Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help to "system check" virus


  • Please log in to reply

#16
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok that's good to see. Can you now run a Chkdsk for me please. Follow the instructions here to run a Chkdsk. You won't be using the Windows CD, you'll need to use the Recovery Console disc you created previously, but the instructions are the same. Once you have ran the Chkdsk, let me know if the PC boots or whether the error messages have changed.

Could you also let me know what instructions you followed previously when you copied the hal.dll file onto your PC from the CD please.
  • 0

Advertisements


#17
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I tried CHKDSK, it took almost an hour, however when i restart the computer, the error message is still the same, NTLDR is missing.
I use "expand" function to copy hal.dll file.

Thanks

bo
  • 0

#18
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok lets now move onto another method of finding out what may be the problem. Hopefully you have access to a USB memory stick. If you do, please follow the instructions below. If you don't have access to one, let me know.


Please print these instructions out so that you know what you are doing. You will require a blank CD and a USB stick for this process. Please do the following on an uninfected clean PC...
  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive.
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Once it has burnt to the CD, Save the attached file below, to a USB stick.
    Attached File  scan.txt   73bytes   31 downloads
  • Insert the USB stick with the attached Scan.txt, into the non bootable PC, before booting from the CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop the attached scan.txt which is on the USB stick, into the Custom scans and fixes box. (You can access the USB drive's contents by double clicking on the 'My Computer' icon which is on the desktop)
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#19
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey,

I am stuck at step 15, the text file can't be droped into custom scan/fix box,this box is at the bottom of the windows?


bo
  • 0

#20
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey,
what I did is to copy the content of scan file to scan/fix box and run the scan. the following is the text file.

OTL logfile created on: 1/3/2012 3:13:23 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

959.00 Mb Total Physical Memory | 735.00 Mb Available Physical Memory | 77.00% Memory free
858.00 Mb Paging File | 760.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.62 Gb Total Space | 30.92 Gb Free Space | 29.55% Space Free | Partition Type: NTFS
Drive D: | 953.23 Mb Total Space | 334.22 Mb Free Space | 35.06% Space Free | Partition Type: FAT
Drive E: | 7.17 Gb Total Space | 5.08 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [On_Demand] -- -- (TlntSvr)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Disabled] -- -- (SSDPSRV)
SRV - File not found [Disabled] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (EapHost)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2009/02/11 18:12:38 | 000,167,936 | ---- | M] () [Auto] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WSTCODEC)
DRV - File not found [Kernel | System] -- -- (WmiAcpi)
DRV - File not found [Kernel | Auto] -- -- (WLNdis50)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (winachsf)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbscan)
DRV - File not found [Kernel | On_Demand] -- -- (usbohci)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (usbaudio) USB Audio Driver (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | System] -- -- (SYMTDI)
DRV - File not found [Kernel | On_Demand] -- -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (streamip)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (SPC230NC)
DRV - File not found [Kernel | On_Demand] -- -- (SLIP)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | Auto] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | On_Demand] -- -- (RTL8187B)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | On_Demand] -- -- (PAEAFLT.sys)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (nvsmu)
DRV - File not found [Kernel | On_Demand] -- -- (nvnetbus)
DRV - File not found [Kernel | On_Demand] -- -- (NVENETFD)
DRV - File not found [Kernel | Boot] -- -- (nvatabus)
DRV - File not found [Kernel | Boot] -- -- (nvata)
DRV - File not found [Kernel | On_Demand] -- -- (nv)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (NdisIP)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [Kernel | On_Demand] -- -- (NABTSFEC)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (MSTEE)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | Auto] -- -- (mdmxsdk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (Ip6Fw)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HSFHWAZL)
DRV - File not found [Kernel | On_Demand] -- -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand] -- -- (HidUsb)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (HdAudAddService)
DRV - File not found [Kernel | On_Demand] -- -- (HBtnKey)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Kernel | System] -- -- (FsVga)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | System] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | System] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | Boot] -- -- (Compbatt)
DRV - File not found [Kernel | On_Demand] -- -- (CmBatt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (CCDECODE)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (BCM43XX)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | Auto] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPIEC)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - [2011/11/15 11:38:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111230.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/15 11:38:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 11:38:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111230.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/10 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\bo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1483: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 12:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 18:42:00 | 000,000,000 | ---D | M]

[2011/12/31 16:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/28 18:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/08 18:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/09/01 05:07:10 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/21 07:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2011/03/07 16:01:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/07 16:01:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/07 16:01:09 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/07 16:01:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (迅雷流媒体探测IE支持) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (QQToolbar) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (Tencent)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (QQToolbar) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (Tencent)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avPYOWQgOag.exe] File not found
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\bobo\Application Data\dplaysvr.exe ()
O4 - HKLM..\Run: [gfhYdHclcK.exe] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] File not found
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [NvMediaCenter] File not found
O4 - HKLM..\Run: [PHIME2002A] File not found
O4 - HKLM..\Run: [PHIME2002ASync] File not found
O4 - HKU\bo_ON_C..\RunOnce: [FlashPlayerUpdate] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bobo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - File not found
O9 - Extra 'Tools' menuitem : 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/23 09:45:30 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 14:59:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/01/02 04:46:30 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2012/01/01 23:25:53 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/12/31 13:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2011/12/23 19:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\McAfee
[2011/12/18 12:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobo\Local Settings\Application Data\Symantec
[2011/12/18 11:44:53 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/12/13 22:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Baofeng
[2011/12/13 22:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baofeng
[2011/12/12 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobo\Local Settings\Application Data\Tencent
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 05:43:40 | 000,000,579 | RHS- | M] () -- C:\boot.ini
[2012/01/01 23:26:31 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/01/01 19:53:53 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\bobo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 17:34:31 | 000,000,428 | RHS- | M] () -- C:\Documents and Settings\bo\ntuser.pol
[2011/12/31 18:54:18 | 000,016,418 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\458v73p75ekmqk3f8msv2l
[2011/12/31 18:54:17 | 000,016,418 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\458v73p75ekmqk3f8msv2l
[2011/12/30 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
[2011/12/30 23:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Live
[2011/12/30 23:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Symantec Client Security
[2011/12/30 23:29:38 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2011/12/30 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox
[2011/12/30 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2011/12/30 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2011/12/30 23:29:25 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
[2011/12/30 23:29:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
[2011/12/30 23:29:10 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
[2011/12/30 18:41:31 | 1073,741,824 | -H-- | M] () -- C:\ppsds.pgf
[2011/12/24 18:09:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 23:26:17 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/01/01 19:53:22 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\bobo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 17:34:31 | 000,000,428 | RHS- | C] () -- C:\Documents and Settings\bo\ntuser.pol
[2011/12/31 16:51:34 | 000,016,418 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\458v73p75ekmqk3f8msv2l
[2011/12/31 16:51:34 | 000,016,418 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\458v73p75ekmqk3f8msv2l
[2011/12/24 18:09:16 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\bo\Start Menu\Programs\Internet Explorer.lnk
[2011/12/24 18:09:03 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\bo\Start Menu\Programs\Windows Media Player.lnk
[2011/12/24 18:08:52 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\bo\Start Menu\Programs\Outlook Express.lnk
[2011/01/21 21:48:17 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\bo\Application Data\coreavc.ini
[2009/01/09 21:20:19 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\bo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/03/20 17:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\Aelita
[2009/01/24 21:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\CCTV
[2011/04/30 20:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\DAEMON Tools Pro
[2010/12/08 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\DriverCure
[2009/01/15 22:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\MSNInstaller
[2010/12/08 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\ParetoLogic
[2009/08/09 08:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\PPLiveVA
[2011/10/11 10:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\PPStream
[2009/01/24 00:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\QQ
[2009/05/25 12:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\QQMusicUpdate
[2009/01/24 17:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\QQUpdate
[2009/10/04 20:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\Tencent
[2009/05/06 22:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\TOMXPP
[2011/12/13 22:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baofeng
[2011/04/30 20:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
[2011/06/10 18:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OviInstallerCache
[2010/12/08 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2011/12/13 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Persist
[2010/02/14 11:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
[2010/02/07 18:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLiveVA
[2011/12/13 22:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Storm
[2011/12/31 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/10/06 11:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\youku

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: BOOT.INI >
[2012/01/02 05:43:40 | 000,000,579 | RHS- | M] () MD5=99F7AD9AF94238E83CB06EB8A9FFCDFF -- C:\boot.ini

< MD5 for: HAL.DLL >
[2004/08/03 17:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\system32\hal.dll

< MD5 for: NTDETECT.COM >
[2004/08/03 22:38:34 | 000,047,564 | -H-- | M] () MD5=B2DE3452DE03674C6CEC68B8C8CE7C78 -- C:\cmdcons\NTDETECT.COM
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () MD5=B2DE3452DE03674C6CEC68B8C8CE7C78 -- C:\NTDETECT.COM

< MD5 for: NTLDR >
[2009/04/20 08:02:04 | 000,250,048 | RHS- | M] () MD5=C1B29B4E6EEA9510610DB2EC4D6DB160 -- C:\ntldr

========== Files - Unicode (All) ==========
[2011/12/30 23:29:45 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\????5) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\暴风影音5
[2011/12/13 22:34:44 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\????5) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\暴风影音5
[2011/05/05 14:17:09 | 000,000,742 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS??.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2011/01/09 11:20:17 | 000,000,672 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2010/05/05 21:19:17 | 000,000,741 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\???????2.0.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\个人数字图书馆2.0.lnk
[2010/05/05 21:19:17 | 000,000,741 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\???????2.0.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\个人数字图书馆2.0.lnk
[2010/04/18 18:43:59 | 000,000,742 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS??.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2009/03/13 19:44:23 | 000,000,672 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive ????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive 网络电视.lnk
[2009/03/13 19:44:23 | 000,000,672 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive ????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive 网络电视.lnk
[2009/03/12 20:19:00 | 000,000,672 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#21
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Well done on getting the log sorted :)


What we'll try now is removing a few items that were found within the OTL log, then we will try rebuilding the boot.ini file just incase it's this that's causing the boot problem. NTLDR itself is not missing on your PC.


1)
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
Attached File  Fix.txt   781bytes   36 downloads

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC once it has finished



2)
Rebuild the boot.ini file using Recovery Console

  • Insert the Recovery Console CD into the computer
  • Reboot the computer with the CD and press any key when prompted to press any key to boot from the CD
  • Once in the Microsoft Setup menu press R to open the recovery console
  • Select the operating system you wish to use; if you only have Windows XP on the computer you will only have one prompt
  • Once prompted for the password enter the Admin password and press enter (usually blank)
  • Once at the command prompt type bootcfg /rebuild to start the rebuild process
  • The rebuild process will step you through a number of steps depending upon how many operating systems you have on the computer and how the computer is setup. Below is a listing of the common steps you are likely going to encounter
  • Prompt for the identified versions of Windows installed. When you receive this prompt press Y and press Enter if the bootcfg command properly identified each of the Windows operating systems installed on the computer.
  • Prompt to enter the load identifier. This is the name of the operating system for the boot.ini. Type Microsoft Windows XP Professional edition and press Enter
  • Prompt to Enter OS load options. When this prompt is received type /fastdetect and then press Enter to automatically detect the available options

Once you have completed all the available options in the rebuild and are back at the prompt type exit and press Enter to reboot the computer



Let me know whether the PC now boots normally, or if any error messages have changed.
  • 0

#22
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I did as requied, howerver error message is still "NTLDR IS MISSING".


bo
  • 0

#23
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok. If you could just bear with me whilst I look into this issue some more. I may need to consult with the Tech staff here who may have some other suggestions for you. Thanks.
  • 0

#24
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sure,

Thank you so much.

bo
  • 0

#25
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for waiting, I've been given some good suggestions by other members of staff here who know more on this type of issue than I do. Lets start by performing the following scan with the OTLPE disc you created not long ago. If you could get back to me like you did before, with the log that it produces please. We're doing this scan to see what files are actually missing and whether there are any copies, as you do appear to be missing some important system files.



  • Save the attached file below, to a USB stick.
    Attached File  Scan.txt   200bytes   30 downloads
  • Insert the USB stick with the attached Scan.txt, into the PC before booting from the CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop the attached scan.txt which is on the USB stick, into the Custom scans and fixes box. (You can access the USB drive's contents by double clicking on the 'My Computer' icon which is on the desktop)
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

Advertisements


#26
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL logfile created on: 1/3/2012 6:12:11 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

959.00 Mb Total Physical Memory | 746.00 Mb Available Physical Memory | 78.00% Memory free
858.00 Mb Paging File | 769.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.62 Gb Total Space | 30.92 Gb Free Space | 29.55% Space Free | Partition Type: NTFS
Drive D: | 953.23 Mb Total Space | 334.17 Mb Free Space | 35.06% Space Free | Partition Type: FAT
Drive E: | 7.17 Gb Total Space | 5.08 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [On_Demand] -- -- (TlntSvr)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Disabled] -- -- (SSDPSRV)
SRV - File not found [Disabled] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (EapHost)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2009/02/11 18:12:38 | 000,167,936 | ---- | M] () [Auto] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WSTCODEC)
DRV - File not found [Kernel | System] -- -- (WmiAcpi)
DRV - File not found [Kernel | Auto] -- -- (WLNdis50)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (winachsf)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbscan)
DRV - File not found [Kernel | On_Demand] -- -- (usbohci)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (usbaudio) USB Audio Driver (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | System] -- -- (SYMTDI)
DRV - File not found [Kernel | On_Demand] -- -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (streamip)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (SPC230NC)
DRV - File not found [Kernel | On_Demand] -- -- (SLIP)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | Auto] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | On_Demand] -- -- (RTL8187B)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | On_Demand] -- -- (PAEAFLT.sys)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (nvsmu)
DRV - File not found [Kernel | On_Demand] -- -- (nvnetbus)
DRV - File not found [Kernel | On_Demand] -- -- (NVENETFD)
DRV - File not found [Kernel | Boot] -- -- (nvatabus)
DRV - File not found [Kernel | Boot] -- -- (nvata)
DRV - File not found [Kernel | On_Demand] -- -- (nv)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (NdisIP)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [Kernel | On_Demand] -- -- (NABTSFEC)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (MSTEE)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | Auto] -- -- (mdmxsdk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (Ip6Fw)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HSFHWAZL)
DRV - File not found [Kernel | On_Demand] -- -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand] -- -- (HidUsb)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (HdAudAddService)
DRV - File not found [Kernel | On_Demand] -- -- (HBtnKey)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Kernel | System] -- -- (FsVga)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | System] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | System] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | Boot] -- -- (Compbatt)
DRV - File not found [Kernel | On_Demand] -- -- (CmBatt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (CCDECODE)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (BCM43XX)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | Auto] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPIEC)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - [2011/11/15 11:38:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111230.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/15 11:38:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 11:38:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111230.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/10 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\bo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1483: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 12:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 18:42:00 | 000,000,000 | ---D | M]

[2011/12/31 16:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/28 18:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/08 18:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/09/01 05:07:10 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/21 07:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2011/03/07 16:01:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/07 16:01:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/07 16:01:09 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/07 16:01:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (迅雷流媒体探测IE支持) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (QQToolbar) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (Tencent)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (QQToolbar) - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll (Tencent)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avPYOWQgOag.exe] File not found
O4 - HKLM..\Run: [dplaysvr] File not found
O4 - HKLM..\Run: [gfhYdHclcK.exe] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] File not found
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [NvMediaCenter] File not found
O4 - HKLM..\Run: [PHIME2002A] File not found
O4 - HKLM..\Run: [PHIME2002ASync] File not found
O4 - HKU\bo_ON_C..\RunOnce: [FlashPlayerUpdate] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bobo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - File not found
O9 - Extra 'Tools' menuitem : 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/23 09:45:30 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 17:28:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/03 14:59:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/01/02 04:46:30 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2012/01/01 23:25:53 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/12/31 13:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2011/12/23 19:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\McAfee
[2011/12/18 12:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobo\Local Settings\Application Data\Symantec
[2011/12/18 11:44:53 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/12/13 22:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Baofeng
[2011/12/13 22:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baofeng
[2011/12/12 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bobo\Local Settings\Application Data\Tencent
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/03 12:46:22 | 000,000,680 | RHS- | M] () -- C:\boot.ini
[2012/01/01 23:26:31 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/01/01 19:53:53 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\bobo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 17:34:31 | 000,000,428 | RHS- | M] () -- C:\Documents and Settings\bo\ntuser.pol
[2011/12/30 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
[2011/12/30 23:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Live
[2011/12/30 23:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Symantec Client Security
[2011/12/30 23:29:38 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2011/12/30 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox
[2011/12/30 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
[2011/12/30 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
[2011/12/30 23:29:25 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
[2011/12/30 23:29:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
[2011/12/30 23:29:10 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
[2011/12/30 18:41:31 | 1073,741,824 | -H-- | M] () -- C:\ppsds.pgf
[2011/12/24 18:09:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 23:26:17 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/01/01 19:53:22 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\bobo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 17:34:31 | 000,000,428 | RHS- | C] () -- C:\Documents and Settings\bo\ntuser.pol
[2011/12/24 18:09:16 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\bo\Start Menu\Programs\Internet Explorer.lnk
[2011/12/24 18:09:03 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\bo\Start Menu\Programs\Windows Media Player.lnk
[2011/12/24 18:08:52 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\bo\Start Menu\Programs\Outlook Express.lnk
[2011/01/21 21:48:17 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\bo\Application Data\coreavc.ini
[2009/01/09 21:20:19 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\bo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/03/20 17:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\Aelita
[2009/01/24 21:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\CCTV
[2011/04/30 20:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\DAEMON Tools Pro
[2010/12/08 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\DriverCure
[2009/01/15 22:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\MSNInstaller
[2010/12/08 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\ParetoLogic
[2009/08/09 08:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\PPLiveVA
[2011/10/11 10:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\PPStream
[2009/01/24 00:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\QQ
[2009/05/25 12:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\QQMusicUpdate
[2009/01/24 17:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\QQUpdate
[2009/10/04 20:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\Tencent
[2009/05/06 22:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bo\Application Data\TOMXPP
[2011/12/13 22:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baofeng
[2011/04/30 20:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
[2011/06/10 18:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OviInstallerCache
[2010/12/08 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2011/12/13 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Persist
[2010/02/14 11:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLive
[2010/02/07 18:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PPLiveVA
[2011/12/13 22:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Storm
[2011/12/31 19:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: KSECDD.SYS >
[2004/08/03 22:59:48 | 000,092,032 | -H-- | M] (Microsoft Corporation) MD5=EB7FFE87FD367EA8FCA0506F74A87FBB -- C:\cmdcons\KSECDD.SYS

========== Files - Unicode (All) ==========
[2011/12/30 23:29:45 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\????5) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\暴风影音5
[2011/12/13 22:34:44 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\????5) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\暴风影音5
[2011/05/05 14:17:09 | 000,000,742 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS??.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2011/01/09 11:20:17 | 000,000,672 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2010/05/05 21:19:17 | 000,000,741 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\???????2.0.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\个人数字图书馆2.0.lnk
[2010/05/05 21:19:17 | 000,000,741 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\???????2.0.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\个人数字图书馆2.0.lnk
[2010/04/18 18:43:59 | 000,000,742 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS??.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2009/03/13 19:44:23 | 000,000,672 | ---- | M] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive ????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive 网络电视.lnk
[2009/03/13 19:44:23 | 000,000,672 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive ????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\PPLive 网络电视.lnk
[2009/03/12 20:19:00 | 000,000,672 | ---- | C] ()(C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\bo\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#27
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
This is worse than expected to be honest with you :(
You appear to be missing a great number of Windows system files. The only way of resolving this is to do a Full Windows Reinstall. I'd be happy to guide you through this process if you would like me to. It does mean that whatever is on the Hard Drive will be removed, then a fresh new installation of Windows is put on. If you would like me to guide you through this, just get back to me with the following information:


  • Previously you mentioned the PC was a Compaq Presario F500. Could you let me know which version of the F500 it is please. It should say this on a sticker on the back of the PC. For example F500EA, F502EA, F550EN etc.
  • Do you have any Compaq Recovery CD's?
  • Do you have any data like Pictures, Music, Documents etc that need keeping, as reinstalling Windows will remove all data that is currently present on your Hard Drive

  • 0

#28
brandenqi

brandenqi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

This is worse than expected to be honest with you :(
You appear to be missing a great number of Windows system files. The only way of resolving this is to do a Full Windows Reinstall. I'd be happy to guide you through this process if you would like me to. It does mean that whatever is on the Hard Drive will be removed, then a fresh new installation of Windows is put on. If you would like me to guide you through this, just get back to me with the following information:


  • Previously you mentioned the PC was a Compaq Presario F500. Could you let me know which version of the F500 it is please. It should say this on a sticker on the back of the PC. For example F500EA, F502EA, F550EN etc.
    I check the sticker on the back, it is F500 without any more information. however service tag is F565ca. This laptop is already 4 years. maybe is time to get a new one. So, let's just try, if not, I will copy the data and move on.
  • Do you have any Compaq Recovery CD's?
    I don't have a recovery CD, when I bought it, it is running with Vista. the reaction is unbearble,then I asked a friend to switch to XP.
  • Do you have any data like Pictures, Music, Documents etc that need keeping, as reinstalling Windows will remove all data that is currently present on your Hard Drive
    I will backup my data with CD before I move to next step.

    Thank you so much.


  • 0

#29
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the info. I've had a look on Hp/Compaq's website and found the following relating to Recovery:

"If the original operating system is changed to a non-Vista OS, the Recovery Manager cannot be launched from either the desktop or by pressing the f11 key on startup. You can use the recovery disc to restore the computer to the original operating condition in Vista. If using an non-Vista OS, you can use a third-party partition manager program to reclaim the hard drive space."


This is basically saying that without Recovery CD's it can't be put back to factory settings which installs Vista. I can't blame you in the first place switching back to XP though, a lot of machines run terribly with Vista installed. The other way is to get your friend to install XP for you again.

Once you've decided what to do, just let me know. If you need me to, I can dig out the link needed to order Recovery discs for your model if you wish me to.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP