -> C:\Documents and Settings\hector\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 19:02:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 19:02:00 | 2078,912,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 17:04:56 | 000,000,353 | RHS- | M] () -- C:\boot.ini
[2011/07/04 17:00:58 | 004,130,890 | R--- | M] (Swearware) -- C:\Documents and Settings\hector\Desktop\ComboFix.exe
[2011/07/04 16:56:16 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 16:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/04 16:56:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/04 16:46:51 | 000,000,865 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/07/04 16:46:35 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/04 16:42:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/04 16:42:32 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\hector\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/04 16:25:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 16:00:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/04 13:56:45 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/07/03 15:12:53 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\hector\Desktop\spybotsd162.exe
[2011/07/03 03:20:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/03 03:20:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/03 02:05:20 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Shortcut to Downloads.lnk
[2011/07/02 19:46:04 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hector\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/02 14:58:34 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\setup_av_free.exe
[2011/07/01 23:33:14 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2420454135-1221145186-2481032034-1005UA.job
[2011/07/01 23:32:42 | 000,000,094 | ---- | M] () -- C:\WINDOWS\System32\1825969678
[2011/07/01 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FXhome
[2011/07/01 14:19:29 | 000,568,289 | ---- | M] () -- C:\Documents and Settings\hector\My Documents\comicon2.jpg
[2011/06/30 21:33:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2420454135-1221145186-2481032034-1005Core.job
[2011/06/29 01:43:51 | 000,103,578 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Chaos in Yemen Creates Opening for Islamist Gangs.pdf
[2011/06/27 18:37:06 | 002,233,856 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 19:51:51 | 000,867,182 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Sway Boutique Nightclub.pdf
[2011/06/23 13:17:22 | 000,132,892 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Comiccon1.jpg
[2011/06/22 21:30:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/22 16:14:29 | 000,237,823 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Awlaki_ The Next Bin Laden_ Newsmakers_ GQ.pdf
[2011/06/22 13:35:30 | 000,055,410 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Sway-blackBG.jpg
[2011/06/16 21:51:31 | 000,136,899 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\CA_06.jpg
[2011/06/15 17:07:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 01:47:59 | 000,028,261 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\zinjibar.MMSW
[2011/06/09 00:53:56 | 000,211,919 | ---- | M] () -- C:\Documents and Settings\hector\Desktop\Magazine - The Atlantic.pdf
[1 C:\Documents and Settings\hector\*.tmp files -> C:\Documents and Settings\hector\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/04 17:04:56 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/07/04 17:04:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/04 17:03:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/04 17:03:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/04 17:03:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/04 17:03:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/04 17:03:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/04 16:56:16 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 16:53:55 | 058,064,040 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\setup_av_free.exe
[2011/07/04 16:16:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/07/03 03:20:08 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/07/03 03:20:08 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/07/01 20:49:24 | 000,000,094 | ---- | C] () -- C:\WINDOWS\System32\1825969678
[2011/07/01 14:19:29 | 000,568,289 | ---- | C] () -- C:\Documents and Settings\hector\My Documents\comicon2.jpg
[2011/06/29 01:43:51 | 000,103,578 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Chaos in Yemen Creates Opening for Islamist Gangs.pdf
[2011/06/24 19:51:51 | 000,867,182 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Sway Boutique Nightclub.pdf
[2011/06/23 13:17:22 | 000,132,892 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Comiccon1.jpg
[2011/06/22 16:14:29 | 000,237,823 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Awlaki_ The Next Bin Laden_ Newsmakers_ GQ.pdf
[2011/06/22 13:35:30 | 000,055,410 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Sway-blackBG.jpg
[2011/06/16 21:51:31 | 000,136,899 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\CA_06.jpg
[2011/06/15 01:47:59 | 000,028,261 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\zinjibar.MMSW
[2011/06/09 00:53:56 | 000,211,919 | ---- | C] () -- C:\Documents and Settings\hector\Desktop\Magazine - The Atlantic.pdf
[2011/03/24 11:04:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/24 17:40:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2010/12/24 17:28:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/24 17:28:48 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2010/04/02 19:46:32 | 000,094,520 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/02 17:29:39 | 000,216,208 | ---- | C] () -- C:\WINDOWS\System32\bgsserv.exe
[2009/12/02 17:29:39 | 000,127,632 | ---- | C] () -- C:\WINDOWS\System32\bgsreses.dll
[2009/12/02 17:29:39 | 000,126,096 | ---- | C] () -- C:\WINDOWS\System32\bgsresfr.dll
[2009/12/02 17:29:39 | 000,119,952 | ---- | C] () -- C:\WINDOWS\System32\bgsresde.dll
[2009/12/02 17:29:39 | 000,118,416 | ---- | C] () -- C:\WINDOWS\System32\bgsresen.dll
[2009/12/02 17:29:39 | 000,062,096 | ---- | C] () -- C:\WINDOWS\System32\bgspmnt.dll
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/17 14:25:56 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/20 17:39:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/04/27 18:42:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2008/11/12 21:00:31 | 000,000,233 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/01 13:55:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/09/12 20:19:49 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/07/31 13:44:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2008/07/24 18:19:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/07/24 18:19:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/07/24 18:19:35 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/07/24 18:19:35 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/07/24 18:19:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/22 18:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 18:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/10 09:23:37 | 000,002,663 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM3.DLL
[2008/05/03 00:04:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/26 12:39:14 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/22 15:20:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\$_hpcst$.hpc
[2007/12/29 03:15:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/12/16 21:39:28 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/12 15:17:43 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/09/26 19:29:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/09/26 19:29:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/08/26 22:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2007/07/24 17:25:27 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/07/06 13:48:17 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/05/11 00:07:26 | 000,000,865 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/05/11 00:07:24 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2007/05/11 00:05:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/04/14 01:22:41 | 000,000,983 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/03/16 15:36:51 | 000,004,366 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2007/02/07 16:07:07 | 000,002,394 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/21 18:45:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\UNINSTCC.EXE
[2007/01/12 15:43:59 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/01/12 13:41:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\hector\default.pls
[2007/01/11 01:59:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/02 15:56:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\hector\Application Data\$_hpcst$.hpc
[2006/10/23 13:17:41 | 000,007,965 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/10/14 20:05:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/12 14:37:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/12 14:21:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/11 15:47:03 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\hector\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/10 06:03:00 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\hector\Local Settings\Application Data\fusioncache.dat
[2006/10/10 06:01:46 | 000,000,136 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
[2006/09/01 05:07:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 05:03:50 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/09/01 05:03:50 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 04:50:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 04:40:18 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/01 04:22:43 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/18 04:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 04:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 04:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 04:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 04:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 04:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 04:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 04:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 04:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,456,500 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,075,898 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 002,479,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4829695F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >
  • 0

Advertisements


#17
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

In the OTLPE go to C:\QooBox\ check if there is a file named ComboFix-quarantined-files.txt

if it exists post its contents
  • 0

#18
elmayimbe

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No the file doesn't exist.
  • 0

#19
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

do you have your windows installation disk?
  • 0

#20
elmayimbe

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I do have an xp pro edition installation disk and not the windows media edition one like on the notebook.
  • 0

#21
elmayimbe

elmayimbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Now I do. Do I need to use the recovery console?

Please advise next steps...
  • 0

#22
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Boot from the CD again to the Reatogo desktop.

There should be a MBRFix.exe icon present.

Double click MBRFix.

A command prompt will be presented. Type the following commands and press Enter after each line:

C:
cd C:\
MbrFix /drive 0 fixmbr
Exit


Reboot and see if you can get into normal mode.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP